[bulug] Re: Making bind authoritative for arbitrary domains

From: "Alex Whittemore" <alexwhittemore@xxxxxxxxx>
To: bulug-list@xxxxxxxxxxxxx
Date: Tue, 9 Dec 2008 13:30:16 -0500

Ok, final update on exactly what happened:

1. Alex Bernson's suggestion of using dnsspoof from dsniff was what i really
needed right from the off, but it's not what I used
2. I set up bind9, just adding google.com to the list of domains for which
it was authoritative - for some reason this wasn't working. Really, I should
have set up the server according to the config that Ryan suggested, but what
I DID instead was to leave my server set up as recursive, but edit the
db.root file to tell it that the only server to ask recursively was itself.
Not elegant or proper, but...
3. In the end, the config I had at the time which I originally emailed
worked fine, but for some magic reason, there was something cached
somewhere, and it didn't work. I revisited the problem just a moment ago,
and lo and behold, nothing changed and it now works exactly as expected.

So thanks for the suggestions everyone! Now i'm slightly DNSmarter!

Ok, that pun was horrible. I'm going to hide in a hole.

Alex Whittemore

On Mon, Dec 8, 2008 at 9:29 PM, Alexcb <alexcb@xxxxxx> wrote:

> Dsniff certainly does have some useful party tricks for making the point to
> clients who don't quite get the importance of network security.
>
> Sometimes I miss being a network/systems consultant.
>
> -Alex
>
> Alex Whittemore wrote:
>
>> Arpspoof, eh? I bet you've got a firefox window open right now displaying
>> exactly what I'm looking at, real time, don't you?
>> Dangeroussssss.
>>
>> On Mon, Dec 8, 2008 at 8:32 PM, Alexcb <alexcb@xxxxxx <mailto:
>> alexcb@xxxxxx>> wrote:
>>
>>    yeah, everything in dsniff is very handy for those quick little
>>    hacks when you don't actually need a full server. And arpspoof is
>>    just so much fun :-)
>>
>>    -Alex
>>
>>    Alex Whittemore wrote:
>>
>>        I wish it was as simple as using /etc/hosts. In fact, simply
>>        modifying /etc/hosts is no different from any of the things
>>        that could be done by employing a false DNS server, but for
>>        the purposes of the project, an actual dns server has to be
>>        involved (or, as Alex Bernson suggests, a DNS forwarder that
>>        spoofs some responses). So in fact, I'll probably try Ryan's
>>        suggestion first, just because the bind server is already set
>>        up and (at least mostly) configured correctly, but failing
>>        that I'll jump ship to Alex's suggestion, which is really what
>>        I needed in the first place (so thanks a bunch, that pretty
>>        much solves the problem :).
>>
>>        Thanks,
>>        Alex
>>
>>        On Mon, Dec 8, 2008 at 8:13 PM, Ryan Mullen <rmullen@xxxxxx
>>        <mailto:rmullen@xxxxxx> <mailto:rmullen@xxxxxx
>>
>>        <mailto:rmullen@xxxxxx>>> wrote:
>>
>>           Alternatively, if you don't even specifically need DNS and just
>>           want to look up by names, the /etc/hosts file should work just
>>           fine - though that's probably way too simplistic.
>>
>>
>>           On Mon, 8 Dec 2008, Alexcb wrote:
>>
>>               If you don't actually need to have a dns server running and
>>               just want to redirect a few domains, the dnsspoof
>>        program from
>>               the dsniff package might be a simpler solution. It
>>        allows you
>>               to redirect whatever domains you set in a simple text
>>        config,
>>               while forwarding all other requests on to a proper DNS
>>        server.
>>                https://calomel.org/dns_spoof.html
>>
>>               Maybe not a great long term solution, but if it's just
>>        for a
>>               quick project/testing, it's way easier than mucking around
>>               with Bind.
>>
>>               -Alex Bernson
>>
>>               Alex Whittemore wrote:
>>
>>                   Hey linux user group! I am working on a project which
>>                   requires me to have a DNS server configured and serving
>>                   bogus information. Let's take the example of google. I
>>                   have my DNS server all set up (in my basement at
>>        home, yay
>>                   basement server farms) and it's perfectly capible of
>>                   handling regular DNS requests for domains whose
>>        proper NS
>>                   records (with whatever root name servers) point to it.
>>                   What I need it to do, however, is also serve
>>        requests for
>>                   example for www.google.com <http://www.google.com>
>>        <http://www.google.com>
>>                   <http://www.google.com>. That is to say, if I tell my
>>                   laptop to use it as a primary DNS server, I need my
>>        laptop
>>                   to draw an A record for www.google.com
>>        <http://www.google.com>
>>                   <http://www.google.com> <http://www.google.com>
>>        from MY
>>
>>                   name server, not query a.root-servers.net
>>        <http://a.root-servers.net>
>>                   <http://a.root-servers.net>
>>        <http://a.root-servers.net>
>>
>>                   for an NS record, then NS1.google.com
>>        <http://NS1.google.com>
>>                   <http://NS1.google.com> <http://NS1.google.com> for
>>        an A
>>
>>                   record. I've configured my dns server to do this, but I
>>                   don't know how to make it authoritative - for some
>>        reason
>>                   it just seems to serve the correct records even when I
>>                   edit its db.root to tell it that a.root-servers.net
>>        <http://a.root-servers.net>
>>                   <http://a.root-servers.net>
>>        <http://a.root-servers.net> is
>>
>>                   the only root level dns server, and that it's ip is the
>>                   name server's itself.
>>
>>                   Any ideas on how to get this rockin'? I can email
>>        config
>>                   files if you like. For general info, the system is a
>>                   ubuntu 8.04 box with bind-chroot installed (bind9)
>>
>>                   Alex
>>
>>
>>               _________
>>               BU LUG: http://lug.bu.edu. To unsubscribe, email
>>               bulug-list-request@xxxxxxxxxxxxx
>>        <mailto:bulug-list-request@xxxxxxxxxxxxx>
>>               <mailto:bulug-list-request@xxxxxxxxxxxxx
>>        <mailto:bulug-list-request@xxxxxxxxxxxxx>> with 'unsubscribe'
>>
>>               in the subject field.
>>
>>           _________
>>           BU LUG: http://lug.bu.edu. To unsubscribe, email
>>           bulug-list-request@xxxxxxxxxxxxx
>>        <mailto:bulug-list-request@xxxxxxxxxxxxx>
>>           <mailto:bulug-list-request@xxxxxxxxxxxxx
>>        <mailto:bulug-list-request@xxxxxxxxxxxxx>> with 'unsubscribe' in
>>           the subject field.
>>
>>
>>
>>    _________
>>    BU LUG: http://lug.bu.edu. To unsubscribe, email
>>    bulug-list-request@xxxxxxxxxxxxx
>>    <mailto:bulug-list-request@xxxxxxxxxxxxx> with 'unsubscribe' in
>>    the subject field.
>>
>>
>>
> _________
> BU LUG: http://lug.bu.edu. To unsubscribe, email
> bulug-list-request@xxxxxxxxxxxxx with 'unsubscribe' in the subject field.
>

References:
- [bulug] Making bind authoritative for arbitrary domains
  - From: Alex Whittemore
- [bulug] Re: Making bind authoritative for arbitrary domains
  - From: Alexcb
- [bulug] Re: Making bind authoritative for arbitrary domains
  - From: Ryan Mullen
- [bulug] Re: Making bind authoritative for arbitrary domains
  - From: Alex Whittemore
- [bulug] Re: Making bind authoritative for arbitrary domains
  - From: Alexcb
- [bulug] Re: Making bind authoritative for arbitrary domains
  - From: Alex Whittemore
- [bulug] Re: Making bind authoritative for arbitrary domains
  - From: Alexcb

[bulug] Re: Making bind authoritative for arbitrary domains

Other related posts: