[ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-17 Thread Syaifudin
Hi all, is there regex for bind config or something else to anticipation or block malware where generate random subdomain ( 2 or 3 character )+ random domain ( 7 character ) + random tld. log bind show in picture in this link Malware Generate Random Subdomain, Domain and TLD

Re: [ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-17 Thread Tony Finch
Syaifudin wrote: > is there regex for bind config or something else to anticipation or block > malware where generate random subdomain ( 2 or 3 character )+ random domain > ( 7 character ) + random tld. This is a job for RPZ. I'm currently at UKNOF39 where we have just had a couple of talks abo

intermittent SERVFAIL for high visible domains such as *.google.com

2018-01-17 Thread Brian J. Murrell
I have a BIND (9.9.4)[1] server that runs well most of the time, but periodically it will start returning SERVFAIL for very high-level domains such as *.google.com, *.gstatic.com, *.github.com, etc. It seems to happen most frequently with Google domains, but I wonder if that is just a reflection o

RHEL, Centos, Fedora rpm 9.11.2-P1

2018-01-17 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlnS18UACgkQL6j7milTFsGZfgCbBIUaYjY+AbTUz6X6xHJN4m1M tXgAniEvP2Nd/1IW+PB

Re: [ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-17 Thread Grant Taylor via bind-users
On 01/17/2018 07:57 AM, Tony Finch wrote: I'm currently at UKNOF39 where we have just had a couple of talks about RPZ. One of the speakers talked about algorithmically generated malware domains: if you know the algorithm, you can pre-generate the malicious domains and add them to your RPZ in ad

Re: [ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-17 Thread Daniel Stirnimann
> domains: if you know the algorithm, you can pre-generate the malicious > domains and add them to your RPZ in advance. RPZ by default will not stop the upstream query. You would have to use "qname-wait-recurse yes" in addition if stopping upstream queries is your goal. I believe this malware DGA