[154674] in North American Network Operators' Group
Re: Running your own DNSchanger proxies
daemon@ATHENA.MIT.EDU (Jason Duerstock)
Sat Jul 7 21:14:33 2012
In-Reply-To: <CAD6AjGRiBBS21QL_aea=+GfRfGLAept-iM-Jxj1phpHyy3P_YA@mail.gmail.com>
Date: Sat, 7 Jul 2012 21:13:58 -0400
From: Jason Duerstock <jason.duerstock@gallaudet.edu>
To: Cameron Byrne <cb.list6@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
As an intellectual exercise, I think this is interesting and worth the
effort. As an actual implementation, I think it's more effective to block
DNS traffic to the affected subnets. Let the breakage occur, and then let
the end users get their broken machines fixed rather than let them continue
hobbling along with this hack in place.
Jason
On Sat, Jul 7, 2012 at 8:10 PM, Cameron Byrne <cb.list6@gmail.com> wrote:
> On the other thread i read that some ISP are running their own proxies
> for infected host.
>
> That sounded interesting, so i googled around to find out how to do
> that and i could not find a HOWTO, so imagined up a solution myself,
> tested it in VirtualBox, and wrote it down in case anyone finds it
> useful or has another approach
>
> https://sites.google.com/site/cbyrne/dnschanger
>
> I don't plan to use this solution, but it was interesting to think
> about and may be a good starting point in the unlikely event that some
> VP pushes the panic button on Monday.
>
> CB
>
>
