ali

Posts Tagged ‘sysadmin’

Set up a DNS blacklist using ISC bind

In Uncategorized on January 19, 2010 at 2:47 pm

Here’s how I created a DNS blacklist using bind 9.3.4. I used 1 and 2 as resources.

Set up the blackhole IP address

I didn’t want to redirect everyone to 127.0.0.1 or some invalid address. I wanted to display some message that the domain in question had been blacklisted.

So, I set up an Apache config file:

NameVirtualHost 192.168.0.20:80
<VirtualHost 192.168.0.20:80>
    ServerName blocked.mydomain.com
    AliasMatch "^/(.*)" "/var/www/blocked/blocked.cgi"
</VirtualHost>
<Directory "/var/www/blocked">
    Options +ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

The CGI file is rather simple. It outputs a message saying that the URL you’re trying to access has been blocked.

Set up bind

At the end of named.conf, I included two files:

// blocked due to local policy
include "/etc/blocked-local.conf";

// wget -O blocked-malware.conf 'http://www.malware.com.br/cgi/submit?action=list_bind'
// sed -i 's,mbl.zone.file,zones/blocked,' blocked-malware.conf
include "/etc/blocked-malware.conf";

Each file has lines of the form:

zone "a.amg777.com" { type master; notify no; file "zones/blocked"; };

The file zones/blocked looks like:

$TTL 600        ; 10 minutes
@                       SOA     server.mydomain.com. root.mydomain.com. (
                                42         ; serial
                                900        ; refresh (15 minutes)
                                60         ; retry (1 minute)
                                604800     ; expire (1 week)
                                43200      ; minimum (12 hours)
                                )
                        NS      server.mydomain.com.
                        MX      1 server.mydomain.com.
$TTL 302400     ; 3 days 12 hours
@               IN      A       192.168.0.20
*               IN      A       192.168.0.20

1. http://isc.sans.org/diary.html?storyid=7930

2. http://fnord.no/sysadmin/dns/dns-blacklisting/

Advertisements