Many admins inadvertently design a sinkhole by null routing unused ranges within their core in order to limit unnecessary traffic. Some may even advertise these ranges from a Linux server running zebra or quagga for advanced alerting while monitoring for the propagation of worms or enumeration scans. In this post, we will discuss a similar idea for DNS using Firepower.Continue reading FIREPOWER DNS Sinkhole
From the Service Provider’s Perspective
In part one of this topic, we discussed how to manage a sub-delegation for reverse DNS records once your ISP provides this service for you. Here in part two, we’ll discuss how to provide the sub-delegation of a reverse DNS range to another user. So in this situation, think of yourself as the provider offering the service for a customer or end user.
What You’ll Need
After you have received the request from the customer, you will need to confirm that they have created the proper zone for the Continue reading How to Sub-Delegate Reverse DNS Records Part 2
The Purpose of DNS Sub-Delegation
Let’s say you have acquired a static IP range from your ISP. Now that you have that range, you decide you also want to control the
PTR records for these addresses as well. But,
PTR records typically belong to the ISP. However, you do not want to depend on the ISP for each change you’d like to make; you want more control. How can your gain more control over those
The way to gain this control is through DNS Sub-Delegation. DNS Sub-Delegation is when your ISP forwards
PTR requests to your name server so that you can have control over your record updates. In other words, the ISP delegates their authority over their
PTR records to your DNS server.
If you understood the implications of that last sentence, you’ll realize that you will need your own local DNS service that controls your domain. After all, if you don’t control your own domain, how are you going to control the
PTR records once they are delegated to you? In this post, we’ll assume that you will manage your
PTR records with your own DNS server. Continue reading How to Sub-Delegate Reverse DNS Records Part 1