I came across solutions for blocking selected DNS resolutions by creating block zones. But how would I allow certain sites only and blocking all others in BIND?
Asked
Active
Viewed 1,495 times
1
-
2Disable forwarding. Only the zones you define will resolve. – Aaron Copley Mar 14 '16 at 17:57
1 Answers
2
Just configure BIND so that it doesn't allow recursive resolution and create explicit forward zones for the domains that you want to permit querying.
On a side note, if you're attempting to use this as a means of restricting access, it's a terrible method that can be trivially bypassed either by clients simply specifying alternative DNS servers (although you could potentially block this too) or by adding manual entries for DNS names on the local machine.
Olipro
- 2,967
- 18
- 18
-
Thanx. What other options I should look for in order to restrict access (more specifically allow certain sites only) in ubuntu other than dns resolution. – hardik p Mar 14 '16 at 19:36
-
@hardik Transparent proxies are the goto solution for what you're trying to accomplish. Olipro is correct that DNS firewalls [are the wrong tool](http://serverfault.com/tags/dns-firewall/info) for the job. – Andrew B Mar 14 '16 at 20:58