On Wed, 8 Nov 1995, Don Lewis wrote:
> On Nov 8, 3:06pm, Mike Culver wrote:
> } Subject: Restricting URL's
> } Think I hit on such a simple way to restrict URL's that we all looked right
> } past it! Yes, I see all the "buts" associated with this approach, but after
> } all it's free, simple, and will trip up the average attempt.
> }
> } I'm assuming that most users use DNS with name resolution, instead of IP
> } addresses.
>
> security through obscurity
>
> } To deny resolution to sex.com, simply add an entry to named.boot for
> } bogusns. This directive will tell your DNS that the name server for sex.com
> } is bogus, and your DNS will never ask sex.com's DNS anything.
>
> This won't work so well if the name server in question is ns.uu.net or
> some other server that serves a lot of zones that you probably still
> want to access.
>
> --- Truck
>
You are correct based on your "if". Wouldn't this approach work if the
site in question had an internal DNS server with forwarding to an
external server (so-called split DNS) for any unresolved names? The
internal name server would resolve internal names as necessary and
"handle" any external names that were to be restricted.
**** cjolley @
iac .
net <Carl Jolley>
**** All opinions are my own and not necessarily those of my employer ****
References:
|
|
