[Dshield] DNS blackholes

David B. Bukowski davebb at weather.cod.edu
Sun Dec 11 17:38:12 GMT 2005

you can do a *.otherbadguys.net with bind.  well at leat in our A/CNAME
records we have the following
*.weather                       IN      CNAME   weather
*.lrc                           IN      CNAME   lrc

this is in the root domain dns record.   cod.edu
some certain software on the LRC server creates its own hostnames
dynamically that just point to itself but uses at as referrers and
proxies.  So That is how we got around that issue on our network here on
campus.  Hopefully this has some bearing on what you are trying to

On Sun, 11 Dec 2005, David Cary Hart wrote:

On Fri, 9 Dec 2005 14:07:24 -0800 (PST)
Pete Cap <peteoutside at yahoo.com> opined:
>  If you have badguys.org blackholed (say, redirected to,
> and someone on your network sends out a query for that IP, then the
> DNS server will return, right? Is it still possible for an
> individual host to send out a request to a specific server (say,
> dns.otherbadguys.net) for badguys.org, thus bypassing the blackhole?
> That is, you're ignoring the local DNS server. Just wondering!
> Thanks! Regards,

I am curious. What is your objective? Are you using Bind or RBLDNSD to
accomplish this?

       Eliminate Spam: http://www.TQMcube.com/spam_trap.php
        Zombie Graphs: http://www.TQMcube.com/zombies.php
          GeoGraphics: http://www.TQMcube.com/origins.php
Using .Net? Need to know more about .Net Security?

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

David B. Bukowski	|email (work):		bukowski at cdnet.cod.edu
Network Analyst III	|email (personal):	davebb at cshschess.org
College of Dupage	|webpage: 	http://www.cshschess.org/davebb/	
Glen Ellyn, Illinois	|pager:			(708) 241-7655 
http://www.cod.edu/	|work phone:		(630) 942-2591

More information about the list mailing list