Windows PowerShell DNS Server Blackhole Tool – Blacklist Domains


This is a Windows PowerShell Script to help you with blacklisting domains you wish to block in your networks.

We have written about PowerShell before, it is something which can make the windows shell a lot more flexible.

On the external DNS servers you can create primary zones for the domain names and FQDNs you do not want your users to resolve correctly. These DNS zones will all return an incorrect IP address, such as “0.0.0.0″ or the address of an internal server, not the real address. Because the organization’s internal DNS servers are configured to forward their requests to these external DNS servers in the DMZ, the internal DNS servers will cache these incorrect addresses too when the external DNS servers respond. So, when an internal client tries to resolve an unwanted DNS name, it will receive a response, but the IP address returned will be incorrect. Because an IP address of “0.0.0.0″ is unreachable, these unwanted zones created on the external DNS servers are said to be “blackholed”, “blacklisted” or “blocklisted”.

What to block? You can obtain lists of FQDNs and domain names to blackhole for free. Some lists are only for malware, others might be just for pornography, but be aware that they are never 100% complete or accurate (you get what you pay for, so don’t be surprised to find gaps a small number of false positives).

Some of the more popular blackhole lists include (in no particular order):

www.MalwareDomains.com
www.Malware.com.br
www.MalwareDomainList.com
www.MalwareURL.com
www.SomeoneWhoCares.org
mtc.sri.com
www.MVPs.org
www.UrlBlacklist.com (not free)

From sites like the above you can download lists of FQDNs and simple domain names which can be fed into the PowerShell script for this article in order to create blackhole zones on Windows DNS servers. If you have DNS servers running BIND, perhaps on Linux or BSD, then the sites above will also help you import blackhole domains on those DNS servers too (scripts for blackholing on BIND are common).

Requirements

To use the PowerShell DNS blackhole script, you must:

  • Have PowerShell 2.0 or later on the computer where the script will be run, which may be the DNS server itself or another management workstation.
  • Use Windows Server 2003 with SP2 or later for the DNS server.
  • Allow network access to the RPC ports of the Windows Management Instrumentation (WMI) service from the workstation where the script will be run.
  • Be a member of the local Administrators group on the DNS server.

You can download the PowerShell DNS Blackhole script here:

Blackhole-DNS.zip

Or read more here.

Posted in: Countermeasures, Networking Hacking, Security Software

,


Latest Posts:


SecLists - Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.


Comments are closed.