[Pdns-users] pdns as malware interceptor

Hugo van der Kooij hvdkooij at vanderkooij.org
Wed Feb 10 23:00:32 UTC 2010

Has anyone tested in using pdns as a malware interceptor?

There are large lists of known malware domains. But has someone actually
tested a combined forwarder + authorative server?

The concept is that the server is authorative for malware domains and
will direct you to a honeypot machine (preferably single box with pdns,
honeypot, ....). For all other domains it should be a forwarding DNS.

Given the large amount of malware domains available today on CERT
websites the server will be authorative for perhaps as many as 10^6 or
more domains.

I think it should not be too big a hastle to build a box for this
purpose to catch stray malware on a campus or something like that.


hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

More information about the Pdns-users mailing list