DNS Proxy?

Home Page Forums Network Management ZeroShell DNS Proxy?

This topic contains 2 replies, has 0 voices, and was last updated by  Nigrofasciatum 3 years, 7 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #44338

    Hi,

    Using ZS like Router/Firewall in my company, I want to redirect all DNS querys to my DNS Server (OpenDNS 208.67.222.222), even if the client has configured a static DNS server (ej 8.8.8.8). It´s a way to secure and filter web contents.

    I´ve configured DNS forwarder ANY (Server:208.67.222.222) but is not enough.

    Its any way to do this with ZS?

    Thanks

    #53849

    gordonf
    Member

    You’d have to set up two firewall rules: One on your input chain to allow traffic to your.zs.ip.addr/32:53 and one on your forwarding chain to deny traffic to 0.0.0.0/0:53. And then tell your users that using external DNS is against your terms of use.

    That won’t stop people from trying to use external DNS on nonstandard ports, assuming they’re running a resolver that supports it. I wonder if there’s a Layer 7 filter for DNS.

    #53850

    Thanks, but I was thinking in a way to set this process “transparent” for the users.

    My problem is bigger if I deny all DNS traffic; I can´t control users configuration.

    I dont want to deny traffic, only “redirect” the DNS request, like a proxy DNS .

    #53851

    gordonf
    Member

    Is this a corporate network or a public access network, or something along those lines? I would have expected blocking everything and then using some kind of proxy server (transparent or otherwise) would be standard procedure.

    If you’re using DHCP you control the DNS settings for clients already. If someone really needs a static address you can do reservations or even hand-configure a device and still specify a local DNS server.

    I guess I don’t understand why a company network would even give the illusion of letting its users use external services directly.

    If you’re trying to get around geofencing though, keep me away from that.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.