Discussion:
[Rabbit-dev] DNS to block malware
Rick Leir
2010-12-15 11:12:41 UTC
Permalink
Hi Luis, Robo,
I like to block malware using OpenDNS.com, by pointing my system
resolver at their DNS server.
HTH -- Rick

From the dnsjava README:
========

There's no standard way to determine what the local nameserver or DNS search
path is at runtime from within the JVM. dnsjava attempts several methods
until one succeeds.

- The properties 'dns.server' and 'dns.search' (comma delimited lists) are
checked. The servers can either be IP addresses or hostnames (which are
resolved using Java's built in DNS support).
- The sun.net.dns.ResolverConfiguration class is queried.
- On Unix, /etc/resolv.conf is parsed.
- On Windows, ipconfig/winipcfg is called and its output parsed. This may
fail for non-English versions on Windows.
- As a last resort, "localhost" is used as the nameserver, and the search
path is empty.

==========
malware sites
Luis Soltero
2010-12-15 15:20:09 UTC
Permalink
OpenDNS is a fine service but as stated in my previous posting I don't think that DNS is the optimum way to block sites.
Besides this does nothing for Ads. The problem with DNS lookup approach is that it takes longer, wastes resources, and
neither AdFilter or BlockFilter are called.

A better approach would be to add code the filtering code to
1. check for local file based tables of ad/malware
or
2. use db based tables
or
3. have the filters do blackhole dns lookups in the filters looking for positive hits.

3 differs than just using OpenDNS because the lookup happens in the Filter code and not in the general url processing
code. So... if you point the AdFilter code to a ad based blackhole DNS then you can do the NoAd.gif processing.
Similarly if the DNS is a malware blackhole then you do the lookup in BlockFilter and take appropriate action there.

Using OpenDNS the way you currently do you get an invalid DNS lookup and a timeout with less control on how the
processing takes place.

Having said that using your approach is the only option at this time other than manually entering regex expressions into
rabbit.

Thanks for the tip.

--luis
Post by Rick Leir
Hi Luis, Robo,
I like to block malware using OpenDNS.com, by pointing my system resolver at their DNS server.
HTH -- Rick
========
There's no standard way to determine what the local nameserver or DNS search
path is at runtime from within the JVM. dnsjava attempts several methods
until one succeeds.
- The properties 'dns.server' and 'dns.search' (comma delimited lists) are
checked. The servers can either be IP addresses or hostnames (which are
resolved using Java's built in DNS support).
- The sun.net.dns.ResolverConfiguration class is queried.
- On Unix, /etc/resolv.conf is parsed.
- On Windows, ipconfig/winipcfg is called and its output parsed. This may
fail for non-English versions on Windows.
- As a last resort, "localhost" is used as the nameserver, and the search
path is empty.
==========
malware sites
_______________________________________________
Rabbit-dev mailing list
Rabbit-dev at khelekore.org
http://khelekore.org/cgi-bin/mailman/listinfo/rabbit-dev
--
Luis Soltero, Ph.D., MCS
Director of Software Development, CTO
Global Marine Networks, LLC
StarPilot, LLC
Tel: 865-379-8723
Fax: 865-681-5017
E-Mail: lsoltero at globalmarinenet.net
Web: http://www.globalmarinenet.net
Web: http://www.starpilotllc.com
Loading...