[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: blocking new version of kazaa



On Wed, Jul 30, 2003 at 10:06:36PM -0400, Nick Holland wrote:

> Anyway, you  set up  a DNS  resolver for  your network,  but you
> "poison" it with little  tidbits...for example, instead of doing
> a "proper" search to find out what *.kazaa.com is, just tell the
> resolver  to  ask that  program  over  there...which happens  to
> respond "192.168.1.10", "127.0.0.1" or some other address within
> your network for EVERY question it is asked.

Since Nick  is using that unclean  DNS server, I thought  I'd just
chime  in with  how you'd  do  it with  the real  manly man's  DNS
server. I haven't upgraded  to BIND 9 yet, but I  can't imagine it
being *that* different....

Anyway, in your /var/named/named.boot file, add a line like this:

    primary kazaa.com kazaa

(Of  course, you'll  have  to set  up BIND  to  work properly  for
evrything else, too. If  you don't know how, learn  before you try
to do this kind of poisoning.)

Then, /var/named/namedb/kazaa will look like:

    kazaa.com. IN SOA dns.example.com. myemail.example.com. (
        2003073101  ;    serial
        10800       ;    refresh
        3600        ;    retry
        3600000     ;    expire
        86400 )     ;    minimum
        IN     NS    dns.example.com.

    localhost.example.com.    IN    A    127.0.0.1

    kazaa.com.                IN    A    10.0.0.1
    *.kazaa.com.              IN    A    10.0.0.1

You'll  want  to  replace  ``10.0.0.1'' with  the  IP  address  of
where  you'll  send  the  clueless  to. And,  of  course,  replace
``example.com'' with your own domain, etc....

The skillful  will at the  least script  the whole thing,  or take
advantage  of all  sorts of  nifty things  that BIND  can do. This
isn't meant to  be authoritative--rather, it's just  enough to get
you started in the right direction.

Cheers,

b&

--
Ben Goren
 mailto:ben_(_at_)_trumpetpower_(_dot_)_com
 http://www.trumpetpower.com/
 icbm:33o25'37"N_111o57'32"W

[demime 0.98d removed an attachment of type application/pgp-signature]