Security Basics mailing list archives
DNS Manipulation
From: "Dan Bogda" <dan.bogda () kintera com>
Date: Thu, 2 Nov 2006 21:24:34 -0800
Guys, I have segmented security zones that need to access the same devices, but via different NAT addresses. I am looking to manipulate the DNS responses from my BIND server and ideally I only want to affect DNS responses that contain the handful of addresses I am NAT'ing. I first started building this out with multiple views within BIND with a script to do conversion from the external to internal view, based on my list of NAT'd IPs, but as time progresses this doesn't seem too scalable. I am also unable to do the conversion on my firewalls due to the placement of the NAT operation. Ideally, I need a solution I can implement on my DNS server and I can control with access-lists or source filtering. I had considered running multiple instances of BIND, bound to separate IPs/Ports, but I would prefer to find a simpler solution if I can. I thought there was an IPTables module I can load to manipulate DNS response data, but I haven't been able to find any reference of it yet. Here's where I need your help: 1. Does a DNS, binary or other module exist for IPTables to manipulate DNS response data? 2. Has anyone done something similar and would like to share their solution? 3. Does anyone have any other suggestions, approaches I haven't considered? Thanks in advance! Dan --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- DNS Manipulation Dan Bogda (Nov 03)
- Re: DNS Manipulation Jason Muskat, GCFA, GCUX, de VE3TSJ (Nov 06)