On 13/10/10 12:13 PM, "Andrey G. Sergeev" <and...@aernet.ru> wrote:
> Hello Alans,
>
>
> Tue, 12 Oct 2010 16:52:15 +0300 Alans wrote:
>
>> On 10/12/2010 03:44 PM, Andrey G. Sergeev (AKA Andris) wrote:
>>> Hello Ian,
>>>
>>>
>>> Tue, 12 Oct 2010 10:54:19 +0100 "Ian Tait" wrote:
>>>
>>>>> Ok, but you can always browse by IP address and in this case
>>>>> there is no DNS server than can stop you from browsing what you
>>>>> want.
>>>>
>>>> Vaguely related, are host headers - a lot of webservers share an
>>>> IP address/many IP addresses and use host headers to 'display' the
>>>> correct website.
>>>>
>>>> You wouldn't be able to browse a particular website hosted in this
>>>> fashion, by IP address.
>>>
>>> If you know the website domain and the corresponding IP address and
>>> if your ISP prevents you from accessing this website by timing out
>>> or tampering DNS query results you can always put the entry like
>>>
>>> 192.168.10.20 www.domain.tld.
>>>
>>> to your hosts file and access the site.
>>>
>>> This technique is also in use when someone needs to access the site
>>> which is on a not delegated domains.
>>>
>> Even this way, you should know all the IP of subdomains to work
>> properly. Try it for facebook, open homepage fine but once you login
>> it will fail.
>
> If you can query at least one of the authoritative NS for the domain in
> question then you would have no problems determining the IP addresses
> you might need.
>
The straight forward answer to the original question is that BIND RPZ
features will allow you to isolate domains as requested. Noting that this is
_just_ DNS and as others have mentioned, that's hardly a solid wall of
unavailability for your blacklisted sites.
>> Another thing, we are talking about a technical person, for other
>> users they don't know about hosts file or they don't have access to
>> change it even it they know about it.
>
> Sure but please don't forget about the average level of computer skills
> of the audience the most "underground" sites have.
--
Kal Feher
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
