This repository has been archived by the owner on May 23, 2019. It is now read-only.
Bind
- Edit named.conf
$ sudo vim /etc/bind/named.conf
- Add the following
$ include "/var/lib/bind/sink_local.conf";
- Create a sink_local.conf file
$ sudo touch /var/lib/bind/sink_local.conf
- Change permissions on sink_local.conf file to root:bind
$ sudo chown root:bind /var/lib/bind/sink_local.conf
- Run the command "named-checkconf" to make sure you have no errors in your named.conf file.
$ sudo /usr/sbin/named-checkconf
- Create a zone file
$ sudo vim /etc/bind/cif_domain_malware.zone
- Copy the following
$TTL 600
@ IN SOA localhost root (
1 ; serial number
3H ; Refresh
15M ; Retry
1W ; Expire
1D ) ; Min TTL
24H IN NS @
24H IN A 127.0.0.1
* 24H IN A 127.0.0.1
- For '''testing / demonstration''' purposes only, allow any user to write to the
$ sudo chmod 666 /var/lib/bind/sink_local.conf
- Configure the client to export a sinkhole file
$ cif --otype fqdn --tags malware,botnet -c 85 --feed --format bind > /var/lib/bind/sink_local.conf
- Reload configuration file and new zones only
$ sudo /usr/sbin/rndc reconfig
- Run the command "named-checkconf" to make sure you have no errors
$ sudo /usr/sbin/named-checkconf
- Find a domain in sink_local.conf
$ cat /var/lib/bind/sink_local.conf
- Test the domain against the local server using dig
$ dig @localhost hjmnuuyej1152klu.com
; <<>> DiG 9.7.0-P1 <<>> @localhost hjmnuuyej1152klu.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17755
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;hjmnuuyej1152klu.com. IN A
;; ANSWER SECTION:
hjmnuuyej1152klu.com. 86400 IN A 127.0.0.1
;; AUTHORITY SECTION:
hjmnuuyej1152klu.com. 86400 IN NS hjmnuuyej1152klu.com.
;; Query time: 42 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 19 10:55:03 2012
;; MSG SIZE rcvd: 68
