Talking about pseudo DNS resolution

Terminology: pseudo DNS resolution refers to the DNS resolution that does not match the regular domain name resolution on the Internet, such as adding a private DNS record on your own private DNS server, the IP address domain name ing added in the host local resolution Query file hosts.

Some people may ask why we should add A valid A record directly to the Domain Name Service Provider? Everything has a cause and effect, and existence is reasonable. The existence of pseudo DNS resolution is justified.

1. convenient and efficient access to internal applications

This trick is used by many network administrators. For example, we have A server A with an internal IP address of 192.168.0.100 and published it through vrob B. The external address is 211.211.211 and the corresponding domain name is www.novosupport.com, if our internal staff access this server, we should use the external address of www.novosupport.com 211.211.211.211 to access the server, which is bound to pass through router B. However, we add pseudo DNS resolution on the internal DNS server, resolve www.novosupport.com to 192.168.0.100 without passing through router B. On the one hand, the access speed is improved, the access path is shortened, and on the other hand, the burden on B is reduced.

2. Release of Non-public Internet applications

When we only want to authorize some public network users to access some of our special Web applications without using VPN or other complex means, my usual practice is to create a domain name-based virtual host, illegal domain names are bound for ing and publishing. At the same time, the corresponding visitor is notified of the domain name and address ing relationship, so that they can add pseudo resolution in hosts. This pseudo domain name can have nothing to do with your enterprise, and sometimes you may use some well-known domain names, such as baidu.com. we release a web application to access it using zhidao.baidu.com, only those who have added pseudo records can access our applications correctly, while others can only open their own websites.

3. Simple Internet access control and Automatic Internal Investigation Registration

In fact, this work firewall will solve the problem better, but you can consider phishing when you are not able to buy a professional firewall. For example, we added a wildcard domain name pseudo record * .kaixin123.com to the internal DNS server, and assigned it to our own server, and created a page identical to the original website, at this time, when an employee accesses this website and enters the username and password according to common sense, do they still need to worry about getting this person? It seems not very ethical to do so ......) In fact, it often acts as a simple firewall. When we do not want employees to access baidu.com, we can add wildcard domain name resolution * .baidu.com to our own DNS server, the corresponding IP address is a simple page for prompting Access denied. In this way, the Internet access control and notification functions are implemented. If we add some registration applications to the prompt page, we can perform audit registration.

......

In fact, it is very useful. The most direct reason for writing this article is the rogue behavior of some software downloads. Generally, I download large files through an external hosting server, and then use its WEB service to publish the downloaded content, and then download it to the client. When I checked Web service logs a while ago, I found that different IP addresses were connected to the deleted download resources every day. No search engine access record found, the problem must be found in the download tool thunder. When we download the tool, Thunder will include our and the file name, and open it to others ......

The second application can be used to prevent such incidents. This temporary download file used the pseudo domain name support.lenovo.com to publish my website, at the same time, a corresponding record is added to your hosts, so that Thunder can record it. Killing it won't find the real resource, unless it changes all the host hosts installed with thunder ......

Although the name of pseudo DNS resolution is not very orthodox, if it can be skillfully and flexibly applied, it will provide a lot of convenience for our work.

This article from the "Focus on the Integration of Information System Construction" blog, please be sure to keep this source http://bingyi.blog.51cto.com/261731/392142