Custom DNS response

As a Security Analyst:
I would like to be able to add domains manually, and point them to a custom server.

So that:
When I add a blacklisted item to the Pi-Hole, I can say that instead of returning the Pi-Hole IP or 127.0.0.1, I can tell the Pi-Hole to return the IP of the custom server I have set up.

In order to:
Intercept malware requests to e.g. CnC servers, decrypt malware requests to external servers and analyse malware requests, to get a better understanding of the malware that infected a machine and take action.

You should be able to do this in the /etc/hosts file on the Pi or in a custom dnsmasq config file in /etc/dnsmasq.d

1 Like