I am running into a problem. Essentially, my company uses a security software suit that performs a query against its main servers to check for the latest updates. However, our environment this host is on has no internet access, by design, for a specific customer for security purposes. Every time this software tries to "phone home", we get a security alert from our security team because its trying to query/search for home when its not supposed to.
The main problem, is that the FQDNs it searches for are based on an MD5 hash, so its a different subdomain every time, so the first time it might be like, 5215-af.domain.com, the second time it will be like gz5q-fjs.domain.com. So I cant just do a simple edit of the /etc/hosts file.
So, how do I go about blocking a domain and all possible subdomains? I want to route everything back to the local host, because the DNS server itself is what sets off the alarm, and the host still needs the DNS server to tell it about local things (its in a cloud environment so new hosts spin up all the time so I need DNS)
Just an update, I solved this with dnsmasq.
address=/domain.com/127.0.0.1
I then changed the resolve.conf to use nameserver 127.0.0.1 first.
Finally I disabled DHCP from making changes to resolve.conf