When a program such as a web browser is instructed by the computer user to visit a web page, a lot happens "under the hood".
The browser (typically) provides the operating system with a name, and expects an address.
Let's say that, when this happens (dnsapi.dll in windows; query.c in reactos source code, function DnsQuery_A or DnsQuery_W), the name is checked against a "rule" file or registry setting.
The structure of that file might look like this:
This would work the way firewall rules typically work: the code checks the current requested name against each item on the list, going down, until it finds a match, at which point it follows the directions.
A "blocked" request could be returned some sort of "permission denied" error.
Overall, the goal is to give computer administrators greater control over DNS. Would it be useful? I would appreciate such functionality on my OS.
How difficult would this be to implement? I've looked into doing this on Windows, but as Windows is closed source, getting something like this to function reliably (hooking anyone?) seems difficult.
The browser (typically) provides the operating system with a name, and expects an address.
Let's say that, when this happens (dnsapi.dll in windows; query.c in reactos source code, function DnsQuery_A or DnsQuery_W), the name is checked against a "rule" file or registry setting.
The structure of that file might look like this:
Code:
Block host1.domain1.example.com
Block *.domain2.example.com
Log Block malware.domain.net
Allow *
This would work the way firewall rules typically work: the code checks the current requested name against each item on the list, going down, until it finds a match, at which point it follows the directions.
A "blocked" request could be returned some sort of "permission denied" error.
Overall, the goal is to give computer administrators greater control over DNS. Would it be useful? I would appreciate such functionality on my OS.
How difficult would this be to implement? I've looked into doing this on Windows, but as Windows is closed source, getting something like this to function reliably (hooking anyone?) seems difficult.