I'm setting up an environment for malware simulation that will utilize DNS tunneling to export data while bypassing the firewall. For this, I need to host an internal authoritative DNS for a dummy domain that caches requests with encoded information. I'm considering using BIND9 on a Debian host, but I'm unsure if it's too complex since it's typically an enterprise-grade solution and I'm just doing a simple demo. The infrastructure is running on a multi-node Proxmox, and I use OPNSense for the firewall. Any software recommendations would be appreciated!
4 Answers
If you're looking for something lighter for just a demo, consider using `dnsmasq`. It's versatile and perfect for DNS/DHCP/TFTP, which might suit your needs well.
You might also want to look into PowerDNS—it can be set up through Terraform if that's something you're into. Not sure if it's what you need for this specific project, but it could be handy in the future!
BIND is definitely the way to go. It's reliable and not too complex to manage. I’d suggest using it unless you have a specific reason to choose something else.
I don't have a specific reason; I'm just new to DNS hosting and have only used resellers until now.
I've run BIND for several years, and while it's good, it can require a lot of security updates. If you have a bit of budget, consider hosting DNS elsewhere. Services like Cloudflare offer free options, and AWS Route53 is quite affordable. BIND was a great choice back in the day, but now there are many free alternatives available.
Not for this project, but I appreciate the tip! Might be useful later.