DNS Sinkhole Update Page
This page is dedicated to provide
information, updates and files to setup a DNS Sinkhole. I have published a GIAC
Gold paper on DNS Sinkhole that can be downloaded here.
DNS Sinkhole ISO Download
Current version is 2.2 (November 2016)
The DNS Sinkhole ISO can be directly downloaded from 64-bit sinkhole64 version and 64-bit MD5
The 32-bit sinkhole version and 32-bit MD5 version is still 1.3 and won’t be updated to 2.1.
The built documentation is available here ISO Documentation
Changes in Version 2.2
- Fixed BIND package.
- Updated several Slackware packages
- Updated ISO to new kernel version 3.10.104.
- Added to documentation an example on how to setup BIND as the DNS server and forward all DNS queries to PowerDNS that is setup as a Sinkhole
BIND DNS Sinkhole on other Linux Versions
This tarball contains all the necessary pre-configured files to get a BIND DNS Sinkhole setup. The files from the bind_sinkhole directory should be copied to the Unix/Linux root (/) filesystem.
To complete the setup, do:
- Edit /etc/named.conf (Note: // is a comment in this file)
- If needed, change the allow transfer
- If needed, change the allow recursion
- Change the list of forwarder to your site list
- Ensure your list of include domains matches your site custom lists. This is important when the sinkhole_parser.sh script test the zones for errors and duplicate. Any custom lists you wish to add to your sinkhole (i.e. guy_blacklist.conf) must be included in the named.conf file to be loaded in the sinkhole. The default list is:
site_specific_sinkhole.conf (single = match specific domain)
entire_domain_sinkhole.conf (wildcard = match entire domain)
- Save the changes
DNS Sinkhole - Hijack domains
- Edit the /var/named/sinkhole/client.nowhere and change the 192.168.1.5 IP address to your site sinkhole IP address and save the change.
- Edit the /var/named/sinkhole/domain.nowhere which is used to wildcard an entire domain and change the 192.168.1.5 IP address to your site sinkhole IP address (this maybe the same as client.nowhere) and save the change. (wildcard = *.domain.ca)
By default, the sinkhole_parser.sh script populates the site_specific_sinkhole.conf and all domains included in this file are putting in the sinkhole just the listed sites.
After the files have been copied to the filesystem, run /root/scripts/sinkhole_parser.sh select D, T and B to populate your DNS Sinkhole.
Last update: 26 September 2012
BIND DNS Sinkhole tarball
MD5 of BIND DNS Sinkhole tarball