Some firewalls blocks domains on DNS level. It stops getting IP addresses by ping or other DNS query for those blocked domains.
I tried creating a firewall using iptables, but it still sends an IP address back in a ping request response.
I was thinking of some rules that will filter DNS packets based on contents, and haven't found a way to do it. Is there any other way to do it?
If you have access to DNS server, you can setup Response Policy Zones (RPZ).
If you need to do it with iptables, check this out: Stack Overflow: iptables rules to allow DNS queries for a specific domain name
If you're using BIND, an alternate means would be to set up a non-recursive DNS (i.e., the global forwarders statement turned off) and then set up stub zones which point to the proper DNS servers for those domains. In either case (configuring IPTables
