Re: DNS Protection
Re: DNS Protection
- Subject: Re: DNS Protection
- From: Jens Alfke <email@hidden>
- Date: Mon, 8 Dec 2008 11:37:49 -0800
On Dec 8, 2008, at 6:02 AM, Tom Fortmann wrote:
I’m working on a security product and we would like to add a DNS
protection features. In a nutshell, for specific URLs we would like
to redirect the DNS resolution to a different trusted DNS server,
and for other URLs allow them to flow through the normal resolution
process. Initially, we just want to secure Safari browser sessions,
although a method that protects the resolution by any network
application would be preferred.
We'll have to trust you that you're implementing a security product,
since various types of malware also do exactly this same thing, to
direct users to fake sites... ;-)
Does anyone know of an interface either in Safari/Webkit or in the
OS X network layer?
WebKit uses the HTTP protocol implementation in the CFNetwork
framework, which probably calls the standard POSIX resolver APIs like
gethostbyname. In the end, the DirectoryService daemon does the
resolution and lookups.
DirectoryServices is pretty complex, and ties into things like
OpenDirectory in addition to DNS. There may be a way to install some
kind of plug-in that can filter DNS requests or direct them to
specific servers; I'm not sure. I think there is documentation of
DirectoryServices in the ADC library.
Another possibility is to run a local HTTP proxy server on the user's
machine and change the user's proxy settings to point to it.
—Jens
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden