Has anyone tested in using pdns as a malware interceptor? There are large lists of known malware domains. But has someone actually tested a combined forwarder + authorative server?
The concept is that the server is authorative for malware domains and will direct you to a honeypot machine (preferably single box with pdns, honeypot, ....). For all other domains it should be a forwarding DNS. Given the large amount of malware domains available today on CERT websites the server will be authorative for perhaps as many as 10^6 or more domains. I think it should not be too big a hastle to build a box for this purpose to catch stray malware on a campus or something like that. Hugo. -- [email protected] http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
