Block web nslookup, web dns lookup, web whois sites!

Comments

3 comments

  • Avatar
    rotblitz

    There are much more possibilities to find out an IP address for a domain, not just via these web tools.  Therefore all of this is not worth the efforts.

    And this is beyond the scope and feasibility of OpenDNS content filtering.  When entering an IP address, OpenDNS is not queried, so cannot block at all.  You can easily prevent users from using IP addresses locally.  Also, using IP addresses is not really a convenient way for circumvention.  Most websites do not display content at all or redirect to their domain name which is again controlled by OpenDNS.

    0
    Comment actions Permalink
  • Avatar
    cris_zamora

    I agree eliasbats here. All you have to do is lookup an IP address and add it to your hosts file to get full access to any site. This is a huge hole in the blocking functionality.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    As rotblitz said, using the IP address as a way to circumvent DNS is not very effective. Depending on how the web server is configured you either won't get anything or the page will only partially load. At some point while browing a site it's almost guaranteed that the domain is going to be reference again, requiring a DNS lookup, which means OpenDNS will control things again.

    @cris_Zamora What you describe is not a hole in OpenDNS or any or DNS services functionality. Adding a domain name and IP address to the hosts file is one of several things that would prevent a computer from doing a DNS lookup because it's not needed, so OpenDNS would not have a chance to block that domain.

    A website isn't even needed to do an nslookup, it's baked into the operating. And if your operating system doesn't already have whois installed it's a trivial matter to install software locally that does that as well.

     

    If you want to prevent people from modifying their hosts file or other system level settings like that you need to stop them from running the computer with full administrator permissions. Doing that will reduce or elminiate entirely a whole host of security vulnerabilities that have nothing to do with DNS as well. In short, if you want to restrict in any manner what someone can do on their computer you must ensure that they are running with user level permissions, not administrator permissions.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.