Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DNS Sinkhole Scripts Fixes/Update

Published: 2012-01-21
Last Updated: 2012-01-21 22:29:28 UTC
by Guy Bruneau (Version: 1)
4 comment(s)

In October 2011 [1], I released an update for the main parser script used to generate the BIND/PowerDNS configuration files. This release of the script contains some important fixes, including a rewrite of the section that parses the multiple sites into 2 separate lists: site_specific_sinkhole.conf (host web list) and entire_domain_sinkhole.conf (domain wildcard web list). The script contains new lists that were not part of the 7 July 2011 release.

The script contains a fix for parsing and loading records into PowerDNS database where sometimes it would fail indicating that a record was already loaded. It has been fixed in both the and (located in /usr/local/sbin) used in Webmin to load records from the GUI.

A new script, (/root/scripts) has been added to provide a search capability in Webmin (two files copied to /etc/webmin/dns-sinkhole) of the BIND DNS Sinkhole lists to verify if a particular host or domain is listed in the sinkhole.

The script is available on the handler's server here with the MD5 here. You can either untar the tarball in / or move the scripts in the location indicated in this diary.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: DNS Sinkhole
4 comment(s)
Diary Archives