The Importance of DNS and How to Leverage It

October 9th, 2009

A question was posted on the m0n0wall mailing list recently about using it to block LAN access to certain websites.

M0n0wall isn't designed to do this, but with some specific settings, it can. I've used m0n0wall to block mistyped URLs from ending up at Agoga.

I also explained how I might achieve something similar like blocking all access to a domain that has multiple sub-domains and is multi-homed across several IP subnets:

The reject rule is only faster with regard to the browser's response, not the setup. The browser's "thinking icon" will keep spinning if its request packets are silently dropped. If they are rejected, the browser should immediately respond back to the user saying the page cannot be displayed.

If I were trying to do what you describe, I would use the DNS Forwarder -> Domain Override to point DNS queries to * to a private authoritative DNS server which responds with a single IP address to which access through the firewall from the LAN is denied.

Yearly Indexes: 2003 2004 2006 2007 2008 2009 2010 2011 2012 2013 2015 2019 2020 2022