Hi,
its possible to catch all DNS host queries to just one IP Address. For example in an open WLAN to redirect a User to a authentication page before he can use the network.
I will describe this for ISC Bind and dnsmasq on debian linux. Maybe other DNS implemention offers such a possibility too.
Install and configure BIND.
root@debdev:~# apt-get install bind9
root@debdev:~# mkdir /etc/bind/
root@debdev:~# cd /etc/bind
root@debdev:~# mv named.conf named.conf.org
We create a simple configuration. Therefore save the existing /etc/bind/named.conf and create a new one with your favorite editor. Also refer to the manual of your destribution where to locate the named.conf file.
options {
# If DNS should only listen to a specific interface multiple interfaces
# define it here,
# remove the comment sign and set the IP Address of the interface
# listen-on { 10.254.1.1;};
listen-on-v6 {none;};
allow-query {any;};
directory "/etc/bind";
disable-empty-zone yes;
allow-recursion {"none";};
additional-from-cache no;
recursion no;
};
zone "." {
type master;
file "/etc/bind/db.redirectallhosts";
};
Create the zone file /etc/bind/db.redirectallhosts
$TTL 30 ;30 sec
; Use a short TTLbecause the client caches
; these the queried names for that time without
; query the DNS Server again
@ IN SOA ns.yourdomain.local. hostmaster.yourdomain.local. (
2015072200 ; serialnumber of zone, increment it on any changes
240 ; refresh (4min)
120 ; retry (2 min)
900 ; expire (15 minutes)
300 ; minimum (5 minutes)
)
; IP of your Nameserver
IN NS 10.254.1.1
; IP to redirect
* IN A 10.254.1.2
Set User bind as owner of the bind directory
root@debdev:~# chown -R bind:bind /etc/bind
Start the DNS Server
root@debdev:~# /etc/init.d/bind9 start
[ ok ] Starting domain name service...: bind9.
And query any domain
root@debdev:~# nslookup michlstechblog.info 10.254.1.1
Server: localhost
Address: 127.0.0.1#53
Name: michlstechblog.info
Address: 10.254.1.2
If the query fails look into /var/log/syslog for further details
root@debdev:~# grep named /var/log/syslog
......
Jul 22 18:02:39 debdev named[5425]: command channel listening on 127.0.0.1#953
Jul 22 18:02:39 debdev named[5425]: command channel listening on ::1#953
Jul 22 18:02:39 debdev named[5425]: zone ./IN: loaded serial 2015072200
Jul 22 18:02:39 debdev named[5425]: managed-keys-zone ./IN: loaded serial 0
Jul 22 18:02:39 debdev named[5425]: running
Jul 22 18:02:39 debdev named[5425]: zone ./IN: sending notifies (serial 2015072200)
.....
Enable bind9
root@debdev:~# update-rc.d bind9 defaults
And the same procedure with dnsmasq 🙂 Quite Simply 🙂
Install dnsmasq
root@debdev:~# apt-get install dnsmasq
and create a simple config. Create a config file /etc/dnsmasq.d/redirectallhosts and set
address=/#/10.254.1.2
start dnsmasq
root@debdev:~# /etc/init.d/dnsmasq start
Check name resolution
root@debdev:~# nslookup www.heise.de localhost
Server: localhost
Address: ::1#53
Name: www.heise.de
Address: 10.254.1.2
Enable dnsmasq
root@debdev:~# update-rc.d dnsmasq defaults
You can also redirect all incoming network traffic on the interface (where the clients connects to) to thia IP Address, rewrite the destination IP Address of all packets. Take care that is is not the public LAN interface :-).
# Send all incoming tcp pakets on port 443 to 10.254.1.2 port 80
root@debdev:~# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to 10.254.1.2:80
# Sends all pakets(udp/icmp/tcp) to 10.254.1.2
root@debdev:~# iptables -t nat -A PREROUTING -i eth1 -j DNAT --to 10.254.1.2
Depending on your configuration, if your box acts as router, you have to enable IP forwarding
root@debdev:~# sed -i 's/\#\s*net\.ipv4\.ip_forward=1/net\.ipv4\.ip_forward=1/' /etc/sysctl.conf
root@debdev:~# sysctl -p /etc/sysctl.conf
Have fun!
Michael
HI
want to ask you some questions
If I just want to redirect all traffic to my webserver 192.168.1.1
so what is my
IP of your Nameserver
IN NS 10.254.1.1
in /etc/bind/db.redirectallhosts
i didnt see you setting what nameserver to 10.254.1.1