DNS Security Question
Skip Montanaro
skip at mojam.com
Tue Sep 21 01:17:14 UTC 1999
Dave> This may be a silly question, but is there anyway to stop a
Dave> nameserver from resolving certain domains? For example... many
Dave> users in my company are hitting sextracker.com and sexhound.com
Dave> etc., and I'm wondering if there is any possible way to make our
Dave> DNS server ignore requests for these domains.
There may be ways to eliminate them (I've certainly never pretended to be a
DNS expert..), but if my experience with my teenage sons is any indication,
if they want it they'll find a way to get it. ;-) You'll always be a step
behind. Can't get to sextracker.com? Okay, I can live with
xxxsites.com. Block that too? Well, there's always sf49ersbabes.com (or
whatever). I think you see where I'm headed with this. At one time I
probably was filtering out a couple hundred sites and a similar number of
path patterns with squid. It's generally futile to try to block access
based on hostnames or URL patterns.
Skip Montanaro | http://www.mojam.com/
skip at mojam.com | http://www.musi-cal.com/~skip/
847-971-7098 | Python: Programming the way Guido indented...
More information about the bind-users
mailing list