2011-12-18

Panic! At the DNS Co.

There are a couple legislative measures taking shape at the U. S. federal level to provide private entities with heretofore untold amounts of power to interrupt communications on the Internet. The Stop Online Piracy Act is one of them. Another is the PROTECT IP Act.

I'm no lawyer, but I know that when it comes to politics, the side with the most money usually wins, and not many multinational corporations are pumping the coins out of their war chests to defend free speech.

In any case, there seems to be some tinfoil panic going on that this souped-up version of the DMCA is going to break the Internet, and there's actually some merit to this. It seems that one of the means that will become available to shut down SOPA violators is DNS hijacking, which is an established means of seriously annoying well-meaning netizens. I've even seen people posting simple lists of domain names and the corresponding URLs, so in case www.disney.com suddenly becomes inaccessible, you can still punch in "199.181.132.250" and hope Walt's virtual host logic all still works.

I make fun of people posting these lists, but the reality is that you never know when the mother of all /etc/hosts files is going to come in handy. Five minutes after "www.falundafa.org" expires from your DNS cache forever is exactly the time when you wished you'd actually taken note of the IP address it used before your ISP's servers got served an immediate C&D takedown order.

Hosts files are crazy paranoid, but I can't rightly tell you not to make one. The first step is to find every website you've visited in the last who-knows-how-long and then record the IP address or addresses that point to them. I'm lazy, so I just stopped worrying after this point because if I ever need to make hosts files from this, it's a few lines of Perl or, if you're hardcore, a few more lines of Perl and some cache config changes to set it so your DNS cache begins believing that you are the authoritative DNS server for your verboten domains.

For dnscache, it's super simple. It's one line. Here we go:

$ grep -r 'cached 1 ' /service/dnscache/log/main | cut -f4 -d' ' | sort -u | while read f; do echo -n "${f} "; dnsip ${f}; done

You need dnscache to use its default logging for this to work, but the output is one domain per line followed by all of the IPs that point to that domain. Quick, dirty, and accurate. From there, you can do with it as you please: hosts file or fake authoritative DNS server.

No comments: