Re: How to wall garden the malicious domain

2018-04-20 Thread Steven Carr 
On 20 April 2018 at 08:57, Blason R  wrote:
> Now instead putting IP address in front of every domain can we have variable
> or any other method to be used? like
>
> abc.test.com.  A  192.168.1.10
> malicious.com  CNAME abc.test.com.
> bad.com  CNAME abc.test.com.
> malware.co.in   abc.test.com

Yes... https://deepthought.isc.org/article/AA-00520/0
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to wall garden the malicious domain

2018-04-20 Thread Blason R 
Hi there,

What I am looking for is -

You correctly identified I have around 300k+ domain entries and would need
to divert it to IP address 192.168.1.10. One way proabably woud be to
malicious.com  A  192.168.1.10
bad.com  A  192.168.1.10
malware.co.in   A   192.168.1.10

Now instead putting IP address in front of every domain can we have
variable or any other method to be used? like

abc.test.com.  A  192.168.1.10
malicious.com  CNAME abc.test.com.
bad.com  CNAME abc.test.com.
malware.co.in   abc.test.com



On Fri, Apr 20, 2018 at 12:27 AM, Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:

> On 04/18/2018 11:37 PM, Blason R wrote:
>
>> I need to wall garden the malicious Domain request and instead route to
>> that server itself.
>>
>
> I assume that you are saying that you need to 1) filter malicious domains
> and 2) you want requests for them to be resolved to your (DNS?) server.
>
> e.g. my DNS server IP is 192.168.5.47 and would like to wall-garden the
>> request and provide the IP 192.168.5.47 since I have 0.3 million domains
>> specifying IP in front of them would not be a good option.
>>
>
> What do you mean by "specifying IP in front of them would not be a good
> option"?  Are you saying that you don't want to have "$domain A
> 192.168.5.47" entries for all 300k domains?
>
> Without doing anything, BIND will resolve the domains normally.  So you
> will need to do something to each of the domains to cause the RPZ to not
> resolve the domains normally.  This usually means that you will need to
> specify an alternate IP or CNAME for each and every one of them.  I don't
> see a way around this.
>
> Can you please suggest me the way to do that?
>>
>
> Please elaborate on what you are wanting to do and not do.
>
>
>
> --
> Grant. . . .
> unix || die
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to wall garden the malicious domain

2018-04-19 Thread Grant Taylor via bind-users 

On 04/18/2018 11:37 PM, Blason R wrote:
I need to wall garden the malicious Domain request and instead route to 
that server itself.


I assume that you are saying that you need to 1) filter malicious 
domains and 2) you want requests for them to be resolved to your (DNS?) 
server.


e.g. my DNS server IP is 192.168.5.47 and would like to wall-garden the 
request and provide the IP 192.168.5.47 since I have 0.3 million domains 
specifying IP in front of them would not be a good option.


What do you mean by "specifying IP in front of them would not be a good 
option"?  Are you saying that you don't want to have "$domain A 
192.168.5.47" entries for all 300k domains?


Without doing anything, BIND will resolve the domains normally.  So you 
will need to do something to each of the domains to cause the RPZ to not 
resolve the domains normally.  This usually means that you will need to 
specify an alternate IP or CNAME for each and every one of them.  I 
don't see a way around this.



Can you please suggest me the way to do that?


Please elaborate on what you are wanting to do and not do.



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users