Block some users with Bind9

Emiliano Vazquez emilianovazquez at
Wed Jul 25 23:22:33 UTC 2012

> block udp dst port 53 is good but you must to take in account that maybe
> some of your services\servers needs this access for whatever reason
> there is.
That's true.

> if you are using squid in transparent mode it's good enough for basic
> http blocking.
> to block HTTPS you will need to force your users to use the proxy server
> using some WPAD + DHCP \ Group policy.

> either of them can lead to some problems so you can test it first and
> see if it's for you.
> there is an option of SSL-BUMP in squid that can take a lot off  but you
> must install the local root-ca on all the clients computers.
I read some articles about this but never give a try yet.

> i suggest for you to first implement the basic allow\deny acls in squid
> for the intercepted traffic and later see what is the effect.
> Regards,
> Eliezer
At the moment if i send 443tcp traficc to squid i got and "unknow 
request" on access.log.

Thanks for your time Eliezer

Best regards.

Emiliano Vazquez | PcCentro Informatica & CCTV
Office: +54 (11) 4951-0203 Interno 4
Movil: 011-15-6253-7165
Mail: emilianovazquez at

More information about the bind-users mailing list