Re: How can I fake a part of domain?
[...]
Erm, are you *sure* that you want to do this?
Really really sure?
It's probably a bad idea, but
Step 1: Make yourself authoritative for www2, www3 -- in named.conf:
zone www2.example.com {
type master;
file /etc/namedb/www2.example.com;
};
zone www3.example.com {
type master;
file /etc/namedb/www3.example.com;
};
Step 2: Make zone files www2.example.com (and obviously, www3):
$TTL 1h
www2.example.com. IN SOA localhost (
hostmaster.localhost
2010062700
1h
15m
4w
1h )
NS localhost.
A 11.11.11.11
Step 3: Repeat This was a bad idea and I feel dirty...
W
[...]
Just on the ethical side of this to stray away from the technical
discussion if I may; The local telco and backbone ISP in the country I
live in (not mentioning which one) has done this to block YouTube and
Google even due to some ridiculous court ruling in that they offend the
country or some rubbish like that??
Originally it was easy to get around by using a different recursive DNS
resolver and of course having one's own DNS servers directly resolving
the 'hinted root zone' helps tremendously, however most people just used
Google's public DNS servers.
Anyway now they've done a complete ACL block on the system so the IP
addresses even get routed to different destinations or denied altogether!!
Means no more music vids for the nation :-(
Only way round it is a VPN IPsec tunnel into a different Geo location
and re-route the proper IP addresses and domains to a remote gateway.
Regards,
Kaya
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I fake a part of domain?
On Thu, Jun 24, 2010 at 12:38:35AM +0200, Warren Kumari wrote: On Jun 23, 2010, at 11:06 PM, Peter Macko wrote: How can I fake a part of domain? ... Erm, are you *sure* that you want to do this? Really really sure? It's probably a bad idea, but Step 1: Make yourself authoritative for www2, www3 -- in named.conf: ... Step 2: Make zone files www2.example.com (and obviously, www3): ... Step 3: Repeat This was a bad idea and I feel dirty... ... If your recursive resolving name server is different from your authoritative name server - as it should be - then there is a Step 4, which is to insert forward zone declarations for these zones into your recursive resolving name server. Then again, since you're already munging the configuration anyway, you could insert the zone definitions into the resolving name server ... but, nahhh, that really defeats predictability [if I got hit by a truck, could they figure it out?]. -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I fake a part of domain?
On Jun 23, 2010, at 11:06 PM, Peter Macko wrote:
How can I fake a part of domain?
Explanation of what I mean:
- There is example.com domain somewhere on internet (not under my
control) that contains:
www.example.com IP: 1.2.3.4
www2.example.com ...IP: 11.22.33.44
- I have local DNS; and for my local network I fake to have
example.com domain.
- I would like to configure my local DNS (BIND) to:
1. return real IP (1.2.3.4) of www.example.com
2. return fake IP (11.11.11.11) of www2.example.com
3. return IP (99.99.99.99) of www3.example.com that do not really
exists
No 1. have to forward the request to the real example.com DNS,
but No 2. and 3. should fake the result.
Erm, are you *sure* that you want to do this?
Really really sure?
It's probably a bad idea, but
Step 1: Make yourself authoritative for www2, www3 -- in named.conf:
zone www2.example.com {
type master;
file /etc/namedb/www2.example.com;
};
zone www3.example.com {
type master;
file /etc/namedb/www3.example.com;
};
Step 2: Make zone files www2.example.com (and obviously, www3):
$TTL 1h
www2.example.com. IN SOA localhost (
hostmaster.localhost
2010062700
1h
15m
4w
1h )
NS localhost.
A 11.11.11.11
Step 3: Repeat This was a bad idea and I feel dirty...
W
Thank you.
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
Sign up now. ___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I fake a part of domain?
You can fake the whole example.com if you don't mind keeping the real entries (e.g. www.example.com) in synch if they happen to change. Maybe an automated script could look for the changes and apply them to your version of the zone. If you're not up to that, it gets ugly. The only method that comes to mind is to define each of the names (e.g. www2.example.com, www3.example.com) you want to fake as zones by themselves, in your local DNS. Note that this won't even work if what you're trying to fake is a CNAME, since you can't have a CNAME at the apex of a zone. - Kevin On 6/23/2010 5:06 PM, Peter Macko wrote: How can I fake a part of domain? Explanation of what I mean: - There is example.com domain somewhere on internet (not under my control) that contains: www.example.com IP: 1.2.3.4 www2.example.com ... IP: 11.22.33.44 - I have local DNS; and for my local network I fake to have example.com domain. - I would like to configure my local DNS (BIND) to: 1. return real IP (1.2.3.4) of www.example.com 2. return fake IP (11.11.11.11) of www2.example.com 3. return IP (99.99.99.99) of www3.example.com that do not really exists No 1. have to forward the request to the real example.com DNS, but No 2. and 3. should fake the result. Thank you. Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now. https://signup.live.com/signup.aspx?id=60969 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
