# DNS How To? Forward unresolved traffic to honeypot?



## audiopeep (Mar 5, 2015)

Hi everyone,
*Backstory*: 
I am noob to both this forum and FreeBSD, but have been tasked with an exciting project that could score me some free lunch.  I am trying to set up a honeypot in hopes of dissecting, reverse-engineering and discovering malware behavior.  I've realized that much malware reaches out to a myriad of IPs. Furthermore, I've found that much malware stops running if it cannot connect out to the web to access its bot-net or "mothership".  In order to circumvent this, I'd like to allow my malware to access the "mothership"/outside web, but also track additional DNS queries.
*The Question:*
How can I configure a DNS server(s) to allow traffic to resolvable domains and send all unresolved or unknown IPs to another host for either logging or inspection?

Any help or guidance to docs would be greatly appreciated.
Thank you in advance for your knowledge and expertise,
-AP


----------



## Beeblebrox (Mar 5, 2015)

Does this help any? https://forums.freebsd.org/threads/howto-jailed-unbound-dnscrypt-proxy-with-dnssec.48966/


----------

