It is becoming a fairly common practice to "Black-hole" malware, adware, and malicious domain names by creating Zone File and SOA records to make the local DNS server act as authoritative for those domain names. The SOA record then points these queries such as "x.xerro.net" to 127.0.0.1 or 0.0.0.0. In practice, if you wish to monitor/track this activity you could also point to an internal machine that reponds to the query (single-pixel web server, text file with warning statement, etc).
I am trying to determine if it is possible to create the same condition in the Cisco CNR? Any suggestions on how to set this up? Limitations on number of entries? Thanks in advance for your responses!
hank.schupp _INSERT_AT_SYMBOL_ mantech-ist.com