Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Use DNS to block websites

Status
Not open for further replies.

flipperc

IS-IT--Management
Jun 19, 2002
44
US
I have Server 2003 & I need to block users from getting to myspace, etc.

I was told the best way in my envirnment is to use the DNS server? How exactly do I do that? What are the steps, etc?

Thanks,

Phillip
 
Well you could add false address records but it's not a very effective way as the users can just use the IP address to getaround it. You would be better off using a proxy/firewall box like smoothwall.

 
A real easy way of doing this is setting your outside DNS to
to the DNS servers of
You'll need to setup an account "it's free"

I use this on two different corporate locations and it works awesome.

Does Adult and specific domain blocking with all the sub-domains.

Info below:

Adult Site Blocking

OpenDNS makes the Internet better. Adult site blocking is a free service we provide that lets you block adult websites on your network. We've teamed up with our friends at St. Bernard Software, who have human-reviewed tens of millions of domains, to make sure you get the most awesome adult site blocking service ever.

* Nearly 4 million domains blocked

All sites blocked are reviewed by the experienced iGuard team at St. Bernard Software. Pick from six categories, listed on the right. We update the data every day to keep it fresh.
* Free

OpenDNS offers adult site blocking as a free service, like everything else we provide.
* Easy, with no software or hardware to install

Our simple web-based interface makes protecting your network as simple as checking a box.
* Brand the block page

You can use the custom image feature to let everyone on your network know that you're watching out for them.
 
Use ISA server and can block specific site or install something like websense or something is my answer but the free option sounds ok too.
 
I would love to use ISA server, but SBS03 Standard does not include ISA.
I'm not giving MS any more of my money ;-)
 
You can do this in DNS. Set up a Forward Lookup Zone for the domain, IE. myspace.com.
Create an Alias (CNAME) in the zone that points to the destination server you want to redirect them to.
Creat a Host (A) record that point them to the destination server's IP address and use * for the Name.

This will redirect all *.myspace.com and the and queries. It doesn't redirect something like myspace.com/whatever so the user will get a "cannot display a webpage" error for those addresses.

A user can get aroumd the redirection by using the IP but this usually isn't very practical as most sites have a multitude of links in their pages that would fail to resolve. User's can get aroung this all by using a proxy server, though most aren't that savvy.
 
OpenDNS does domain level blocking and proxy site blocking as well. Also has a white list, if some sites get blocked that you want off the catch all block list.

As I said works great and is FREE! without any hardware/software hassles or configuration.
 
Hmm. That's a good hard sell you're giving openDNS, but the claim to have 'human-reviewed' tens of millions of sites is rather ambitious.

If you assume the 'review' takes about a minute, that would take 10 people, working 8 hours a day, 365 days per year, more than 10 years to do.

Impressive.
 
but the claim to have 'human-reviewed' tens of millions of sites is rather ambitious."

OpenDNS doesn't make that claim, St Bernard Software does.
 
OK, so we have a team consisting of a company that can't count, and company that doesn't bother to check.

Jeez I'm bored.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top