[geeks] How to block an entire domain?
Mike Meredith
very at zonky.org
Thu Oct 11 11:57:03 CDT 2007
On Thu, 11 Oct 2007 07:49:57 -0400, Phil Stracchino wrote:
> Geoffrey S. Mendelson wrote:
> > Someone else suggested that I stop DNS lookups for the domain, and
> > I did. However, I'm still interested in finding out how I could
> > traverse a DNS "tree" and get all the IP address that belong to
> > hosts in the domain and subdomains.
> > A general suggestion would be fine, I don't expect to find a ready
> > made program to do it.
>
>
> host -t AXFR undernet.org ?
I doubt if 'host' would do a zone transfer even if undernet.org allowed
zone transfers from anywhere (few places do these days). 'dnswalk'
would do something along the lines of what is required, although it's
more a zone sanity checker; but it also requires zone transfers to work.
Ignoring the insane option of generating every possible fqdn, recording
a hit on any record, and recursing when you hit an NS record, you could
find the netblock for every known undernet.org fqdn (google might help
here), and do a reverse DNS lookup on every IP in the associated
netblocks. I don't know how undernet.org operates, but I suspect given
my (outdated) knowledge of IRC networks it won't work too well.
Incidentally going back to blocking DNS lookups for *.undernet.org, I'd
return 127.0.0.2 for every host ... something in 127/8 is probably
better than 0.0.0.0, and 127.0.0.2 tells people that something
*deliberately* odd is happening.
--
Mike Meredith (http://zonky.org/)
sigmonster: core dumped
More information about the geeks
mailing list