/* Quoth Tony Despain <[EMAIL PROTECTED]> on Thu, 29 Apr 2004 at 14:42 -0600 in <[EMAIL PROTECTED]> */
> Does anyone know if it is possible to restrict a private network from > accessing websites on the internet by configuring bind 9 a certain way? No. > I only want to allow them the ability to query one domain. You can probably do that. DNS is only one step in 'getting' to websites on the internet. Breaking DNS may be enough to stop na�ve users from going where you don't want them to, but will give you a false sense of security (not to mention a broken DNS, and breaking things is never ever the right way to go about security). The internet is used for other things besides web, and you may find that you've opened pandora's box and your job administering the network just got a lot harder once you've broken DNS. If you just want to restrict surfing, the best way is probably to configure a proxy (e.g. squid or dansguardian with squid backend) and disallow everything except from a whitelist including your pet domain and anything else you find necessary in the future. A lot easier and more instant than changing your DNS. Then set up a firewall that only allows http to go through your proxy's route, and configure the clients with a proxy server and/or set up a wpad. > _________________________________________________________________ > FREE pop-up blocking with the new MSN Toolbar ? get it now! > http://toolbar.msn.com/go/onm00200415ave/direct/01/ I'll go get it right away! -- .O. Hans Fugal | De gustibus non disputandum est. ..O http://hans.fugal.net | Debian, vim, mutt, ruby, text, gpg OOO | WindowMaker, gaim, UTF-8, RISC, JS Bach --------------------------------------------------------------------- GnuPG Fingerprint: 6940 87C5 6610 567F 1E95 CB5E FC98 E8CD E0AA D460
signature.asc
Description: Digital signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
