Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 6 subscribers
  • Views 33836 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Top level domain via firewall?

tomrgsd

Is it possible to block a top level domain via a firewall rule?



This thread was automatically locked due to age.
Parents
  • 0

    Not, possible, Tom.  Name servers have no idea of what to do with anything other than an FQDN.  Do you have some new student that's found a way around Web Filtering?

    Cheers - Bob

  • 0 in reply to BAlfson

    Unfortunately, it's a constant battle with new sites popping up every minute. They seem to favor the .ru top level domain. I tried using country blocking, which seemed to help some, but some of the sites are registered with US IP addresses. It's always fine line between security and usability.

  • +1 in reply to tomrgsd

    How to Block Access to a Complete TLD

    Tom, I just though of a way to block access to anything with a TLD of ru. [6]

    On the 'Request Route' tab in 'Network Services >> DNS', create one for ru that points at a non-existant IP.  Once that's active, any attempt to get name resolution for an ru FQDN will hang for ten seconds and then report "unknown host" to the requesting application.  Note that this requires the UTM to be the first forwarder for your internal name server(s) and the second for devices getting DHCP from you.  You will want to use DNS Best Practice, and you might want to drop all outbound DNS requests.

    Cheers - Bob

    NOTE 2016-11-02: See my post below where I pass on a better idea from Sophos' Greg Hammond.

  • 0 in reply to BAlfson

    That's interesting. We not use the UTM for client DNS requests, but I could implement this at our primary DNS server inside our network. Thanks for the tip.

  • 0 in reply to tomrgsd

    Tom, look at the link I provided.  It suggests that the UTM be the first forwarder for your internal DNS server and the second assigned to clients after your internal DNS server.

    Cheers - Bob

Reply Children
No Data