Block domains via DNS 1

[MarkatLMFJ]

Howdy all,

My company would like to find an inexpensive and easy way to block sites such as qvc.com (since we are a competitor), myspace, facebook etc. I am doing some stuff on particular problem computers by using the hosts file but MS Antispyware throws a fit when I remotely update a hosts file. I also have to get every single sub domain they have *ugh*.

We use windows for DNS; is there any way to add a rule for say all of myspace.com to resolve to an internal ip address (of our intranet). I know this can be bypassed by IP address but my users are not that smart.

--Mark

 

[LWComputingMVP]

Just add a zone for them in your Windows DNS. I block doubleclick this way. When your clients ask for the DNS info, the DNS server will say "hey, I've got that zone - oh, I can't find that host, sorry

 

[MarkatLMFJ]

lwcomputing: would you mind being more specific?

ML

 

[LWComputingMVP]

In DNS Management, go to Forward Lookup Zones, right click, create a new zone, and fill in the details for the domain name you don't want to available. Repeat procedure for each domain you want to block.

A properly managed network and the users won't be able to get around this.

 

[MarkatLMFJ]

Ok, is it just going to come up as not found or can I send them all to an internal website?
ml

 

[LWComputingMVP]

Whatever you want. Add a

http://www record

and give the IP Address of your web server and it can show them your site. Add Host Header information to an IIS Web server and have a custom page of "You are not authorized to view this site" or something like that - whatever you want.