[Dshield] DNS blackholes
dshield at yaps4u.net
Sun Dec 11 19:12:55 GMT 2005
Apologies, but for some reason I am missing the original post(and poster),
so I have replied to this one.
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Brian Dessent
> Sent: Sunday, December 11, 2005 6:09 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] DNS blackholes
> Pete Cap wrote:
> > I had a technical question I hoped someone here could answer.
> > If you have badguys.org blackholed (say, redirected to
> 127.0.0.1), and someone on your network sends out a query for
> that IP, then the DNS server will return 127.0.0.1, right?
> > Is it still possible for an individual host to send out a
> request to a specific server (say, dns.otherbadguys.net) for
> badguys.org, thus bypassing the blackhole? That is, you're
> ignoring the local DNS server.
There would be nothing to stop me using a web based DNS resolver to get the
IP address of a site and using that.
So blocking access to DNS such that the lookup of www.somedodgysite.com does
not resolve would not prevent me from finding out via a browser lookup and
getting the IP address of the site directly. So then I would just enter
Your own filter/DNS is rejecting badguys.org, so why would you not block the
IP for dns.otherbadguys.net too?
I'm not sure I follow what you are trying to do ?
Actually, now that I read it, its not related to DNS at all I think, so my
first comments are completely off the mark.
More information about the list