On 7/24/2012 8:32 PM, Emiliano Vazquez wrote:
Hi to everyone!
I'm stuck with this!
I need to do the following but i did not find the real solution.
My problem:
I need to block some IPs from the LAN to specific places, like
"Facebook.com"
I do this with Squid but https transport is encripted and never goes to
Squid. There are some news about interception of this port (443) but
this is un newers version of squid (3.2.x)
I wan't know if you know some tipe of configuration of Bind9 to do
something like "OpenDNS" who give us this solution.
I need to do:
IP 192.168.1.10 Block access to https://www.facebook.com &
http://www.facebook.com
IP 192.168.1.11 Full access without limitations.
IP 192.168.1.12 Block access to https://www.gmail.com &
http://www.gmail.com
I follow the instructions from this link
http://www.deer-run.com/~hal/sysadmin/dns-advert.html and get it working
but the DNS act for all the machines in the network.
It's possible to make what i wan't to do?
Best regards and thanks for share your time.
Emiliano.
well on a dns level will be nice to block it but if the user will have
access to some dns anywhere in the world in any way he can just use some
basic browser tricks to make this dns setup stupid.
i think it's better to use a proxy\fw to block these sites.
you can use let say squid and use some nice and good acls to do all your
the tricks you need.
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
