Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco CNR - DNS Black-Hole - by Domain

It is becoming a fairly common practice to "Black-hole" malware, adware, and malicious domain names by creating Zone File and SOA records to make the local DNS server act as authoritative for those domain names. The SOA record then points these queries such as "x.xerro.net" to 127.0.0.1 or 0.0.0.0. In practice, if you wish to monitor/track this activity you could also point to an internal machine that reponds to the query (single-pixel web server, text file with warning statement, etc).

I am trying to determine if it is possible to create the same condition in the Cisco CNR? Any suggestions on how to set this up? Limitations on number of entries? Thanks in advance for your responses!

Hank Schupp

ISOC Manager

Mantech IS&T

hank.schupp _INSERT_AT_SYMBOL_ mantech-ist.com

1 REPLY
Silver

Re: Cisco CNR - DNS Black-Hole - by Domain

Every zone must have a single SOA record.You can use the command nrcmd> zone example.com addRR @ 172800 IN SOA ns

hostmaster 1 10800 3600 604800 86400.Refer URL

http://cisco.com/en/US/products/sw/netmgtsw/ps1982/products_user_guide_chapter09186a00805a5c56.html

283
Views
0
Helpful
1
Replies
CreatePlease login to create content