Im trying to setup a 'whitelist' DNS server for a small school network to prevent the kids accessing inappropriate sites (ie. students should only be able to access a pre-selected list of sites) and be forwarded to an access-denied page if they try accessing such a page.
Im aware this can be done using Squid3 but in this specific case its not a viable option.
I read the man named page as well as a number of tech sites and Im not having much luck. If any one could give me nudge in the right direction, I'd really appreciate it.
-Cheers
BIND is really unsuited to this scenario, since it is primarily a large-scale authoritative nameserver.
You could, of course, define forward zones for everything you wish to whitelist, and then have those zones resolved by a second instance, but that is convoluted beyond measure.
Just use a proxy with good access control, such as Squid-cache.