Hacker News new | ask | show | jobs
by toredash 68 days ago
Is there any DNS based software to do block/allow? Kinda lika what's present in CiliumNetworkPolicies in Kubernetes networking?
3 comments
M95D 68 days ago
Yes, PiHole is the most common, but malware can easily bypass that using shared domains, P2P or IP addresses directly.

Use a filtering proxy instead and no gateway / route to the internet.

link
chupasaurus 67 days ago
1) Dnsmasq, you don't need the whole PiHole for that.

2) You're advising security through obscurity instead of a network namespace + firewall.

link
M95D 66 days ago
Please explain #2. How is a filtering proxy security through obscurity?
link
Milpotel 68 days ago
You mean like PiHole or AdGuard?
link
gus_ 67 days ago
OpenSnitch (+ block lists) ;)

or DNS stubs with filtering capabilities.

link