We want to copy and send the DNS requests of our one-armed hosted MT gateway to a company which checks these requests on vulnerabilities against their blacklist. (IPtables format)
The normal DNS requests will be handled as normal by an DNS server of a different company.
How can we achieve this?
Nobody?
Set their dns server ip address as the only one dns server in ip dns menu. Drop all other port 53 communication both tcp and udp. Set you router ip address as the only one dns server for your client devices. Switch the remote dns requests on. If it is for some part of network, give the external dns server address to these devices directly and block port 53 to other addresses.
Jarda, thank you for your answer.
Your solution could work, but we need the current DNS as content filter.
The vulnerability URL scanning DNS company does not perform a DNS service.
So you are asking to duplicate the requests and send a copy of the request to this company? How would this work? If they find that there is a problem, the client is already affected.
I can imagine that you can log the dns requests via logging rule to distant syslog server. So this would be the way how to send out all dns requests in real time. But it will not give you any filtering functionality. You will be just reporting.