Re: DNS Protection
Re: DNS Protection
- Subject: Re: DNS Protection
- From: Josh Graessley <email@hidden>
- Date: Mon, 08 Dec 2008 11:41:32 -0800
On Dec 8, 2008, at 11:37 AM, Jens Alfke wrote:
On Dec 8, 2008, at 6:02 AM, Tom Fortmann wrote:
I’m working on a security product and we would like to add a DNS
protection features. In a nutshell, for specific URLs we would
like to redirect the DNS resolution to a different trusted DNS
server, and for other URLs allow them to flow through the normal
resolution process. Initially, we just want to secure Safari
browser sessions, although a method that protects the resolution by
any network application would be preferred.
We'll have to trust you that you're implementing a security product,
since various types of malware also do exactly this same thing, to
direct users to fake sites... ;-)
Does anyone know of an interface either in Safari/Webkit or in the
OS X network layer?
WebKit uses the HTTP protocol implementation in the CFNetwork
framework, which probably calls the standard POSIX resolver APIs
like gethostbyname. In the end, the DirectoryService daemon does the
resolution and lookups.
DirectoryServices is pretty complex, and ties into things like
OpenDirectory in addition to DNS. There may be a way to install some
kind of plug-in that can filter DNS requests or direct them to
specific servers; I'm not sure. I think there is documentation of
DirectoryServices in the ADC library.
Another possibility is to run a local HTTP proxy server on the
user's machine and change the user's proxy settings to point to it.
It may also be possible to register a primary dns server or a domain
specific DNS server on the loopback address so all DNS queries will be
sent to your resolver running locally.
-josh
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden