|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DNS Blocking
i wrote:
> > ... confuse and make errors for whoever queries it:
> >
> > @ SOA localhost hostmaster.localhost
> > NS localhost
> > localhost A 127.0.0.1
> > * MX 0 localhost
> > A 127.0.0.1
> >
> > if you put a zone like that in place on a server that's receiving
> > unwanted queries for some zone, they will soon stop, or not. you
> > win either way -- the queries stop, or you laugh your ass off.
dan answered:
> There weren't rfc1918.
i'm sorry if i mixed too many topics in one post. it doesn't have to be
rfc1918. let's say that someone registers a zone, let's call it
nanogtest.vix.com, and points it at your nameservers without your
permission. in response, let's create a zone file with this content:
---
@ SOA localhost hostmaster.localhost 42 3600 1800 604800 3600
NS localhost
localhost A 127.0.0.1
* MX 0 localhost
A 127.0.0.1
---
note that this content is all-purpose. it doesn't matter what the real
zone is called. in bind's named.conf, add something like this:
---
zone "nanogtest.vix.com" {
type master;
file "pri/nanogtest.vix.com";
};
---
and you're done. any query that anyone sends to your server for that zone
will be sent something that will hurt them. eventually they will realize
that it's hurting them, and they will stop.
|