[Chugalug] Need traffic filter solution

Dave Brockman dave at brockmans.com
Wed Nov 7 14:08:35 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/7/2012 8:57 AM, Benjamin Stewart wrote:
> I don't think that's right. OpenDNS can only redirect queries that
> are directed towards it, so no, if you've hard-coded another DNS
> provider on your machine, that machine would not be filtered.

The question was whether or not OpenDNS still blocks pr0n if you
hard-code Google's DNS servers.  OpenDNS servers still block the pr0n,
but the hard-coded Google DNS entry isn't asking.  OpenDNS still
works, it has been circumvented however.  The question wasn't whether
or not a particular machine can reach pr0n.... More of a "thump" on
John's head for asking such silly questions that are rather easy to
test for ones self in a matter of about the time it took to compose
the email itself.

> You can, however, write a firewall rule that funnels all DNS
> requests back to OpenDNS or wherever you want them to go.

I usually find it easier to block DNS queries (udp/53 AND tcp/53)
outbound except to your preferred servers (if External) or completely
if Internal.  I have yet to find a DNS ALG that properly parses DNSSEC
correctly, adding a redirect layer only adds to the confusion.  YMMV.

Regards,

dtb


- -- 
"Some things in life can never be fully appreciated nor
understood unless experienced firsthand. Some things in
networking can never be fully understood by someone who neither
builds commercial networking equipment nor runs an operational
network."  RFC 1925
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCaa2IACgkQABP1RO+tr2T01ACcDZtnxBIL8AyLTx3z0cr+D+jG
u0QAoKhn5tIv5QyzIKSIWA10cU8JK/rS
=IuEE
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list