DNS spoofing / DNS forgery
Hi all,
I have a DNS server that is master for some public domains. We also have clients that use the DNS server as their lookup server.
For security issues we use dnsmasq to redirect some sites to a webpage that indicates that the site is not accepted.
I have setted the dnsmasq before the named service. But this means that all internet clients can use our DNS server to query requests which is not good. I want to restrict the possible query requests to only our client networks.
I had a filter setted up under the named service:
allow-recursion { localhost; x.x.x.x/24; y.y.y.y/24; }; Dnsmasq uses
the port 53 and if no match is made on the blocked list he forwards it
to himself on port 5353 where the named.service runs.
The named service sees the request as coming from localhost and does the recursion.
I have asked if this is possible with dnsmasq but no positive response so far. Anyone knows any other solution that might work? If something is unclear then I can explain in more detail.
Distro:
Fedora release 17 (Beefy Miracle)
NAME=Fedora
VERSION="17 (Beefy Miracle)"
ID=fedora
VERSION_ID=17
PRETTY_NAME="Fedora 17 (Beefy Miracle)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:fedoraproject:fedora:17"
Fedora release 17 (Beefy Miracle)
Fedora release 17 (Beefy Miracle)
Best Regards
|