Re: DNS Blocking

[Paul Vixie <paul () vix com>]

i wrote:

> > ... confuse and make errors for whoever queries it:
> >
> >        @          SOA  localhost hostmaster.localhost
> >                   NS   localhost
> >        localhost  A    127.0.0.1
> >        *          MX   0 localhost
> >                   A    127.0.0.1
> >
> > if you put a zone like that in place on a server that's receiving
> > unwanted queries for some zone, they will soon stop, or not.  you
> > win either way -- the queries stop, or you laugh your ass off.

dan answered:

> There weren't rfc1918.

i'm sorry if i mixed too many topics in one post.  it doesn't have to be
rfc1918.  let's say that someone registers a zone, let's call it
nanogtest.vix.com, and points it at your nameservers without your
permission.  in response, let's create a zone file with this content:

---
@          SOA  localhost hostmaster.localhost 42 3600 1800 604800 3600
           NS   localhost
localhost  A    127.0.0.1
*          MX   0 localhost
           A    127.0.0.1
---

note that this content is all-purpose.  it doesn't matter what the real
zone is called.  in bind's named.conf, add something like this:

---
zone "nanogtest.vix.com" {
        type master;
        file "pri/nanogtest.vix.com";
};
---

and you're done.  any query that anyone sends to your server for that zone
will be sent something that will hurt them.  eventually they will realize
that it's hurting them, and they will stop.