This is exactly what we have done in the past to mitigate malware. Just load somebaddomain.com with no A records or with a wildcard pointing to 127.0.0.1. -- -Ben Croswell
On Thu, Dec 11, 2008 at 11:29 AM, Baird, Josh <jba...@follett.com> wrote: > You could just create an authoritative zone for the domain on your > internal view to override recursion. You can then create a wildcard 'A' > record or such to resolve to 127.0.0.1, etc. > > > > Josh > > > > *From:* bind-users-boun...@lists.isc.org [mailto: > bind-users-boun...@lists.isc.org] *On Behalf Of *Casartello, Thomas > *Sent:* Thursday, December 11, 2008 10:25 AM > *To:* 'bind-us...@isc.org' > *Cc:* Childs, Aaron > *Subject:* Question about Records not authoritative for > > > > I was wondering if Bind allows you to override certain records for zones we > are not authoritative for. Essentially we have a virus that some users have > been infected with, and we want to temporarily blockout the domain name of > the server that this virus connects to to send its information out. > (Basically by having this domain name point to 127.0.0.1) I know it is a > protocol violation, but I was just wondering if it is possible to do this > and what would be the best way of going about it. We essentially have two > servers with two views. One view serves our DNS zones to the outside world > (With recursion disabled) and the other performs recursive queries for our > on campus users. Obviously we would only be doing this on our internal view. > > > > Thomas E. Casartello, Jr. > > Staff Assistant - Wireless Technician/Linux Administrator > > Information Technology > > Wilson 105A > > Westfield State College > > (413) 572-8245 > > > > Red Hat Certified Technician (RHCT) > > > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users