[dns-operations] Embedding MAC address in DNS requests for selective filtering
Robert Kisteleki
robert at ripe.net
Tue Jan 26 08:36:56 UTC 2016
>>> Alternately this could be implemented by having the DHCP server give
>>> the clients a different DNS server (possibly even in a different
>>> subnet, if you wanted to do actual isolation instead of DNS filtering
>>> theater).
>>
>> Hi, Shane:
>>
>> If I understand correctly, this would only really work with a very
>> limited number of filtering options, say "filtered" and "unfiltered".
>> But the DNS filtering vendors give you a lot more flexibility than that.
>> E.g., this is OpenDNS's "Web Content Filtering" configuration panel:
>>
>> https://i.imgur.com/wGwNHl7.png
>
> Fair enough. Bert's description of filtering the kids' iPads but being
> able to still see the unfiltered network made me think of simple
> rule-sets.
Since there are fifty-something categories listed there, plus a few generic
options, one can encode all this in the host part of the v6 address of the
DNS resolver given to the client. That's way more than a boolean for
filtered/unfiltered. So your idea scales well! :-)
> I clearly don't have the proper mindset for censorship. :(
Don't worry, that's a feature!
Cheers,
Robert
> Cheers,
>
> --
> Shane
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
More information about the dns-operations
mailing list