I've been running blackhole dns for a while now. Ever since tigershark brought it to my attention.
It's been working fine and I update it on a daily basis via a batch file. I also append other domains to it as needed.
If I were to ping google using either google.com or www.google.com it works.
Quote:
C:\Documents and Settings\user>ping google.com
Pinging google.com [72.14.207.99] with 32 bytes of data:
Reply from 72.14.207.99: bytes=32 time=52ms TTL=237
Reply from 72.14.207.99: bytes=32 time=31ms TTL=237
Reply from 72.14.207.99: bytes=32 time=29ms TTL=237
Reply from 72.14.207.99: bytes=32 time=32ms TTL=237
Ping statistics for 72.14.207.99:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 52ms, Average = 36ms
If I ping 000info.com and www.000info.com the 000info.com doesn't resolve.Quote:
C:\Documents and Settings\user>ping www.google.com
Pinging www.l.google.com [64.233.161.104] with 32 bytes of data:
Reply from 64.233.161.104: bytes=32 time=22ms TTL=239
Reply from 64.233.161.104: bytes=32 time=18ms TTL=239
Reply from 64.233.161.104: bytes=32 time=18ms TTL=239
Reply from 64.233.161.104: bytes=32 time=17ms TTL=239
Ping statistics for 64.233.161.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 22ms, Average = 18ms
Quote:
C:\Documents and Settings\user>ping 000info.com
Ping request could not find host 000info.com. Please check the name and try again.
Wildcards also work fine... say I ping alksdfjla;skjdflasf.000info.comQuote:
C:\Documents and Settings\user>ping www.000info.com
Pinging www.000info.com [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Don't get me wrong. I'm happy it won't resolve the 000info.com. Just curious as to why.Quote:
C:\Documents and Settings\user>ping alksdfjla;skjdflasf.000info.com
Pinging alksdfjla;skjdflasf.000info.com [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
I originally followed the guide on bleedingsnort.com.
I've doublechecked my config and everything is setup just like it should be.
http://www.bleedingsnort.com/blackhole-dns/#MS
My blockdomains.com.dns file looks like this:
Note: The lines referring to the domain (blockeddomains.com) and nameserver (nameserver.blockeddomains.com) have been replaced with my domain and nameserver in my file.Quote:
;
; Database file blockeddomains.com.dns for blockeddomains.com zone.
; Zone version: 4
;
@ IN SOA nameserver.blockeddomains.com. admin.blockeddomains.com. (
4 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL
;
; Zone NS records
;
@ NS nameserver.blockeddomains.com.
;
; Zone records
;
www A 127.0.0.1
* A 127.0.0.1
A snippet of the boot file would be like this:
On their website, they don't try to ping the hostname without any www or wildcard.Quote:
;
; Boot information written back by DNS server.
;
forwarders x.x.x.x x.x.x.x
cache . cache.dns
primary 000info.com blockeddomains.com.dns
Note: they used a different domain than me.
I know that the google request is being forwared to my ISP's name servers and that the 000info.com lookup is done locally...Quote:
ping www.coolwebsearch.com
ping anyrandomstring.coolwebsearch.com
ping hsdsdshgdhsgd.coolwebsearch.com
nslookup www.coolwebsearch.com
nslookup ihatebrowserhijackers.coolwebsearch.com