I understand that the Firewalla performs site blocking via DNS. What seems odd is that the destination IP is a specific remote IP rather than NXDOMAIN or maybe pointing at an alias for the firewalla itself -- and providing a mechanism to put up a 'sorry' page. Yes SSL certs would be an issue, but that seems better than pointing every blocked site at a specific remote instance.
Currently that IP exists and is refusing http/https connections. However it does mean if someone takes over that IP they could then see what everyone has blocked as clients would connect and send the Host: header.
What is the rationale behind using this IP as the destination for blocked sites?
Please sign in to leave a comment.