DNS Analyser Settings
Control Panel

The DNS Analyser examines all DNS requests and resolves listed names locally. Unlisted names are resolved by an external DNS server.

Display the Windows DNS cache Display the Windows DNS cache Flush the Windows DNS cache Flush Use Windows DNS Use NAT32 DNS

Check a name in hosts.ini  

Set a honeypot exception    



Filter    IP [all | lists | hosts | none]
Block    IP

White List

Black List

Grey List

NAT32 also supports a list of names that must always use a special route to the Internet. This feature is useful for accessing sites that block content by geographical location. If a VPN connection to a server in a specific country is available, then all traffic to names in the special list will be forwarded via that VPN connection.

Special List

NAT32 also supports a list of names that always resolve to the IP address of the interface over which the request was received. This feature is useful for local testing.

Local List

Shown below is the current Windows DNS Cache


The DNS Analyser can use either NAT32 Name Resolution or Windows Name Resolution to resolve names on behalf of a client. Names on the black-list always resolve to the address of the NAT32 Honeypot. Listed names can be complete DNS domains or shorter substrings. Names or substrings on the white-list undergo no further checks and are forwarded to the external DNS Server for resolution.

The NAT32 Honeypot returns dummy content of an appropriate type for the subsequent GET request. It always blocks HTTPS requests to black-listed sites, as such traffic is highly undesirable.

As of NAT32 Build 22346, a Honeypot Port 443 daemon is no longer started in file startup.txt. In addition, command setns e5 is used to instruct the DNSRD to report NXDOMAIN for blocked names. This means that clients attempting to resolve blocked names will receive a "Name does not exist" response.
dnsmap, dnsrd, firewall, httpget, setns, home