You are not logged in.
- Topics: Active | Unanswered
#1 2012-03-14 12:06:49
- bergersau
- Member
- Registered: 2012-01-19
- Posts: 52
Dynamically configure different DNS server based on user login.
I've got two young sons and I'm looking to reconfigure the 'Family' desktop to give the older son his own user account.
I've only recently started with Arch on my personal netbook so the family desktop is still running Ubuntu. That will likely change next clean install though.
I'd like to set the DNS to OpenDNS 'family shield' for his usage but allow full access via a different DNS server such as google DNS (for example) for parental use without filtering.
I'd like this to switch auto magically based on the user login credentials if possible.
I understand the limitations of DNS filtering but my oldest son has never even heard of DNS much less being able to figure out how to circumvent it yet. I'll deal with that in several years when it becomes an issue...
Can anyone point me in the right direction?
Offline
#2 2012-03-15 06:51:57
- t1nk3r3r
- Member
- From: The Pacific Northwest
- Registered: 2011-03-22
- Posts: 79
Re: Dynamically configure different DNS server based on user login.
"DNS query results are sometimes cached by routers (e.g. typically local ISPs queries may be cached by ISPs home routers), the local operating system or applications..."
I'm no expert, but I don't know that DNS is the way to go in this situation.
Personally, I rely on iptables. When my son is old enough, I'll likely tag outbound packets by username. Then create a 'whitelist' of sites he can connect to. Finally blocking all other traffic. It may be a lot of work, but afaik theres no easy way around that method. I know there's a number of GUI frontends for iptables if you don't want to spend time on the command line. Start with the wiki article and take it slow if you're not familiar.
That's just one way...
--------------------------The only wasted day is one in which you learn nothing.--------------------------
Offline
#3 2012-03-15 09:21:00
- bergersau
- Member
- Registered: 2012-01-19
- Posts: 52
Re: Dynamically configure different DNS server based on user login.
Thanks,
It looks like I might have to set up a squid proxy with Dan's Guardian. I was hoping for a simpler solution though.
Offline
#4 2012-03-15 09:57:49
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,226
- Website
Re: Dynamically configure different DNS server based on user login.
Thanks,
It looks like I might have to set up a squid proxy with Dan's Guardian. I was hoping for a simpler solution though.
Dan's Guardian is going to be a whole lot simpler than hacking the system resolver to use different servers for different users.
You MIGHT be able to hack something with iptables, the NAT table and a DNAT in conjunction with the 'owner' module... Something like:
Set your "unrestricted" DNS server in /etc/resolv.conf and a rule like below...
I'll assume you set the Google servers; 8.8.8.8 and 8.8.4.4 and your son's usernames are 'brad' and 'tony'
iptables -t nat -A POSTROUTING -d 8.8.8.8 -m owner --uid-owner brad -j dnat --to 208.67.222.222
iptables -t nat -A POSTROUTING -d 8.8.4.4 -m owner --uid-owner brad -j dnat --to 208.67.220.220
iptables -t nat -A POSTROUTING -d 8.8.8.8 -m owner --uid-owner tony -j dnat --to 208.67.222.222
iptables -t nat -A POSTROUTING -d 8.8.4.4 -m owner --uid-owner tony -j dnat --to 208.67.220.220Untested and I don't guarantee that will work. You could tidy it up and bit using subchains etc, but I'll leave that as an exercise for the reader.... And I'd still recommend a filtering proxy over the above....
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline