15 Jan
2006
15 Jan
'06
2:52 p.m.
Hello,
well, I looked at the bind documentation.
I think it is possible to work with it.
If you do define a special zone:
zone www.google.com {
type forward;
allow-query <address_match_list>;
forwarders <ip_address_of_dns_server_of_isp>;
}
For servers which should be able to look-up everything, I think you can
define this:
zone . {
type forward;
.....
}
http://www.isc.org/sw/bind/arm93/Bv9ARM.ch06.html#zone_statement_grammar
Play a little bit around, it should be possible....
Regards,
Michel
Patrick Useldinger schrieb:
Michel Kohl wrote:
A proxy server cannot handle DNS requests, it
only gets the DNS
addresses for requested URL from a users who wants to browse...
Unless it's a DNS proxy ;-) Proxy does not always mean http proxy, it
can be plenty of things.
But I do not really understand, why you only want
to restrict DNS usage?
Wouldn't it be easier to let the machines do the DNS lookup, but to
allow in the firewall only connections to google.com and yahoo.com?
No, my context is entierly different. Don't focus on the example I
gave. What I need is to control at the DNS level which host can ask
which name resolution.
You could write your own DNS forwarding service
which can restrict
them :-).
Yes I could and I have investigated that as well. My best solution
would be to use Twisted. But it's not a trivial issue.
Did you take a look at sourceforge.net or
freshmeat.net for DNS
forwarding services?
Yes, but I didn't find anything yet.
Regards,
-pu