DNS ACL

[fiveworlds]

Hi, I was wondering is there any dns program that allows you to implement access control lists to only certain webpages or ban certain ip addresses so that the attacker recieves a random loopback address instead of my ipaddress?

[koti]

Im sure there is some standalone software that can do that, at least logically it would seem that there has to be. Its probably a part of some bigger functiinality though...I've configured access lists on DNS on some HP rack server years ago and if I remember correctly it was a functionality within the servers network card dedicated software. Probably advanced servers can do this from within their configuration software. Couldnt you do it from within linux ?

[Sensei]

How about setting up any two DNS daemons at normal port, and at f.e. port+1. Or on two different machines in intranet.

Then in firewall set up rule that if IP address is connecting to modem-router-server at normal port, it's forwarded to port+1, and using completely different DNS daemon than somebody with legit IP.

Just a thought.

Edited July 7, 2017 by Sensei

[fiveworlds]

Then in firewall set up rule that if IP address is connecting to modem-router-server at normal port, it's forwarded to port+1, and using completely different DNS daemon than somebody with legit IP.​

 

 

That would definitely work.

 

servers network card dedicated software.

 

 

Yeah it appears as though alot of this is done by networking equipment. However most don't allow you to redirect the user to 127.0.0.1 or elsewhere they just deny the request.

Edited July 7, 2017 by fiveworlds

[Manticore]

Sounds like it might be fun. If I can find the time I'll have a play with that.