Spoof DNS request from a specific IP address in Bind

Question

Lets say a user block at 192.168.1.0/24 wants to access facebook. I want the BIND Server to reply with a wrong IP address, lets say 172.32.1.1. But when users from the IP address block of 192.168.2.0/24 want to access facebook they will get the real IP address of facebook.

DNS used is BIND9.

I think you want what is referred to as 'split horizon' – Cameron Kerr Jun 01 '15 at 10:13 — Cameron Kerr, Jun 01 '15 at 10:13

user1008764 · Answer 1 · 2015-06-01T10:42:07.943

1

you can implement this by creating views in named.conf

ACL for non facebook users:

acl nonfacebook {
   192.168.1.0/24;
};

and the view linked to your zone file:

view "nonfacebook" {
  match-clients { nonfacebook; };
  zone "facebook.com" IN {
    type master;
    file "<<your zone file>>";
  };

edited Jun 01 '15 at 10:42

answered Jun 01 '15 at 09:45

user1008764

1,176
2
8
12

Pretty close, but rather than creating a `facebook.com` zone I'd recommend [using a RPZ zone instead](http://serverfault.com/questions/618106/set-up-bind9-as-dns-firewall). Stealing authority for the entire zone creates a slew of problems for the user, since you also have to define *all* the records the user might need to access under that domain and all of it subdomains. (odds of successfully creating all the necessary records are close to 0%) – Andrew B Jun 01 '15 at 13:29

Spoof DNS request from a specific IP address in Bind

1 Answers1