tag:blogger.com,1999:blog-18697195.post8359779453933289690..comments2023-12-09T05:49:32.261+01:00Comments on Paul Cobbaut's blog: using bind to block domainsPaul Cobbauthttp://www.blogger.com/profile/12690770983694921987noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-18697195.post-44443623883078238652012-09-02T19:13:02.017+02:002012-09-02T19:13:02.017+02:00@Wouter: I know, thanks anyway.
When will you mak...@Wouter: I know, thanks anyway.<br /><br />When will you make another move ? (or just surrender and I 'll open with 1. b3)Paul Cobbauthttps://www.blogger.com/profile/12690770983694921987noreply@blogger.comtag:blogger.com,1999:blog-18697195.post-48077943243837191252012-09-02T12:49:35.026+02:002012-09-02T12:49:35.026+02:00If you really (really) want to block certain sites...If you really (really) want to block certain sites, the best way is a combination of a firewall and a proxyserver with a blacklist. DNS tricks can be worked around; to do the same with firewalls is hard.wouter verhelstnoreply@blogger.comtag:blogger.com,1999:blog-18697195.post-68736112187787280492012-09-02T10:55:09.569+02:002012-09-02T10:55:09.569+02:00Thanks for both tips!Thanks for both tips!Paul Cobbauthttps://www.blogger.com/profile/12690770983694921987noreply@blogger.comtag:blogger.com,1999:blog-18697195.post-16283065851224326532012-09-02T10:45:07.876+02:002012-09-02T10:45:07.876+02:00returning 127.0.0.1 will either yield a timeout in...returning 127.0.0.1 will either yield a timeout in the browser, or the user will see his own webserver; none of them indicates the real problem (i.e. this site is blocked).<br />I would set up a simple webserver serving a page "Not allowed" for every request, and point the DNS-records there.<br /><br />Note that this only works if the users are using this particular DNS-server, but you probably knew that already.<br /><br />Just a side-note: Your SOA-line should probably read:<br />@ IN SOA ns1.antwerp.local. paul\.cobbaut.gmail.com. (...)<br /><br />Unless you really are paul@cobbaut.gmail.com. Note the backslash in the email-address, and see <a href="http://tools.ietf.org/html/rfc1035#section-8" rel="nofollow">RFC1035</a> for details.Nioboshttp://blog.dest-unreach.be/noreply@blogger.com