Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

DNS Redirect on OS X 10.6

Les Kern

Les Kern

macrumors 68040
Original poster
Apr 26, 2002
3,063
76
Alabama
Was wondering how to set up a redirect of an external domain internally on my DNS server.
For instance, I need to direct all SSL traffic requests for https://www.google.com to http://www.google.com, same for Youtube.

Reason: Google owns Youtube, Youtube kills bandwidth and porn is readily available, at least images. (Our motto: Just add that S!).
Until I set up deep packet inspection using a locally installed cert and my Cymphonic box I need to be able to block the ability for students to bypass. I have 1/2 of a school year to go.
Thanks for any guidance... from a guy who doesn't believe in filtering but doesn't pay himself.
 
C

chris.k

macrumors member
May 22, 2013
91
1
YSSY
That can't be solved by DNS alone. (Unless you "wall garden" everything per se, but that doesn't help here)

Name servers are oblivious to the Http/https portion of the URL request.

You'd need to hijack the TCP/443 or TCP/80 request and insert your own "301 Redirect". A squid proxy cache may be able to do this, or yeah, one of the more expensive Router/Firewall/DPI boxes. (Juniper SRX, Cisco ASA etc..)

DNS overwrite alone won't cut it I believe.


Edit: on second thought, if you want to block the sites completely, just setup an Authoritative Zone for google.com or YouTube.com on your local DNS and return unroutable addresses.

You'd also have to block all outgoing DNS requests from everything but your DNS server. Also ensure to change the DHCP info to have all your students use your local DNS.
 
Les Kern

Les Kern

macrumors 68040
Original poster
Apr 26, 2002
3,063
76
Alabama
chris.k said:
That can't be solved by DNS alone. (Unless you "wall garden" everything per se, but that doesn't help here)

Name servers are oblivious to the Http/https portion of the URL request.

You'd need to hijack the TCP/443 or TCP/80 request and insert your own "301 Redirect". A squid proxy cache may be able to do this, or yeah, one of the more expensive Router/Firewall/DPI boxes. (Juniper SRX, Cisco ASA etc..)

DNS overwrite alone won't cut it I believe.


Edit: on second thought, if you want to block the sites completely, just setup an Authoritative Zone for google.com or YouTube.com on your local DNS and return unroutable addresses.

You'd also have to block all outgoing DNS requests from everything but your DNS server. Also ensure to change the DHCP info to have all your students use your local DNS.
Click to expand...

Sounds like a plan. I use two internal DNS servers, one a master crossing to another subnet to a replica. This should be easy. Didn't think DNA alone was possible but I was hoping.
Thanks so much.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom