Force DNS lookup even for direct IP access

pcunite · December 21, 2013, 4:28pm

Topic:
Using MikroTik to force DNS lookup even when browsing to a direct IP address.

Problem:
I would like to content filter a network without resorting to a full blown proxy server, if possible. We’re currently using OpenDNS dns servers and they work fine. However, typing a blocked domain’s ip address directly into a browser still allows access, naturally.

Solution ?:
What I would like to do is always do a DNS lookup (unless cached) this way OpenDNS can respond first. If that’s not possible I suppose I could use the Web Proxy within MikroTik and do a regex for dotted IP URLs?

efaden · December 21, 2013, 5:08pm

As far as I know you can’t. You could try doing a layer 7. But that will be far from ideal.

Sent from my SCH-I545 using Tapatalk

pcunite · December 21, 2013, 5:45pm

This really stinks … google defaults SafeSearch to off. Thus I need to append ?safe=active to every query. Looking like a proxy is the only way. Does anyone have any recommendations? I’d like to stay with MikroTik if I could. I need edge protection as I can’t control the wireless devices that come into the area. We’re trying to limit teens from random internet access.

efaden · December 21, 2013, 8:33pm

Force a proxy. Basically the only way I can think of… or blacklist IPs.

You can’t do the DNS method you inquired about since the resolving is left up to the client. If the user types http:// into the browser the browser will never even do a DNS hit because it isn’t needed.