Search pdns based on common subdomain

Question

Search pdns based on common subdomain

elhoim opened this issue 12 years ago · 2 comments

Some malware use uncommon subdomains on dyn DNS providers, example from http://blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html if you search for piping.* for RRSet you end up finding piping.dyndns-server.com which looks suspicious (fluxing a lot towards IPs in the same range)

Answer 1 · 2013-02-08T13:26:21.000Z

This is definitely something that's important. I've successfully tested left hand wildcards before. Did you try running the right hand wildcard and it failed?

I'll try to test this today, and if it doesn't work, figure out why this one doesn't but left-handed wildcards do.

EDIT Tested and remembered why this wouldn't work (as implemented) :-) Thanks, I'll add it to the to-do!

Answer 2 · 2013-02-08T14:12:59.000Z

Implemented in pDNS_wildcardsearch. The transform accepts both right and left handed wildcard searches and returns the appropriate results as domains.