Forum Discussion
MW1
Cirrus
CirrusGTM - anyway to add include file command in the bind config?
All,
I was looking in to dual purposing our GTM's to also act as a DNS sinkhole for my company. To do this I want to maintain another file on the GTM's which contain the list of malware domains to blackhole.
This is done by adding the following line to the named.conf :
include "/config/namedb/malwaredomains.zones";
Everything works fine and bind on the GTM's accept the config when manually edited, however if I add this in via the webgui it causes zonerunner to error. If I try to access zonerunner after manually editing the bind (stopping zonerunner, editing manually, checking the config and then reloading bind, and starting zonerunner) I get :
01020005:3: The requested operation is not implemented yet.
The GTM still responds fine to DNS lookups and blackholes the included file domains as expected but the GUI is broken.
Does anyone have any experience of including files in the bind config on a GTM, or any thoughts how I might be able to achieve what I'm after without losing the zonerunner gui as I have some team members that do not like the command line/vi edits?
-----------
Edit - as is always the way I find the fix after posting.
[Global Traffic Manager] Changes in zone files on redundant system configuration are not saved correctly (CR85597)
Occasionally, modifying a zone file on one Global Traffic Manager in a redundant system configuration results in the system displaying the error message: 01020005:3: The requested operation is not implemented yet. To resolve this issue, modify the INI file in usr/local/bin/sync_zones to ensure the rsync operations uses the -u option.
apologies
- The_Bhattman
Nimbostratus
Hi MW,
We all suffer from the same self infliction :-)
Bhattman 
Chen_Tat_93126Hi MW,
I was looking for a way to implement this DNS blackhole solution for GTM and came across this topic, care to share how do you achieve this?
As in after adding the line " include "/config/namedb/malwaredomains.zones"; " into the named.conf file, what further actions to take to tell GTM to actually blackholes the zones in that file?
thanks in advance!
MW1In the /config/namedb/malwaredomains.zones file the domain entries are like this below example:
zone "zyvwh.ru" {type master; file "/etc/namedb/blockeddomain.hosts"; };
the /etc/namedb/blockeddomain.hosts file is the same for each blackholed domain. It is this that then contains the IP etc it will resolve to. Here is the content of mine (anonymised) - the 1.16.209.141 is where all blackholed requests get resolved to:
; This zone will redirect all requests back to the blackhole itself.
$TTL 3600 ; one day
@ IN SOA at1gtm.domain.com. hostmaster.at1gtm.domain.com. (
1
3600 ; refresh 8 hours
3600 ; retry 2 hours
3600 ; expire 10 days
3600 ) ; min ttl 1 day
NS ph1gtm.domain.com.
NS AT1PROGTM1.domain.net.
A 1.16.209.141
* IN A 1.16.209.141
I recommend checking out:
http://www.pintumbler.org/Code/dnsbl
and the SANS/dshield
http://www.whitehats.ca/main/members/Seeker/seeker_sinkhole/Seeker_DNS_Sinkhole.html
http://isc.sans.edu/diary.html?storyid=9037
To be honest I had meant to extract the sans script for pulling the list of in to the right format for bind as my multiple uses of sed is very painful. If you use wget to pull the list from the sites you may need to spoof the user agent as some of the sites block wget/curl
Hope the above helps
Matt- Chen_Tat_93126Hi Matt,
Thanks for the solution, will try that out..
Appreciate your explanation!
