This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button
Course Of The Month
7 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
DNS Record/Response on a Per Client Basis with BIND
Posted on 2013-01-02
I have certain devices on my network that I wish to block webpages using DNS.
Normally I would use my Squid Proxy... Unfortunately, this device has NO support for Proxy...
Is there a way to have BIND respond on a per client basis? As in...
Device "A" (has static IP) is in need of the block:
Device "A" requests *.* from BIND
BIND Responds as if the domain does not exist.
I want to force all requests to be unresolved for Device A
I only want to allow one domain to be resolved for Device A
Thank You
Normally I would use my Squid Proxy... Unfortunately, this device has NO support for Proxy...
Is there a way to have BIND respond on a per client basis? As in...
Device "A" (has static IP) is in need of the block:
Device "A" requests *.* from BIND
BIND Responds as if the domain does not exist.
I want to force all requests to be unresolved for Device A
I only want to allow one domain to be resolved for Device A
Thank You
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
5 Comments
Active 6 days ago
With transparent proxy you could do this without a need for any proxy setup on client side. You would then just nned to create rule, based on MAC address, to filter this device out.
But as MAC is Layer 2, you would probably need to make DHCP reservation on IP for this MAC, which moves you one step away from some secure setup.
Instead, try IPTABLES rule and play with it:
But as MAC is Layer 2, you would probably need to make DHCP reservation on IP for this MAC, which moves you one step away from some secure setup.
Instead, try IPTABLES rule and play with it:
iptables -I FORWARD 7 -p tcp -d restricted.com -m mac --mac-source XX:XX:XX:XX:XX:XX --dport 80 -j DROP
iptables -I FORWARD 7 -p tcp -d www.restricted.com -m mac --mac-source XX:XX:XX:XX:XX:XX --dport 80 -j DROP
Unfortunately the set of devices I wish to block are all on different networks. I simply have an Adtran router for each network. I could add a rule in the ACL to block all for that particular host and then an allow for each website... I would have to do this for 8+ routers. These devices will see more use
Transparent Proxy would be ideal. In this situation I cannot apply it.
Ex. "device a" is 192.168.66.85 and DNS is 192.168.1.3. My Squid Proxy is on 192.168.1.4.
If there was someway to "tie a zone" to a certain set of hosts...
Transparent Proxy would be ideal. In this situation I cannot apply it.
Ex. "device a" is 192.168.66.85 and DNS is 192.168.1.3. My Squid Proxy is on 192.168.1.4.
If there was someway to "tie a zone" to a certain set of hosts...
If you have multiple DNS servers you may be able to use a hybrid DNS solution. For example if device A has a MAC address of AA:BB:CC:DD:EE:FF, you could use DHCP to set a static reservation for AA:BB:CC:DD:EE:FF and set its DNS server as 192.168.x.x. This 192.168.x.x dns server could server its own ip addres for whatever dns zones you want blocked. For example you could have this DNS server host facebook.com. Any clients getting addresses through regular DHCP would resolve the regular address, any clients you have registered as 'blocked' would get 192.168.x.x from the alternative dns server. Just be sure you don't replicate zones from this blocked DNS service to the normal DNS servers
I found the solution.
For the community: Simply create Separate Views for the different Hosts/Groups of Hosts.
I ended up creating a view just for the specific Host that have been assigned via Static DHCP. I create a Root Zone that has an *. A Record. Works Like a Charm :)
Thank You All
For the community: Simply create Separate Views for the different Hosts/Groups of Hosts.
I ended up creating a view just for the specific Host that have been assigned via Static DHCP. I create a Root Zone that has an *. A Record. Works Like a Charm :)
Thank You All
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Understanding FTPS
File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month7 days, 15 hours left to enroll
617 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.