From owner-freebsd-questions@FreeBSD.ORG Fri Dec 28 15:50:05 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1D5616A4C1 for ; Fri, 28 Dec 2007 15:50:05 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.freebsd.org (Postfix) with ESMTP id 7C04513C4E5 for ; Fri, 28 Dec 2007 15:50:05 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from localhost (localhost [127.0.0.1]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id lBSFni5x049476; Fri, 28 Dec 2007 09:49:44 -0600 (CST) (envelope-from kdk@daleco.biz) X-Virus-Scanned: amavisd-new at daleco.biz Received: from ezekiel.daleco.biz ([127.0.0.1]) by localhost (ezekiel.daleco.biz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id K0fJCAcKvmy2; Fri, 28 Dec 2007 09:49:38 -0600 (CST) Received: from archangel.daleco.biz (dsl.daleco.biz [209.125.108.70]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id lBSFnURG049470; Fri, 28 Dec 2007 09:49:32 -0600 (CST) (envelope-from kdk@daleco.biz) Message-ID: <47751B05.6080807@daleco.biz> Date: Fri, 28 Dec 2007 09:49:25 -0600 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.2) Gecko/20070418 SeaMonkey/1.1.1 MIME-Version: 1.0 To: Olivier Nicole References: <26ddd1750712271246j14795cf3wf8e9727f0f7cc148@mail.gmail.com> <47744048.6020202@daleco.biz> <26ddd1750712272037x594336efndcd136ee2101e3e7@mail.gmail.com> <200712280508.lBS58jLo022219@banyan.cs.ait.ac.th> In-Reply-To: <200712280508.lBS58jLo022219@banyan.cs.ait.ac.th> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Blocking undesirable domains using BIND X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Dec 2007 15:50:06 -0000 Olivier Nicole wrote: >> Again, I'm not trying to convince you otherwise or say that using >> BIND is a bad idea. It's just that I'm curious because we use >> Squid for this sort of thing, and I was wondering why BIND instead? > > I think another issue is that Squid will only filter HTTP/FTP > connections, while DNS would allow to filter any type of traffic that > would try to go to places with a bad name. > > Olivier In the absence of egress filtering on the firewall, that would definitely be an advantage. Does anyone use BIND for filtering in a small to medium business environment then? How does it perform? Kevin Kinsey -- I trust the first lion he meets will do his duty. -- J. P. Morgan on Teddy Roosevelt's safari