I have setup a BIND9 server on host so that I can block malicious websites on my network. I have used OZNU's DNS Zone Blacklist tool to generate the desired blacklist. Overall, it works really well. However, I encountered some issues with some legitimate domains, such as www.austrian.com. The DNS will resolve to a 0.0.0.0 ip.
Using dig @localhost www.austrian.com results into the following output:
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> @localhost www.austrian.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23905
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 935fe58262a7e3cfd1aa5d1b5d507537d4ced7fb2768fc25 (good)
;; QUESTION SECTION:
;www.austrian.com. IN A
;; ANSWER SECTION:
www.austrian.com. 61 IN CNAME www.austrian.com.edgekey.net.
www.austrian.com.edgekey.net. 4904 IN CNAME e7818.dsca.akamaiedge.net.
e7818.dsca.akamaiedge.net. 864000 IN A 0.0.0.0
;; AUTHORITY SECTION:
akamaiedge.net. 864000 IN NS ns0.example.net.
;; Query time: 49 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 11 22:06:15 CEST 2019
;; MSG SIZE rcvd: 193
The above output seems to be the null.zone.file file. I have tried whitelisting the domain in the custom.whitelist.json, but without luck. I have other whitelisted domains which do work. Any ideas?
Thanks.
Edit: named.conf.options:
options {
querylog no;
directory "/var/cache/bind";
listen-on { any; };
auth-nxdomain no; # conform to RFC1035
recursion yes; # enables resursive queries
allow-query { any; };
forwarders {
1.1.1.1;
8.8.4.4;
};
dnssec-validation auto;
};
logging {
...
};
