fake dns entry pointer creation

Hi,

server : 2003 std. (pdc, dns,gc)
clients : xp sp3 fully updated

Some of domain users abuse using webmessenger or facebook web pages.
I would like to add "fake" dns pointer in my dns server for following domain
names:

webmessenger.msn.com
facebook.com

What I did is:
in forward lookup zones -> "mydomain.local" have created domain "com".
Inside, one other domain "msn" and inside A pointer "webmessenger" with the
local address ex.: 192.168.1.15.

then on one of client machines (with primary dns (no sec. dns) server set to
the one where the changes were done) I do:

1. ipconfig /flushdns
2.arp -D
3.ping www.msn.com -> pinging the real domain ip address.
4.ping www.msn.com.mydomain.local -> pinging 192.168.1.15 address

Ok, It's normal but not what I want to do...

I don't have good knowledge of MS DNS management console but have good
knowledge on dns in general.
I'm not shure If in the root of forward lookup zones I can create one domain
"com" with subdomains I would like to "fake"?
And after, if someone from local network try to reach webmessenger.msn.com
which exists in my "fake" .com domain then it will be served by my local DNS
server. If the same person try to reach somedomain.com who doesn't exists in
my fake .com domain, then my dsn server will escalate the request to one of
real root .com dns servers.

Is that possible?

Many thanks for your help.

Adi

Read inline please.

In news:eLmSrQueJHA.6012@TK2MSFTNGP02.phx.gbl,
Adi <no_spam@nospam> wrote:
> Hi,
>
> server : 2003 std. (pdc, DNS,gc)
> clients : xp sp3 fully updated
>
> Some of domain users abuse using webmessenger or facebook web pages.
> I would like to add "fake" DNS pointer in my DNS server for following
> domain names:
>
> webmessenger.msn.com
> facebook.com
>
> What I did is:
> in forward lookup zones -> "mydomain.local" have created domain "com".
> Inside, one other domain "msn" and inside A pointer "webmessenger"
> with the local address ex.: 192.168.1.15.

STOP!

Do not create a zone named com, doing so will cause all other .com domains
to fail, except for the ones you add manually records for.

Instead create two zones, one named webmessenger.msn.com, the other named
facebook.com, that's really all you need to do, you don't event have to
create a record because it will cause extra "spoofed" network activity to
the IP you use in the record.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

>> What I did is:
>> in forward lookup zones -> "mydomain.local" have created domain "com".
>> Inside, one other domain "msn" and inside A pointer "webmessenger"
>> with the local address ex.: 192.168.1.15.
>
> STOP!
>
> Do not create a zone named com, doing so will cause all other .com domains
> to fail, except for the ones you add manually records for.
>
> Instead create two zones, one named webmessenger.msn.com, the other named
> facebook.com, that's really all you need to do, you don't event have to
> create a record because it will cause extra "spoofed" network activity to
> the IP you use in the record.

Many thanks Kevin,

I've created two primary zones named like you sayed and now the message in
web browser is "the page could not be found" and that's fine!
But what if I want to redirect the page to some local intranet webserver?
Also, what means AD integrated zone?
When I tryed to delete previously created zone, I get the message telling
that the zone is AD integrated.

Many thanks,

Adi

Read inline please.

In news:%23Lt4%23rweJHA.3692@TK2MSFTNGP04.phx.gbl,
Adi <no_spam@nospam> wrote:
>>> What I did is:
>>> in forward lookup zones -> "mydomain.local" have created domain
>>> "com". Inside, one other domain "msn" and inside A pointer
>>> "webmessenger" with the local address ex.: 192.168.1.15.
>>
>> STOP!
>>
>> Do not create a zone named com, doing so will cause all other .com
>> domains to fail, except for the ones you add manually records for.
>>
>> Instead create two zones, one named webmessenger.msn.com, the other
>> named facebook.com, that's really all you need to do, you don't
>> event have to create a record because it will cause extra "spoofed"
>> network activity to the IP you use in the record.
>
> Many thanks Kevin,
>
> I've created two primary zones named like you sayed and now the
> message in web browser is "the page could not be found" and that's
> fine! But what if I want to redirect the page to some local intranet
> webserver?
You can do that but it serves no real purpose unless you want the web server
to publish some kind of warning page, it is still extra unnecessary network
activity.

Also, what means AD integrated zone?

A zone that is stored in the Active Directory database that is also
replicated to DCs in the Replication scope.

> When I tryed to delete previously created zone, I get the message
> telling that the zone is AD integrated.


Yes, you will get the message, it is warning you that the zone is deleted
from all DCs w/DNS loading the zone. Click yes to delete the zone.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Many thanks Kevin!
problem solved :-)