[Dshield] DNS blackholes

Chris Wright dshield at yaps4u.net
Sun Dec 11 19:12:55 GMT 2005


Apologies, but for some reason I am missing the original post(and poster),
so I have replied to this one. 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Brian Dessent
> Sent: Sunday, December 11, 2005 6:09 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] DNS blackholes
> 
> Pete Cap wrote:
> 
> >  I had a technical question I hoped someone here could answer.
> > 
> >  If you have badguys.org blackholed (say, redirected to 
> 127.0.0.1), and someone on your network sends out a query for 
> that IP, then the DNS server will return 127.0.0.1, right?
> > 
> >  Is it still possible for an individual host to send out a 
> request to a specific server (say, dns.otherbadguys.net) for 
> badguys.org, thus bypassing the blackhole?  That is, you're 
> ignoring the local DNS server.
> 

There would be nothing to stop me using a web based DNS resolver to get the
IP address of a site and using that.

So blocking access to DNS such that the lookup of www.somedodgysite.com does
not resolve would not prevent me from finding out via a browser lookup and
getting the IP address of the site directly.  So then I would just enter
http://123.101.101.123/

Your own filter/DNS is rejecting badguys.org, so why would you not block the
IP for dns.otherbadguys.net too?
I'm not sure I follow what you are trying to do ?

Actually, now that I read it, its not related to DNS at all I think, so my
first comments are completely off the mark.

Regards

Chris



More information about the list mailing list