IPv6 and DNS Sinkhole
In January 2010, I posted a diary on how to configure zone files to setup a DNS sinkhole using IPv4 addresses. This updated diary shows how to add IPv6 support to your zone file to sinkhole both IPv4 and IPv6.
Single Hostname (/var/named/sinkhole/client.nowhere)
 
Wildcard Domain (/var/named/sinkhole/domain.nowhere)
 
Note: If you are not currently using IPv6 in your network, change the example fec0:0:0:bebb::5 to ::1 (localhost) to prevent 6to4, Toredo, etc from leaving the network.
To verify your zone files are correctly configured, you can use nslookup to query a hostname or a domain loaded in your sinkhole.
With Windows 7 (note that it shows both IPv4 and IPv6):
C:>nslookup zz87lhfda88.com
Server:  seeker.someserver.com
Address:  192.168.25.5
Name:    zz87lhfda88.com
Addresses:fec0:0:0:bebb::5 
192.168.25.6
With Linux, you need to specify query AAAA record:
guy@seeker:~$ nslookup -q=aaaa zz87lhfda88.com
Server:         192.168.25.5
Address:        192.168.25.5#53
zz87lhfda88.com has AAAA address fec0:0:0:bebb::5
[1] http://isc.sans.edu/diary.html?storyid=7930
[2] http://www.whitehats.ca/main/members/Seeker/seeker_sinkhole/Seeker_DNS_Sinkhole.html
[3] http://www.whitehats.ca/downloads/sinkhole/sinkhole.iso
[4] http://www.whitehats.ca/downloads/sinkhole/sinkhole64-bit.iso
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Community SANS SEC 503 coming to Ottawa Sep 2011
 
              
Comments