[Dshield] DNS blackholes

Shawn Cox shawn.cox at pcca.com
Fri Dec 9 22:34:46 GMT 2005


wildcards are your friend.

--Shawn


----- Original Message ----- 
From: "Pete Cap" <peteoutside at yahoo.com>
To: <list at lists.dshield.org>
Sent: Friday, December 09, 2005 4:07 PM
Subject: [Dshield] DNS blackholes


> List,
>
> I had a technical question I hoped someone here could answer.
>
> If you have badguys.org blackholed (say, redirected to 127.0.0.1), and 
> someone on your network sends out a query for that IP, then the DNS server 
> will return 127.0.0.1, right?
>
> Is it still possible for an individual host to send out a request to a 
> specific server (say, dns.otherbadguys.net) for badguys.org, thus 
> bypassing the blackhole?  That is, you're ignoring the local DNS server.
>
> Just wondering!  Thanks!
>
> Regards,
> Pete
>
>
>
> ---------------------------------
> Yahoo! Shopping
> Find Great Deals on Holiday Gifts at Yahoo! Shopping
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 



More information about the list mailing list