Use DNS to block certain users

[montebear]

How would I go about identifying a users mac address with a DNS server
(because if two or more machines are using the same router but only one of the computers is restricted you can't tell by the IP)
and how would I only block the website for that person?
The current OS is ubuntu 12.04.4 x64 but I have permission to change it if required.
The server is on the digital ocean cloud.

 

[randomizer]

If you have access to the router you may be able to view its its ARP table (which maps an IP address to a MAC address). But that won't help you because the MAC address doesn't leave the LAN, so your server will never see it.

 

[ex_bubblehead]

What specifically are you trying to do?

 

[montebear]

I spoke with my boss and I think the best thing to do would have an application set up a proxy server that runs in the background on their machines that they connect to and we then use the unique proxies to identify the user. It's basically a parental controls thing for the internet that customers can customize to block certain websites for their children but if we just blocked the ip it would block all of the users that are connected to the same router. So we need to find a way around that.

 

[montebear]

If you have access to the router you may be able to view its its ARP table (which maps an IP address to a MAC address). But that won't help you because the MAC address doesn't leave the LAN, so your server will never see it.

I don't think we would have access to their router.

 

[randomizer]

I don't think we would have access to their router.

I should hope not!

 

[stillblue]

Still not quite sure what you want to do.
You could put squid3 on your ubuntu server and that would allow MAC control but that would be on a local server. If your server is in the cloud I should think you'll have to use access control lists with usernames and passwords, but if that's the case then you can't block anything because they'd just not login to you and go straight to the restricted sites. If everyone does go through a local server then squid3 in transparent mode is what you want.

 

[montebear]

Still not quite sure what you want to do.
You could put squid3 on your ubuntu server and that would allow MAC control but that would be on a local server. If your server is in the cloud I should think you'll have to use access control lists with usernames and passwords, but if that's the case then you can't block anything because they'd just not login to you and go straight to the restricted sites. If everyone does go through a local server then squid3 in transparent mode is what you want.

I heard that transparent mode in squid3 has problems. Would using IDent in squidguard be a viable option to use with squid?

 

[montebear]

Still not quite sure what you want to do.
You could put squid3 on your ubuntu server and that would allow MAC control but that would be on a local server. If your server is in the cloud I should think you'll have to use access control lists with usernames and passwords, but if that's the case then you can't block anything because they'd just not login to you and go straight to the restricted sites. If everyone does go through a local server then squid3 in transparent mode is what you want.

Do you have a link to a site with a tut on how to use it to get the mac address of each machine connecting through the local server? We would have it on an internal server and then run the proxy through our DNS in the cloud (I think). Would an internal DNS be able to get the mac address?

Just as an update, we are thinking of setting up a raspberrypi to run the local server on.