Re: How to wall garden the malicious domain

2018-04-20 Thread Blason R 
Hi there,

What I am looking for is -

You correctly identified I have around 300k+ domain entries and would need
to divert it to IP address 192.168.1.10. One way proabably woud be to
malicious.com  A  192.168.1.10
bad.com  A  192.168.1.10
malware.co.in   A   192.168.1.10

Now instead putting IP address in front of every domain can we have
variable or any other method to be used? like

abc.test.com.  A  192.168.1.10
malicious.com  CNAME abc.test.com.
bad.com  CNAME abc.test.com.
malware.co.in   abc.test.com



On Fri, Apr 20, 2018 at 12:27 AM, Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:

> On 04/18/2018 11:37 PM, Blason R wrote:
>
>> I need to wall garden the malicious Domain request and instead route to
>> that server itself.
>>
>
> I assume that you are saying that you need to 1) filter malicious domains
> and 2) you want requests for them to be resolved to your (DNS?) server.
>
> e.g. my DNS server IP is 192.168.5.47 and would like to wall-garden the
>> request and provide the IP 192.168.5.47 since I have 0.3 million domains
>> specifying IP in front of them would not be a good option.
>>
>
> What do you mean by "specifying IP in front of them would not be a good
> option"?  Are you saying that you don't want to have "$domain A
> 192.168.5.47" entries for all 300k domains?
>
> Without doing anything, BIND will resolve the domains normally.  So you
> will need to do something to each of the domains to cause the RPZ to not
> resolve the domains normally.  This usually means that you will need to
> specify an alternate IP or CNAME for each and every one of them.  I don't
> see a way around this.
>
> Can you please suggest me the way to do that?
>>
>
> Please elaborate on what you are wanting to do and not do.
>
>
>
> --
> Grant. . . .
> unix || die
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Does anyone have BIND 9.11.3 RPM

2018-04-20 Thread Blason R 
Hi Team,

I am looking for BIND rpm 9.11.3 for CentOS 7.4 with pre-compiled. Is
anyone aware of any link where I could download ready made RPM? Since
compiling from source is pretty time consuming.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to wall garden the malicious domain

2018-04-20 Thread Steven Carr 
On 20 April 2018 at 08:57, Blason R  wrote:
> Now instead putting IP address in front of every domain can we have variable
> or any other method to be used? like
>
> abc.test.com.  A  192.168.1.10
> malicious.com  CNAME abc.test.com.
> bad.com  CNAME abc.test.com.
> malware.co.in   abc.test.com

Yes... https://deepthought.isc.org/article/AA-00520/0
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

sanity check: localhost rpz

2018-04-20 Thread Lee 
With a few exceptions, I'd like to block external answers for 127.0.0.0/8

Is the following really how it's supposed to be done?  I can see
having to whitelist the net-snmp.org names, but having to whitelist
zones I'm authoritative for seems a bit weird.

named.conf:
options {
   ...
   response-policy { zone "rpz.zone"  log yes; } break-dnssec yes
recursive-only no;
};
zone "localhost" in { type master; allow-update{none;}; file
"ZONES/master.localhost"; };
zone "home.net" in { type master; allow-update{none;}; file "ZONES/home.net"; };


rpz.zone:
   ...
; return NXDOMAIN for any 127.0.0.0/8 answers
;   exceptions:
onea.net-snmp.org   CNAME   rpz-passthru.
twoa.net-snmp.org   CNAME   rpz-passthru.
localhost   CNAME   rpz-passthru.
localhost.home.net  CNAME   rpz-passthru.
8.0.0.0.127.rpz-ip CNAME   .
;   check:
; localhost   127.0.0.1
; onea.net-snmp.org   127.0.0.1
; twoa.net-snmp.org   127.0.0.2 127.0.0.3
; 7f01.c7f11de3.rbndr.us
;   should alternate between 199.241.29.227 (allowed) and
127.0.0.1 (NXDOMAIN)
;   ref: 
https://bugs.chromium.org/p/project-zero/issues/detail?id=1471&desc=3


Thanks
Lee
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Does anyone have BIND 9.11.3 RPM

2018-04-20 Thread Evan Hunt 
On Fri, Apr 20, 2018 at 01:29:33PM +0530, Blason R wrote:
> I am looking for BIND rpm 9.11.3 for CentOS 7.4 with pre-compiled. Is
> anyone aware of any link where I could download ready made RPM? Since
> compiling from source is pretty time consuming.

As it happens, we've started work on building BIND packages for various
distributions, and while we're still testing the process and haven't
started publishing them yet, I do have an experimental 9.11.2-P1 RPM
that you can try out if you like.

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users