Created
February 10, 2012 16:50
-
-
Save BretFisher/1790821 to your computer and use it in GitHub Desktop.
answer to SF question
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I'm a big fan of Dyn.com's free [Internet Guide][1] which takes all the work out of a content filter. NO SOFTWARE ON YOUR SERVERS. I consider them a very trustworthy company since I've been buying their products for over a decade with no issues to speak of. | |
1. create an account on their site | |
2. setup a policy using their Barracuda engine for which categories you want to block | |
3. tell them your external static router IP so they know who you are | |
4. Change the forwarders on your internal DNS server (or router) to use their DNS IP's for lookups | |
5. All clients are blocked at the DNS level and it only took you an hour (at most) to setup | |
A savy user could change their DNS to use another Internet DNS but you could block that access on port 53 if your firewall has egress filtering. | |
A savy user could also access websites by IP but that would be a edge case that I wouldn't worry about. | |
[1]: http://www.dyndns.com/services/dynguide/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment