Questions

Restrict web usage via DNS?

+
0 Votes
Locked

Restrict web usage via DNS?

soatone
Is there a way to restrict which websites a user or users can access on the DNS server? Essentially, what we want to do is allow access to specific web sites while denying access to others. My knowledge of DNS servers is fairly limited so please excuse me if what I am about to say is incorrect. I think that the only to restrict websites on the DNS server is to create a static zone on the server and only add the entries we want. However, we also want to accept updates from a third party DNS server, which would imply a dynamic zone.

I know this can be easily done using a web filter, but my company does not have the money or desire to pursue such a solution. Also, the DNS server will NOT be a Microsoft DNS server. At this point we?re not sure what we want to use. We?re looking at either an AS/400 DNS or some kind of Linux derivative. We?ve actually talked about just installing BIND 9 on a workstation. A recommendation would be appreciated.

I welcome your thoughts.
  • +
    0 Votes
    pc21geek

    I use a product that is called Endian Firewall http://www.endian.it/en/community/
    It is very robust and scaleable. It installs on an older pc with no problems. I use it at home to keep my teenage boys off " those sites ". Its open source and very easy to manage, configure and install.
    It has alot of functionality to it as well ( vpn, content filtering, proxy server, etc).

    I hope this helps you.

    Kevin

    +
    0 Votes
    Toivo Talikka

    The requirements you describe can be fulfilled by installing a web proxy product like Squid, see http://www.squid-cache.org. Squid is usually part of Linux distributions like Fefora. A few years ago I gave a second life to an obsolete PC by installing RedHat 9 with Squid for 100+ users.

    In Squid you can allow access to a list of sites, or block access to sites, for example all sites with the word 'mail' in the domain name. You can limit browsing to certain hours, or allow browsing during lunch and after hours. The management interface collects lots of useful data.

    A number of open source web appliances and firewall implementations use Squid.

  • +
    0 Votes
    pc21geek

    I use a product that is called Endian Firewall http://www.endian.it/en/community/
    It is very robust and scaleable. It installs on an older pc with no problems. I use it at home to keep my teenage boys off " those sites ". Its open source and very easy to manage, configure and install.
    It has alot of functionality to it as well ( vpn, content filtering, proxy server, etc).

    I hope this helps you.

    Kevin

    +
    0 Votes
    Toivo Talikka

    The requirements you describe can be fulfilled by installing a web proxy product like Squid, see http://www.squid-cache.org. Squid is usually part of Linux distributions like Fefora. A few years ago I gave a second life to an obsolete PC by installing RedHat 9 with Squid for 100+ users.

    In Squid you can allow access to a list of sites, or block access to sites, for example all sites with the word 'mail' in the domain name. You can limit browsing to certain hours, or allow browsing during lunch and after hours. The management interface collects lots of useful data.

    A number of open source web appliances and firewall implementations use Squid.