Difference between Squid ACL vs DNSBL

Started by ArminF, February 11, 2020, 09:45:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 11, 2020, 09:45:02 PM Last Edit: February 11, 2020, 10:01:59 PM by ArminF
Hello,
what is the difference between using Squid with ACL blocklists (URL, Malware, Suspicious Sources) and DNSBL through a DNS like Unbound or bind?
Does it make sense to run both parallel? As far i understood both strategies act the same.

thank you!
A
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!
February 11, 2020, 10:41:59 PM #1
Similar, yes, but in theory you could also use URIs with Squid
February 12, 2020, 10:12:28 AM #2
Unbound or bind only block DNS requests. If a client connects on an IP address (e.g. through a hosts file) they will bypass the block.

Allowing only outbound HTTP(S) from Squid plugs that hole.

You can use both to improve performance, since a lot of blacklisted DNS requests will be cached.

Bart...
February 12, 2020, 10:15:47 AM #3
Gentlemen,

thank you very mich for your kind help and explanation!

Will go configure and test further.
Also started to document my changes.

thank you
armin
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!
Print
Go Up Pages1
User actions