Does DNS Redirection Bypass DNSBL?
-
If I am redirecting all DNS Requests to pfSense as specified in this How-To,will DNSBL be by passed or will the DNSBL still take effects?
-
If you are redirecting DNS Requests to a pfsense with DNSBL enabled, then DNSBL will NOT be bypassed.
-
Thanks. Yes, I am redirecting to pfSense so that all DNS requests goes through DNSBL.
-
Why would someone want to do this?
-
I am doing this to ensure that all DNS requests goes through my local DNS resolver and any DNS servers that I have configured to be the upstream DNS. Some clients can manually set their DNS settings and this will prevent that attempt to by-pass my DNS policy.
For example, for a family with children, the parents may want to use OpenDNS to implement some parental filtering. A smart teenager may by-pass OpenDNS by specifying the Google DNS on their client. This redirection will intercept all DNS queries and ensure that OpenDNS is used.
I personally use pfBlocerNG with DNSBL to block access to sites that are on the lists that I have configured. I discovered that some Google devices have Google's DNS hardcoded into their firmware to reach Google's data collection servers. This redirection ensure that these devices don't circumvent my blocked lists. Off course this does nothing if the IP address is hardcoded, but then I hope pfBlockerNG IPv4 and Ipv6 feature will prevent those scenarios.
-
That's one way, the nice way. Another way is to simply put in a firewall block on port 53 except for pfSense and let your kids figure out why they can't get anywhere.
