Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@Condor And no I'm not typing commands on a server haha.
The php program listens on port 53, receives dns queries, looks if they're on a local blacklist and if so returns 0.0.0.0
If they're not on any local blacklist it proxies it through to another name/dns server and returns the data to the requester. -
@Condor It's not for web applications specifically so I wouldn't call it a waf (for those who don't know: Web Application Firewall).
It's pretty much a nameserver which you can query and if the queried domain contains a blocked word or the entire domain is in a blacklist, an A record (0.0.0.0) is returned. If not, the actual records are requested and sent back to the requester.
As far as I'm aware, iptables/netfilter can't 'block' dns queries based on words or domains? -
@Condor thanks! I'll release it as open source when I'm far enough for it to be usable :)
-
donuts238486yWhat if the firewall accidentally blocked all the calls....
Yes sorta random except I had something similar just happen to me. Other OS' new battery optimization silently blocked alerts I actually wanted.... Caused me to miss meds on time for a few days... -
@billgates Then somebody has access to my server and then I'd have far bigger problems!
When I'm on call and its weekend, I'm often a little nervous the entire weekend and time seems to go slow.
Programming on the dns proxy/firewall now and time is suddenly going quite faster.
This is a damn relieve.
rant