Re: Aside from the obvious of blocking external DNS?

Home Page Forums Network Management ZeroShell DNS Proxy? Re: Aside from the obvious of blocking external DNS?

#53849

gordonf
Member

You’d have to set up two firewall rules: One on your input chain to allow traffic to your.zs.ip.addr/32:53 and one on your forwarding chain to deny traffic to 0.0.0.0/0:53. And then tell your users that using external DNS is against your terms of use.

That won’t stop people from trying to use external DNS on nonstandard ports, assuming they’re running a resolver that supports it. I wonder if there’s a Layer 7 filter for DNS.