Greetings all,

I'm trying to write a document about how we could intercept requests to
potentially malicious websites using DNS forwarding. After doing some
reading I stumbled across stub zones. What I don't fully understand is
the implementation of this or which would be better.

Example:

Client infected with malware tries to get to something.ru So we tell
our internal DNS servers to tell the client that instead of going out,
my little server over here is actually something.ru effectively
intercepting the request.

I assumed creating a simple forward zone for *.ru would be the best was
to accomplish this, but then I have to create a forward zone for every
domain I want forwarded. With the stub zone I understand that I could
just provide the DNS admin the root.stubs.conf file and this would
effectively accomplish the same thing? Can you use wildcards in the
root.stubs file? i.e. *.ru?

Could someone please clarify this for me as I'm confused if they work
the same way.

Thanks in advance.