0

We have come up with an internally hosted system on server01.mycompany.local for hosting a phishing landing page. (We are auditing our users to see who falls for our simulated phishing attacks, similar to COTS systems like phishme.com).

We are using Microsoft DNS (pulling from OpenDNS). We would like to be able to redirect some specific domain names to go to server01.mycompany.local so that they appear to be hosted externally.

For example

facebook.com -> server01.mycompany.local

mybank.com -> server01.mycompany.local

mycompanynamemispelled.com -> server01.mycompany.local

How can we accomplish this? My understanding is that we need to override the DNS entries from OpenDNS, but I don't know how. Do we need to do Split DNS and create a separate internet zone for each domain to redirect?

mason
  • 179
  • 2
  • 9

1 Answers1

1

If you create a new primary forward lookup zone and name it accordingly, create an A record that points to the IP address of the server. Then any internal traffic looking for that site name should be directed by your internal DNS record rather than grabbing the public DNS record from OpenDNS.

For example, we host our own moodle site internally. We just have a forward lookup zone called something like moodle.school.com and have an A record that points to its internal IP address. Even if they navigate to that site from our externally hosted home page, the name resolves to the internal IP address so it goes over the LAN instead of the internet.

MooseBalm
  • 267
  • 1
  • 4
  • 13
  • Thanks, how would this be different from doing Split DNS and creating multiple zones? – mason Oct 18 '13 at 16:21
  • It is the same concept, but you aren't creating two records for the same site. Split-horizon DNS would be like my moodle example. We have the A record that points to the internal IP address for internal traffic, but external traffic is directed to the external IP so that internal traffic doesn't use our internet bandwidth to access the server. – MooseBalm Oct 18 '13 at 16:28