DNS Resolver: block entire domain except for one specific host
-
Hi. I have a newbie question.
I want to allow www.googleadservices.com, but block the rest of the *.googleadservices.com domain. How do I configure DNS Resolver to do that please?
I've read the other posts re blocking wildcard domains, but none of them deal with allowing a specific host within it. By "allow" I mean forward the DNS query to the DNS servers specified in the general setup.
If it's easier to do it in DNS Forwarder instead, that's fine.
Thanks,
Andrew
-
It's not 100% what you were asking for, but provided the IP remains correct, this should work
local-zone: "googleadservices.com" redirect local-data: "googleadservices.com IN A 0.0.0.0" local-zone: "www.googleadservices.com" redirect local-data: "www.googleadservices.com IN A 216.58.219.194" -
Thanks. I can see that sort of works, in that it assumes the IP address is static rather than forwarding on the query.
Is there no way, either in the resolver or forwarder, to make it pass on the look up request for the specific host please?
-
what? You want to claim ownership of a domain so that its not forwarded or resolved.. Yet query for 1 specific fqdn in that host in that domain.. Yeah no how would that work? You are either authoritative for the domain or your not.. This is not a firewall where you put in rules that are used in order, etc.
Trel example seems the closest your going to get..
-
OK, thanks, I'll do that then.
Sorry, I'm moving to pfSense from a Watchguard XTM series firewall and am just trying to replicate the rules I had there. On the Watchguard, there's a DNS Proxy where defining a series of hierarchical allow/deny rules is exactly what you do.
Andrew
-
Yeah pfsense does not have that feature. You can setup a dns forwarder or actual resolver.. Its not a dns proxy.
dns proxy would be something like palo alto has
https://live.paloaltonetworks.com/docs/DOC-4633
