So, the OpenDNS was mentioned on this list a few days ago. I use this
service and the mention on this list prompted me to check my settings to
make sure that I was still appropriately blocking access to web site
categories. And it started me thinking... it would be easy for
a savvy user to reconfigure their client DNS settings such that it no
longer pointed to 192.168.1.1 (or whatever AstLinux is on your network, or
whavever DHCP returned_) and instead pointed to a public DNS server, maybe
my ISP's DNS server.
So... is there a way to configure the AstLinux firewall to block DNS
requests from any internal client to any external DNS server? In other
words, enforce internal clients to use the AstLinux DNS server. For extra
credit... a rule that would never-the-less permit access to the OpenDNS
servers 208.67.222.222 and 208.67.220.220.
Thanks,
David
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
