• July 15, 2025, 11:11:26 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Security feature for dns  (Read 6545 times)

wannaplay

  • Level 2 Member
  • **
  • Posts: 28
Security feature for dns
« on: February 13, 2009, 04:30:20 PM »

Hi guys! Is it possible to restrict incoming traffic by dns and block all other external ip's that try to access my system? If not could this security feature be added in the future?
Logged

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494
Re: Security feature for dns
« Reply #1 on: February 15, 2009, 01:51:54 PM »

Why would you have such a feature? I think you ought to get a hardware firewall to do so. Remember this is a SOHO router...
Logged
DIR-655 H/W: A2 FW: 1.33

wannaplay

  • Level 2 Member
  • **
  • Posts: 28
Re: Security feature for dns
« Reply #2 on: February 27, 2009, 07:37:42 AM »

Sry, forgot about this post :-0. Anyway well there are no security features for dns. i.e. if someone knows ur dns, basically ur stuffed... they will always be able to find u and attack you, which is something i've had happen recently. A security feature which only allows those people u trust through some sort of dns allow/ deny feature, same thing as the ip's allow/deny feature on the router, would improve its security don't you think?

Yes i know that changing my dns would solve the problem, hypothetically say i can't at this moment change my dns, basically there isn't much that i would be able to do to protect myself against attacks...
Logged

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494
Re: Security feature for dns
« Reply #3 on: February 27, 2009, 10:11:37 AM »

DNS are shared and synced all over the world, it's the backbone of 'internet'... So where do you get the idea that 'someone who knows your DNS' can attack you? Do you perhaps mean 'IP address', because that would make more sense (although contentwise it does not when related to your remark).

You might wanna read some Wikipedia's first about how networking/the internet really works before you come up with a feature request...
Logged
DIR-655 H/W: A2 FW: 1.33

wannaplay

  • Level 2 Member
  • **
  • Posts: 28
Re: Security feature for dns
« Reply #4 on: February 27, 2009, 11:25:19 AM »

Well that is what i mean DNS related to an ip address i.e. domains created by DynDNS.com for example. I know for a fact that this feature is possible as i have it working at home on my linux box and would be quite an easy addition to the router.
Logged

lotacus

  • Level 4 Member
  • ****
  • Posts: 450
Re: Security feature for dns
« Reply #5 on: February 27, 2009, 11:50:24 AM »

I'm not sure what you mean. In the router, you can restrict incoming requests by ip's and ip ranges. If you have a linux box, then just have that behind the router and do your thing with IPtables, and it's own dns server with a forward lookup zone.

If you have a DNS server setup somewhere else, then perhaps you can use that and use some sort of IPsec or something to secure DNS lookups.

You may even want to email OpenDNS and see what options they have. I do believe they offer secure dns. however, as you stated, anyone will be able to get your ip address, but they would have to take interest in you in order to be motivated to find your ipaddress and use it for whatever reason you gave them to attack you.

So, you may want to stay out of other peoples boxes.
Logged

wannaplay

  • Level 2 Member
  • **
  • Posts: 28
Re: Security feature for dns
« Reply #6 on: February 27, 2009, 12:48:41 PM »

"If you have a linux box, then just have that behind the router and do your thing with IPtables, and it's own dns server with a forward lookup zone."

I see, i didn't know this could be done. Thank you for your help guys. :)
Logged