Cisco CNR - DNS Black-Hole - by Domain

Unanswered Question
Mar 1st, 2007

It is becoming a fairly common practice to "Black-hole" malware, adware, and malicious domain names by creating Zone File and SOA records to make the local DNS server act as authoritative for those domain names. The SOA record then points these queries such as "x.xerro.net" to 127.0.0.1 or 0.0.0.0. In practice, if you wish to monitor/track this activity you could also point to an internal machine that reponds to the query (single-pixel web server, text file with warning statement, etc).

I am trying to determine if it is possible to create the same condition in the Cisco CNR? Any suggestions on how to set this up? Limitations on number of entries? Thanks in advance for your responses!

Hank Schupp

ISOC Manager

Mantech IS&T

hank.schupp _INSERT_AT_SYMBOL_ mantech-ist.com

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion