Block some users with Bind9
Eliezer Croitoru
eliezer at ngtech.co.il
Wed Jul 25 07:14:43 UTC 2012
On 7/24/2012 8:32 PM, Emiliano Vazquez wrote:
> Hi to everyone!
> I'm stuck with this!
>
> I need to do the following but i did not find the real solution.
>
> My problem:
>
> I need to block some IPs from the LAN to specific places, like
> "Facebook.com"
>
> I do this with Squid but https transport is encripted and never goes to
> Squid. There are some news about interception of this port (443) but
> this is un newers version of squid (3.2.x)
>
> I wan't know if you know some tipe of configuration of Bind9 to do
> something like "OpenDNS" who give us this solution.
>
> I need to do:
>
> IP 192.168.1.10 Block access to https://www.facebook.com &
> http://www.facebook.com
> IP 192.168.1.11 Full access without limitations.
> IP 192.168.1.12 Block access to https://www.gmail.com &
> http://www.gmail.com
>
> I follow the instructions from this link
> http://www.deer-run.com/~hal/sysadmin/dns-advert.html and get it working
> but the DNS act for all the machines in the network.
>
> It's possible to make what i wan't to do?
>
> Best regards and thanks for share your time.
>
> Emiliano.
>
well on a dns level will be nice to block it but if the user will have
access to some dns anywhere in the world in any way he can just use some
basic browser tricks to make this dns setup stupid.
i think it's better to use a proxy\fw to block these sites.
you can use let say squid and use some nice and good acls to do all your
the tricks you need.
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
More information about the bind-users
mailing list