0

I firstly asked the question here: https://networkengineering.stackexchange.com/questions/33948/restrict-dns-usage-to-some-clients

I would like to create a unbound DNS server. I don't have the IP addresses of the users.

What are some other easy options to consider in order to restrict DNS usage to some clients ?

I am using Openwrt routers behind a nat and my server runs Ubuntu and Unbound as DNS.

Community
  • 1
4m1nh4j1
  • 167
  • 1
  • 2
  • 8
  • I don't believe that without a list of IP addresses to block, you can easily restrict clients with DNS. After all, DNS is a a completely stateless and anonymous protocol. You could consider building some kind of portal where users can register their IP address to use it, somewhat like some GeoIP circumvention services (and I believe, OpenDNS) do, but that's most certainly much more involved than just setting up an Unbound server. – Sven Aug 11 '16 at 13:05
  • 1
    Even with a list of IPs, DNS is stateless, and the IPs in your whitelist can still be spoofed. Network segmentation is the rule of thumb with recursive DNS. – Andrew B Aug 11 '16 at 14:47
  • What other information do you have about your users? What distinguishes allowed vs. not allowed users? Do you have any control over their systems? – Aaron Aug 11 '16 at 18:08
  • yes I have a full control over the connected routers. They are connected to my vpn but I would not like to route DNS trough a vpn tunnel. – 4m1nh4j1 Aug 14 '16 at 12:28

0 Answers0