Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Intercepting addrs in a DNS server

Status
Not open for further replies.
UnknownPerson

UnknownPerson

Programmer
Dec 4, 2001
80
BR
I have a school where small children use computers. People just love to see violence and sex. The good thing is that they always do that in the same sites all the time.

My doubt is: How can I block those sites in my DNS server?. Whe have our own DNS server running Debian Potato and I would like to do something like this:

nslookup To be resolved to: forbidenpage.myinternalpageserver

So I would show up a page on the students browser saying they are not allowed to view that page. How could this be done?.

Thanks to anyone who inputs.
 
Sort by date Sort by votes
Create a zone record for the offending domain. Make the offending website's address resolve to your own servers. The answer won't be authoritative, but it'll block access.

Anyone inside your network will get your page. It won't affect anyone outside your network.

Remember, though, that all someone has to do to bypass this is to reconfigure their network settings to use DNSs other than yours. Perfection in engineering does not happen when there is nothing more to add. Rather it happens when there is nothing more to take away.
 
Upvote 0 Downvote
Can you give me an example or reference to creating zone records?

Sorry for any trouble.
 
Upvote 0 Downvote
What DNS software are you running? Perfection in engineering does not happen when there is nothing more to add. Rather it happens when there is nothing more to take away.
 
Upvote 0 Downvote
A simpler approach might be to block complete IP access to the affending domain.

route add -net 10.1.1.1 netmask 255.255.255.255 reject

If your using a cisco router a simpler approach might be to use an access list on the router.



-Danny
dan@snoboarder.net






 
Upvote 0 Downvote
Here's another option that's been discussed on the IPCOP firewall user list; dansguardian.


Something to check out, anyway...
J.R. Juiliano
Information Systems Specialist
Tri-City Emergency Medical Group
 
Upvote 0 Downvote
Do you have any live domains listed on that server, or are you using it only for caching? Perfection in engineering does not happen when there is nothing more to add. Rather it happens when there is nothing more to take away.
 
Upvote 0 Downvote
Only as a caching server. I didn´t even guet to configure it, just intall it from the deb package.
 
Upvote 0 Downvote
Then you might be best served reading the BIND 8 HOWTO


There are a lot of options that would be difficult to discuss in the forum that that document should answer for you.

Perfection in engineering does not happen when there is nothing more to add. Rather it happens when there is nothing more to take away.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
mail Server
Replies
0
Views
264
MP2023
MP2023
MP2023
  • Locked
  • Question
Mail Server zimbra
Replies
0
Views
271
MP2023
MP2023
SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
748
gbaughma
gbaughma
bk Patel
  • Locked
  • Question
Openscape 4000 Eco Server
Replies
3
Views
439
bk Patel
bk Patel
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
315
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top