How can I fake a part of domain?
Peter Macko
Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now.
Warren Kumari
On Jun 23, 2010, at 11:06 PM, Peter Macko wrote:
> How can I "fake" a part of domain?
>
> Explanation of what I mean:
>
> - There is example.com domain somewhere on internet (not under my
> control) that contains:
> www.example.com .... IP: 1.2.3.4
> www2.example.com ... IP: 11.22.33.44
>
> - I have local DNS; and for my local network I fake to have
> example.com domain.
>
> - I would like to configure my local DNS (BIND) to:
> 1. return real IP (1.2.3.4) of www.example.com
> 2. return fake IP (11.11.11.11) of www2.example.com
> 3. return IP (99.99.99.99) of www3.example.com that do not really
> exists
>
> No 1. have to forward the request to the real example.com DNS,
> but No 2. and 3. should fake the result.
Erm, are you *sure* that you want to do this?
Really really sure?
It's probably a bad idea, but....
Step 1: Make yourself authoritative for www2, www3 -- in named.conf:
zone "www2.example.com" {
type master;
file "/etc/namedb/www2.example.com";
};
zone "www3.example.com" {
type master;
file "/etc/namedb/www3.example.com";
};
Step 2: Make zone files www2.example.com (and obviously, www3):
$TTL 1h
www2.example.com. IN SOA localhost (
hostmaster.localhost
2010062700
1h
15m
4w
1h )
NS localhost.
A 11.11.11.11
Step 3: Repeat "This was a bad idea and I feel dirty..."
W
>
> Thank you.
>
> Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
> Sign up now. _______________________________________________
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Kevin Darcy
If you're not up to that, it gets ugly. The only method that comes to mind is to define each of the names (e.g. www2.example.com, www3.example.com) you want to fake as zones by themselves, in your local DNS. Note that this won't even work if what you're trying to fake is a CNAME, since you can't have a CNAME at the apex of a zone.
- Kevin
On 6/23/2010 5:06 PM, Peter Macko wrote:
How can I "fake" a part of domain?
Explanation of what I mean:
- There is example.com domain somewhere on internet (not under my control) that contains:www.example.com .... IP: 1.2.3.4
- I have local DNS; and for my local network I fake to have example.com domain.
- I would like to configure my local DNS (BIND) to:1. return real IP (1.2.3.4) of www.example.com2. return fake IP (11.11.11.11) of www2.example.com3. return IP (99.99.99.99) of www3.example.com that do not really exists
No 1. have to forward the request to the real example.com DNS,but No 2. and 3. should fake the result.
Thank you.
Joseph S D Yao
> On Jun 23, 2010, at 11:06 PM, Peter Macko wrote:
> > How can I "fake" a part of domain?
> Erm, are you *sure* that you want to do this?
>
> Really really sure?
> It's probably a bad idea, but....
>
> Step 1: Make yourself authoritative for www2, www3 -- in named.conf:
> Step 3: Repeat "This was a bad idea and I feel dirty..."
If your recursive resolving name server is different from your
authoritative name server - as it should be - then there is a Step 4,
which is to insert "forward" zone declarations for these zones into your
recursive resolving name server.
Then again, since you're already munging the configuration anyway, you
could insert the zone definitions into the resolving name server ...
but, nahhh, that really defeats predictability ["if I got hit by a
truck, could they figure it out?"].
--
/*********************************************************************\
**
** Joe Yao js...@tux.org - Joseph S. D. Yao
**
\*********************************************************************/
Kaya Saman
> Erm, are you *sure* that you want to do this?
>
> Really really sure?
> It's probably a bad idea, but....
>
>
> Step 1: Make yourself authoritative for www2, www3 -- in named.conf:
> type master;
> file "/etc/namedb/www2.example.com";
> };
>
> zone "www3.example.com" {
> type master;
> file "/etc/namedb/www3.example.com";
> };
>
>
> www2.example.com. IN SOA localhost (
> hostmaster.localhost
> 2010062700
> 1h
> 15m
> 4w
> 1h )
>
> NS localhost.
> A 11.11.11.11
>
>
>
>
[...]
Just on the ethical side of this to stray away from the technical
discussion if I may; The local telco and backbone ISP in the country I
live in (not mentioning which one) has done this to block YouTube and
Google even due to some ridiculous court ruling in that they offend the
country or some rubbish like that??
Originally it was easy to get around by using a different recursive DNS
resolver and of course having one's own DNS servers directly resolving
the 'hinted root zone' helps tremendously, however most people just used
Google's public DNS servers.
Anyway now they've done a complete ACL block on the system so the IP
addresses even get routed to different destinations or denied altogether!!
Means no more music vids for the nation :-(
Only way round it is a VPN IPsec tunnel into a different Geo location
and re-route the proper IP addresses and domains to a remote gateway.....
Regards,
Kaya