Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sunscreen

Status
Not open for further replies.

bingo425

MIS
Feb 23, 2003
8
GB
using Solrais 8 & sunscreen I need to block some sites from being browosed.how to contarol that by site name
 
Easiest way to block sites by name is to "take" over DNS authority locally. Create a blank zone for which nothing resolves - OR - create a zone in which most names will resolve to your own server.

This will keep your network from being able to request pages that are from these "taken over" zones.
 
AllenV Thanks, please guide me step by step to do that over my DNS.
Our company has over 300 user , most of them browsing for example 4 famous news papare at , and down load some spcial topics. I want tostop this , i could not find away on my sunscreen FW policy and i can't put by ip address because most site has more tha 4 -5 ip adrress.
My DNS is Iplanet 4.2 under solris 8.
 
I use ISC bind - so I can't tell you "how" - I leave that to someone else. The below is SPECIFIC to ISC bind. I have no idea how IPlanet does the job.

Under ISC bind - the "named.conf" file controls your "zones". Each zone typically has it's own definition file.

The end of my "named.conf" file looks like this:

zone "adbureau.com" { type master; file "zone.blank"; };
zone "advertising.com" { type master; file "zone.blank"; };
zone "atdmt.com" { type master; file "zone.blank"; };
zone "burstnet.com" { type master; file "zone.blank"; };
zone "doubleclick.net" { type master; file "zone.blank"; };
...
And so on (basically all of the servers that I've found that create "POP-UP" style banner ads).

My zone.blank file looks like this:

$TTL 86400
@ IN SOA dns.domain.me. hostmaster.domain.me. (
2003010100 10800 3600 604800 86400
)
NS dns.domain.me.
NS dns2.domain.me.

That's it - so the blank zone (no entries) takes over any call to my own DNS server asking for the DNS zones that I have named in my named.conf.
 
dear allven;

i am confuesd ,step to create zone.blank file
 
As I said, I don't know if any of this will work for you, as I use "ISC" bind, and you are using some IPlanet product.

All configuration files are plain text, editable by "vi". ISC DNS server, named, is configured through a plain text file called named.conf. Inside this file there is typically a statement that tells where all "included" files are kept (in this case, zone files).

Under Sun and HP/UX default named scenarios this is not set, and all dependant files are assumed to be in /etc/.
[ Under Linux zone files are kept in /var/named. ]

You will not have a blank zone file at all, until you create one. vi /etc/blank.zone. Then simply add all of the lines that I put in my previous example (which had settings, but no entries). Then for each zone you are trying to block, you would add that zone to the named.conf file.

It sounds like you should really seek some assistance with IPlanet specifically though, as I doubt my advice will go far with your setup - and while IPlanet is affiliated with Sun, it is not standard on Sun systems.

Thanks,
Allen
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top