Quote:
Originally Posted by jggimi
If you're ever concerned about unauthorized traffic getting past your firewall using the domain name resolution destination ports (UDP 53, TCP 53), you have some choices. You could:
- Only pass traffic to your selected nameservers.
- Redirect the traffic to your selected nameservers.
- Redirect the traffic to your own nameserver, and resolve names to addresses of your own desire.
|
I like these ideas alot. I have been wanting to learn BIND for local dns.
Can I configure bind to play nice with authpf? If the user is authenticated cache the nslookup (of it not, look it up from 4.4.4.4). If the user has not authenticated then route them to some kind of dummy dns?