Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [dns-firewall]

A DNS firewall protects a network against malicious DNS entities, but cannot be used to prevent a user from accessing a network resource.

Unlike classic IP and port based filtering, a DNS firewall protects a network against malicious DNS entities. They are not a good choice for preventing users from getting to a network resource (DNS is a poor substitute for IP and port based ACLs), but they can be useful for shielding customers from online threats and taking down domains and/or nameservers associated with botnet C&C domains.

4 questions
6
votes
1 answer

Set up BIND9 as DNS Firewall

With OpenDNS now needing one to be on the pro package to have filtering turned on, being on a tight budget, we are in need of free DNS filtering. After reading this link on how to block domains with bind, I collected SquidGuard blacklists and…
belteshazzar
  • 292
  • 4
  • 9
2
votes
2 answers

Can DNS RPZ firewalls protect against IP Access?

I am looking into DNS-RPZ firewalls. Can they protect against users browsing to http://{ip-address}? If so how does that work? Given no name resolution is required?
Adam Mills
  • 25
  • 8
1
vote
1 answer

How to block all domains except few in BIND DNS?

I came across solutions for blocking selected DNS resolutions by creating block zones. But how would I allow certain sites only and blocking all others in BIND?
hardik p
  • 125
  • 7
1
vote
1 answer

Certificate Errors on "redirection" in DNS RPZ of https/ssl

I've set up a DNS RPZ where I "redirect" users to a walled garden using DNS RPZ records when users try to access a list of bad sites. Let's say a user tries to access badsite.com. The redirection to my walled garden for http connections works but…
thelok
  • 13
  • 3