DNS - single domain, two websites /forwarding/
Hello Linuxforums. It's a pleasure for me to be your new member :)
Some days ago I came to the idea of using fake DNS responses, but only for the first request to a given website.
I am a student and I need this "evil idea" only for educational purposes.
All I want is to intall a DNS server (for example - BIND) and redistribute it to the clients of my local subnet via DHCP. Then I'll make a fake forwarding for the first request to given website.
domain.com <---> ip: y.y.y.y
1st request: source ip z.z.z.z -> opens domain.com ->corr ip:x.x.x.x (fake)
2nd request: source ip z.z.z.z -> opens domain.com ->corr ip:y.y.y.y - this time the DNS resolution is proper
For example, if the client wants to open domain.com and it's corresponding IP address is y.y.y.y the DNS server will detect that this is the first request to this site from this IP and redirect it to a fake website (ip:x.x.x.x). Then, the user will try again by sending the same request and the DNS server will use some kind of algorithm* to discover that the same IP is doing a second request to the same website and resolve it with the proper IP address of the web server.
*I'm thinking of using tcpdump to create a table with the source ip; the url the user wants to open; and maybe some more fields from the tcp header /SYN-ack number/.
And think it is an interesting task. Your ideas are welcome :)