Re: Running your own DNSchanger proxies

[Mike <ispbuilder () gmail com>]

On 12-07-07 10:13 PM, Jason Duerstock wrote:
> As an intellectual exercise, I think this is interesting and worth the
> effort.  As an actual implementation, I think it's more effective to block
> DNS traffic to the affected subnets. Let the breakage occur, and then let
> the end users get their broken machines fixed rather than let them continue
> hobbling along with this hack in place.
>
> Jason
Agreed, fixing the problem > patching the problem.



Some other ideas -

 * Assuming you're running the nameserver under Linux, an iptables rule
   would remove the need to have all the ip addresses added (iptables
   -I PREROUTING -t nat -d $badblock/24 -s 0.0.0.0/0 -j DNAT --to
   your.local.ip.address)
 * bind should by default accept connections on all interfaces if you
   don't tell it to bind to anything, unless behaviour has changed in
   versions more recent than my last bind experience
 * Having whatever nameserver you use return a single IP address for
   everything you request, which points you to a single web page that
   explains how to fix the problem can be good
 * that single IP address can also run a pop3/imap server that accepts
   any username/password and dumps the user into a read-only mailbox
   with a single message saying "fix your infected PC"