-1


Usually i'm developper...
Today my boss asked me a question, how to configure different dns rules for different user ?
Anyone have an idea ?
All people use same DNS, Section IT it's allowed to have acces to www.facebook.com but human ressource doesn't have.
We have server on Debian 6.0.

Thanks for your help !

red eyes dev
  • 125
  • 1
  • 4

3 Answers3

7

For what you're trying to accomplish, DNS is not the solution.

Look into proxy servers that are capable of filtering such as squid, or other web filtering options.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
2

DNS is definitly not the answer. All you can do with DNS is create some pool for addressing ip-range by services. But that's not what you want or need.

You'll need to use a proxy!

hope this will help you.

look at this website, you'll find some trick about proxy like squid (not a lot explanation, but some really easy to understand tutorial look at the bottom of the menu to select your sever OS) look here

Anarko_Bizounours
  • 976
  • 8
  • 20
-2

A filtering proxy is probably the right way to do this but If you need to do this in bind it has a feature called views that can give you a "split" dns that provides one answer to matching clients and other response to other clients.

http://www.zytrax.com/books/dns/ch7/view.html

pyasi
  • 500
  • 2
  • 5
  • Views doesn't help has a proxy... It will only permit user to see another user depending of it's IP. You can't use this kind of tools to block internet website, website like facebook have more than 1 ip, and futher more facebook got now some IPV6 ip. Views work only on intranet lan/wan, not on extranet/Internet. – Anarko_Bizounours Jun 10 '11 at 06:31
  • Can you not make your own authoritative entries for the domains you don't want people to get to, and send them to some other address? I agree you're not really blocking anything, but it would in effect block easy access to those sites unless one uses another DNS provider or their own hosts file. – pyasi Jun 10 '11 at 21:10
  • well, there is another way, it's to get all ip from the website you want to block and redirect them in the dns to google. Effective but still not very secure. It's like modifying the hosts file. – Anarko_Bizounours Jun 14 '11 at 08:34