Maintained by: NLnet Labs

[Unbound-users] Whitelist some domains, blacklist everything else

Carsten Krüger
Sun May 16 20:36:44 CEST 2010


Hello,

> Well, I wouldn't be so strict, something like this could probably be done
> using forwarding:

> name: whitelist1.dom
>   forward-addr: 1.2.3.4

> name: whitelist2.dom
>   forward-addr: 1.2.3.4

> name: .
>   forward-addr: <ip_of_dummy_nameserver_returning always nxdomain, f.e.
> running on 127.0.0.2>

Thanks.

> Implement transparent HTTP proxy with block list or even simple firewall
> rules are better.

Not trivial on single windows workstation.

> Protection on DNS level is very fragile and probably could
> be easily circumvented if not implemented together with strict firewall
> rules.

I know.

greetings
Carsten