Bind 9 secondary name server not updating
In “production” domains, the values for TTL, refresh, retry, etc. In addition, when a change is made (such as adding or modifying a host), the serial number needs to be incremented.However, since this “dummy” file should never change, the serial number is not important.The last two configurations have the added advantage of generating log files for inspection as well as enable a snort or other IDS system to continue to see traffic.An internal DNS server configured to answer for malware domains has several advantages over a host file, including: The following assumes you already have a familiarity with DNS and bind.The desktop receiving the answer doesn’t know that the ip address received is not “valid”.
This single file will be used for all malware-associated domains.
A host can be used to maps hostnames associated with malware to a different IP address (such as a loopback address, 127.0.0.1).
This will prevent connections to those malicious sites from ever taking place.
Several Live CD distributions (such as Knoppix-STD a and NST) contain the named program (which is used to start up the BIND daemon) and can be used for testing.
More information on testing the new zones is located later in this paper.