-1

I configured Ubuntu Server 18.04 as a master DNS server. zone ==> google.com

;
; BIND data file for local loopback interface
;
$TTL    12h 
@   IN  SOA ns1.google.com. root.google.com. (
                  2     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
@     IN    NS  ns1.google.com.
ns1   IN    A   193.168.10.1
www   IN    A   <fake IP>
mail    IN  A   <fake IP>

I configured client to use this server as a DNS server but when I enter mail.google.com in client's browser I get an SSL ERR. How does browser understand this issue? client's browser is up to date.

Humberto Castellon
  • 849
  • 1
  • 7
  • 17
mohamadreza ch
  • 1
  • 1

1 Answers1

0

The browser comes with a predefined list of trusted certificate authoroties (CA). You need to get a certificate for mail.google.com signed by a trusted CA in order to eliminate SSL error. Of course, you can not get such a certificate unless you prove you own the domain.

Khaled
  • 35,688
  • 8
  • 69
  • 98
  • Or create your own CA certificate, set your browsers, etc. to trust that, and sign your own spoofed certificate. Basically how the "deep packet inspection" stuff works when dealing with HTTPS sites. – ivanivan Dec 30 '18 at 15:49