Tips for building a root server?

Brad Knowles brad.knowles at skynet.be
Sat Oct 6 17:15:53 UTC 2001


At 9:48 AM -0600 10/5/01, Mike wrote:

>  It's not about abuse, it's about specific web sites offering a technology
>  that is an extreme security risk for my company.  We feel that it is time to
>  start allowing only certain sites, and not allowing any other sites.

	IMO, you're much better off doing this at the firewall/proxy than 
anything else.  There are plenty of proxy cache servers that will do 
filtering, based on a list you give them.  Doing so allows you to 
avoid a lot of the inherent danger in setting up your own internal 
roots, especially if you are doing so for the wrong reasons.

>  Okay, so I will build a proxy server, but which one should I use, Squid?
>  Can I use it to allow only certain domains to pass through to users, e.g.
>  allow cnn.com ??  I want to be able to build a list of domains that can be
>  accessed, and not worry about any other domains.

	There are versions of squid that should do exactly this.

-- 
Brad Knowles, <brad.knowles at skynet.be>

H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA


More information about the bind-users mailing list