DNS - Conditional Forwarding Question

[smarksfrcb]

First I want to set the stage of what I have setup and then what I would like to accomplish

I have a dns server called we will say dns1.abc.local . We have a vpn setup with one of your customers (we will say XYZ Co) where we access different urls thru the VPN. We have conditional forwarding setup where if we get a dns query to dns1.abc.local look for something.xyz.com it forwards the query to a dns server thru the VPN to a dns server within XYZ 's network. That works great. However it also allows the users to have full internet access since Recursion can't be disabled for this to work. We want this group of user not to have full internet access.

Is there a way we set this up and still block full internet to these users. I am looking for solutions not just with Microsoft DNS but with some other software or hardware....I am looking at an option now that possibly may work with a Cisco router....any help would be apprecieated.

 

[mrdenny]

You need a content blocking solution of some sort that can block internet access based on a specific user or workstation. There's lots of these out there, some are free, others aren't.

Web Sense is one, Sonar (aka Interguard) is another. On the less Enterprise ready side you've got stuff like NetNanny.

If you know the IP subnet that the users that shouldn't have Internet access are on, you can simply block those IPs from having net access on the router.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)

My Blog