I was trying to figure out if openDNS has a blocking category to match all web nslookup and web whois sites out there, but to my surprise, I found no such category... Blocking DNS lookup sites is critical!
The problem: Let's suppose we have enabled web filtering for the category "WEAPONS". A user can visit (for example) www.dnsqueries.com and resolve a DNS name like www.guns.com to its IP address, 220.127.116.11. Then he can very easily enter this IP address in his browser, instead of www.guns.com. The browser will override the dns query, and will visit directly http://18.104.22.168/. The page will load and the result is that the user will access a website which normally should have been filtered!
Solution: There must be added a "WEB DNS LOOKUP/WHOIS" category, and be populated with some dozens of the most popular DNS lookup sites like: network-tools.com, www.webdnstools.com, www.zoneedit.com, dnsqueries.com, etc. Furthermore, this category should be enabled by default, or at least be strongly recommended, when an administrator enables web filtering even for a single category.
Please sign in to leave a comment.