Secure DNS filtering
As implemented now, DNS filtering dos not cover cases where the nameserver provides multiple A records (https://lab.compute.dtu.dk/s181975/antibiotic-mud/blob/master/src/ace.py#L157). There are two ways I see this could be fixed:
- By retrieving all domain names instead of just one, and adding them all to the rules
- By watching DNS replies packets. It can either be done by a capture software such as tcpdump, or, if SDNs are used, through reactive rules on the switch
The second solution is smarter in terms of space.
Edited by s181975