Hi I need to spoof single domain only not wildcard for example www.google.com and google.com "only" . but with my config client when visit xx.google.com it's respond to 192.168.0.1 ..
my config so far
port=53
cache-size=10000
no-negcache
server=8.8.8.8
server=4.2.2.2
server=8.8.4.4
listen-address=xxx.xxx.xxx.xxx
interface=ens160
#log-queries
all-servers
dns-forward-max=3000
domain-needed
bogus-priv
address=/google.com/192.168.0.1
address=/www.google.com/192.168.0.1
Related
BIND9 have very good function RPZ.
You can create DNS zone (like malware) and add malicious domains in it.
DNS server in response is giving my defined IP address aka DNS Firewall
[zone file]
...
$ORIGIN com.malware.
$TTL 5 ; 5 seconds
example A 127.0.0.1
[request]
$ dig example.com +short
127.0.0.1
[log]
(example.com): rpz QNAME Local-Data rewrite example.com/A/IN via example.com.malware
I wondering, if Windows Server 2019 DNS have the same native functionality?
I read all documentation regarding DNS Policy without any luck
Lets's look at following /etc/resolv.conf at client side:
# Generated by NetworkManager
search reddog.microsoft.com
nameserver 10.7.1.53
An 10.7.1.53 address is address of dnsmasq server. Is it possible to configure dnsmasq in such way that client of dnsmasq add some search domain ? I mean:
# Generated by NetworkManager
search reddog.microsoft.com my.domain.com
nameserver 10.7.1.53
I am trying to run a coredns plugin https://github.com/coredns/demo that returns 1.1.1.1 for 172.0.0.0/8 or 127.0.0.0/8 and 8.8.8.8 for everything else.
I run the binary and try to make a request from dig using dig example.org #localhost -p1053 +short which returns 1.1.1.1 since the request is sent from localhost
Is there anyway I can send a request from dig to coredns that it might look like to the DNS server that it is sent from another IP and it will return 8.8.8.8 instead?
From dig manual:
-b address[#port]
Set the source IP address of the query. The address must be a valid address on one of the host's network interfaces, or "0.0.0.0" or "::". An optional port may be
specified by appending "#<port>"
Otherwise, if the server supports ECS (EDNS Client Subnet) you can use dig option +subnet=addr to give it to the server and see how its reply changes.
I have a website hosted on the following path: mywebsite.com/test with the following DNS
mywebsite.com A 1.2.3.4 (host ip)
host.mywebsite.com A 1.2.3.4 (host ip)
On another domain I'm trying to make a subdomain CNAME redirect to this page using the following:
link.myotherdomain.com CNAME . mywebsite.com/test
However when I access link.myotherdomain.com it shows the host.mywebsite.com instead of mywebsite.com
I'm doing something wrong?
Thanks
CNAME record cannot include path. It only for domin to domain.
This setting will work.
link.myotherdomain.com. CNAME mywebsite.com.
If configured properly, all of mywebsite.com host.mywebsite.com link.myotherdomain.com are resolve to 1.2.3.4, then the following HTTP request is sent to IP address 1.2.3.4.
GET /test HTTP/1.1
Host: link.myotherdomain.com
......(omit)
Now, the most suspiicious element is the Virtual Host setting of webserver.
This is a function of the web server that behaves as if it is a different server according to the Host value in the request header.
To survey about Virtual Host, the following might be the most simple method.
curl -H 'Host:mywebsite.com' http://1.2.3.4/test // this will ok
curl -H 'Host:link.myotherdomain.com' http://1.2.3.4/test // this will not ok if Virtual Host enabled
I'm having a small issue with dnsmsasq on debian-jessie, it seems to forward incoming DNS queries to 2 ports instead of 1.
Background:
Runs on a machine whose LAN IP is 192.168.0.10. Sits behind a home router. The home router is configured to forward DNS traffic to 192.168.0.10. That part works, I do see incoming traffic from the LAN onto this machine.
dnsmasq configuration:
>cat /etc/dnsmasq.conf | grep -v ^# | grep -v ^\s*$
domain-needed
bogus-priv
server=127.0.0.1#5053
cache-size=10000
My resolv.conf tells local processes to send DNS queries to dnsmasq
>cat /etc/resolv.conf
# Generated by resolvconf
nameserver 127.0.0.1
And dnsmasq, if it can't answer from its cache, then forwards incoming DNS traffic to another service running locally and listening on port 5053 via the server=127.0.0.1#5053 config. That service is something I build myself and it does not forward DNS queries to 8.8.8.8
This works but not the way I intended. DNS queries get answered properly. As expected, port 5053 shows traffic and even provides answers (though slower than GoogleDNS)
>tcpdump -l -n -i any '(port 5053) and (port 53)'
13:57:53.817522 IP 127.0.0.1.47207 > 127.0.0.1.53: 7494+ [1au] A? www.example.com. (44) # dnsmasq receives a query from `dig www.example.com` running locally
13:57:53.818609 IP 127.0.0.1.5258 > 127.0.0.1.5053: UDP, length 44 # dnsmasq forwards to local DNS Server listening on 5053
13:57:53.818970 IP 192.168.0.10.5258 > 8.8.8.8.53: 50849+ [1au] A? www.example.com. (44) # dnsmasq forwards to 8.8.8.8 on port 53 (Google DNS)
13:57:53.862170 IP 8.8.8.8.53 > 192.168.0.10.5258: 50849$ 1/0/1 A 93.184.216.34 (60) # dnsmasq receives answer from 8.8.8.8
13:57:53.862559 IP 127.0.0.1.53 > 127.0.0.1.47207: 7494 1/0/1 A 93.184.216.34 (60) # dnsmasq forwards answer to dig running locally
13:57:53.980238 IP 127.0.0.1.5053 > 127.0.0.1.5258: UDP, length 49 # dnsmasq receives answer from local DNS Server
So it appears dnsmasq tee's DNS queries to both
127.0.0.1 on port 5053, and almost immediately after also forwards to
8.8.8.8 on port 53
Why, what's wrong with my dnsmasq configuration, I expected traffic only on port 5053?
And where is that 8.8.8.8 coming from. Yes I know that's Google DNS, but where is dnsmasq or linux getting that IP from and which config file can I edit to change that?
>grep -r 8\.8\.8\.8 /etc/*.conf
returns nothing.