Block some users with Bind9

[Michael Hoskins (michoski)]

I would try using RPZ with a combination of views and match-clients.

http://jpmens.net/2011/04/26/how-to-configure-your-bind-resolvers-to-lie-us
ing-response-policy-zones-rpz/


-----Original Message-----
From: Emiliano Vazquez <emilianovazquez at gmail.com>
Organization: PcCentro Informatica & CCTV
Date: Tuesday, July 24, 2012 10:32 AM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Block some users with Bind9

>Hi to everyone!
>I'm stuck with this!
>
>I need to do the following but i did not find the real solution.
>
>My problem:
>
>I need to block some IPs from the LAN to specific places, like
>"Facebook.com"
>
>I do this with Squid but https transport is encripted and never goes to
>Squid. There are some news about interception of this port (443) but
>this is un newers version of squid (3.2.x)
>
>I wan't know if you know some tipe of configuration of Bind9 to do
>something like "OpenDNS" who give us this solution.
>
>I need to do:
>
>IP 192.168.1.10  Block access to https://www.facebook.com &
>http://www.facebook.com
>IP 192.168.1.11  Full access without limitations.
>IP 192.168.1.12  Block access to https://www.gmail.com &
>http://www.gmail.com
>
>I follow the instructions from this link
>http://www.deer-run.com/~hal/sysadmin/dns-advert.html and get it working
>but the DNS act for all the machines in the network.
>
>It's possible to make what i wan't to do?
>
>Best regards and thanks for share your time.
>
>Emiliano.
>
>-- 
>Emiliano Vazquez | PcCentro Informatica & CCTV
>Office: +54 (11) 4951-0203 Interno 4
>Movil: 011-15-6253-7165
>Mail: emilianovazquez at gmail.com
>Web: http://www.pccentro.com.ar
>
>_______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe from this list
>
>bind-users mailing list
>bind-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users