I'm new to DNS configuration in BIND. Today I'm using dnsmasq , for 300/400 users and iptables (in linux) but I want to migrate to FreeBSD, the only reason I can not is one rule in iptables to block youtube and other multimedia online services, the "string" rule
and later..
I know that is job of DNS server, and here is my question, I want this:
-make a mac addresses list based acl
-make a custom rule pointed to that list that forward youtube.com requests to another host in my internal network with a custom deny access page
-and grant access to the rest of the network to the real youtube.com
Is that possible in bind9?
iptables -A FORWARD -s xxx.xxx.xxx.xxx/16 -m string --string "youtube" --algo bm --to 443 -j DROP
and later..
iptables -A FORWARD -m mac --mac-source xx.xx.xx.xx.xx.xx -m string --string "youtube" --algo bm --to 443 -j ACCEPT
I know that is job of DNS server, and here is my question, I want this:
-make a mac addresses list based acl
-make a custom rule pointed to that list that forward youtube.com requests to another host in my internal network with a custom deny access page
-and grant access to the rest of the network to the real youtube.com
Is that possible in bind9?
Last edited by a moderator: