Block a Website Address in my DNS mcp <zafarhussain[ at ]blueyonder.co.uk> 4/29/2007 6:34:01 PM hi everyone. can someone please tell me how to block certian websites. our users access some sites that i like to block. we have a firewall but dont want to do anything in that. i have read that if i create a new zone with a particular websit e.g youtube.com that will work. It does work, but i have about few address, so is there way to create a dns record of the site i want to block in my existing zone without creating new zones. please help. thanks

Re: Block a Website Address in my DNS Lukas Beeler <lb-lists[ at ]projectdream.org> 4/29/2007 6:57:54 PM * mcp <zafarhussain[ at ]blueyonder.co.uk>: [Quoted Text] > can someone please tell me how to block certian websites. our users > access some sites that i like to block. we have a firewall but dont > want to do anything in that. But a content filter is best suited for a task - ISA 2006 or appliances, the list is nearly endless here. > i have read that if i create a new zone with a particular websit e.g > youtube.com that will work. It does work, but i have about few > address, so is there way to create a dns record of the site i want to > block in my existing zone without creating new zones. You could create "wrong" stub zones in your DNS-Server, that would work. But solutions only work as long as users don't have local admin rights, and you're using software restriction polices. Otherwise people could just install firefox with TOR or an open proxy. Or they could use an USB stick with Firefox2Go. In general, political problems such as these are best solved by your HR department, by creating an appropriate acceptable use policy for company equipment - this should stop most people, without investing time in cumbersome technical solutions. (e.G. what if you _need_ access to youtube for some reason? Without a proper content filter, just DNS or IE hacks it can get cumbersome) -- Read my blog at http://projectdream.org

Re: Block a Website Address in my DNS mcp <zafarhussain[ at ]blueyonder.co.uk> 4/29/2007 7:44:24 PM On Apr 29, 7:57 pm, Lukas Beeler <lb-li...[ at ]projectdream.org> wrote: [Quoted Text] > * mcp <zafarhuss...[ at ]blueyonder.co.uk>: > > > can someone please tell me how to block certian websites. our users > > access some sites that i like to block. we have a firewall but dont > > want to do anything in that. > > But a content filter is best suited for a task - ISA 2006 or > appliances, the list is nearly endless here. > > > i have read that if i create a new zone with a particular websit e.g > > youtube.com that will work. It does work, but i have about few > > address, so is there way to create a dns record of the site i want to > > block in my existing zone without creating new zones. > > You could create "wrong" stub zones in your DNS-Server, that > would work. > > But solutions only work as long as users don't have local admin > rights, and you're using software restriction polices. Otherwise > people could just install firefox with TOR or an open proxy. Or > they could use an USB stick with Firefox2Go. > > In general, political problems such as these are best solved by > your HR department, by creating an appropriate acceptable use > policy for company equipment - this should stop most people, > without investing time in cumbersome technical solutions. > > (e.G. what if you _need_ access to youtube for some reason? > Without a proper content filter, just DNS or IE hacks it can get > cumbersome) > > -- > Read my blog athttp://projectdream.org hi can you please provide an example for stubzone, as i never created one. thanks.

Re: Block a Website Address in my DNS "Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> 4/29/2007 9:44:08 PM Read inline please. In news:1177871641.750942.214810[ at ]p77g2000hsh.googlegroups.com, mcp <zafarhussain[ at ]blueyonder.co.uk> typed: [Quoted Text] > hi everyone. > > can someone please tell me how to block certian websites. our users > access some sites that i like to block. we have a firewall but dont > want to do anything in that. A firewall would be the best way, this is one of the intended uses of firewalls. > i have read that if i create a new zone with a particular websit e.g > youtube.com that will work. It does work, but i have about few > address, so is there way to create a dns record of the site i want to > block in my existing zone without creating new zones. You would have to create a new zone, you cannot add a record in one domain and expect it to answer for another. You would be best to use a forward lookup zone, with no records in it, or if you create a record, point it to your own site. The problem with trying to use a stub zone for this is that stub zones try to fix themselves by looking for the NS records for the domain you create them for. A savvy user will find a way around any zone you create. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps Send IM: http://www.icq.com/people/webmsg.php?to=296095728 =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ===================================

Re: Block a Website Address in my DNS "Herb Martin" <news[ at ]learnquick.com> 4/30/2007 1:40:53 AM "mcp" <zafarhussain[ at ]blueyonder.co.uk> wrote in message news:1177875864.881102.310610[ at ]n59g2000hsh.googlegroups.com... [Quoted Text] > hi > > can you please provide an example for stubzone, as i never created > one. A Stub Zone is NOT what you want -- that is a specific technical thing in Windows 2003 DNS. What you want is a "server specific zone" -- create a zone with the ACTUAL name of the SERVER, e.g., www.badplace.com. Add an A record with a BLANK (or Same As Parent) name and the address pointed somewhere worthless, e.g., 127.0.0.1. Again, though, some type of proxy server with filters is a much better idea. How about the FREE Privoxy from SourceForge.net? -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)

Re: Block a Website Address in my DNS mcp <zafarhussain[ at ]blueyonder.co.uk> 4/30/2007 7:44:24 PM On Apr 30, 2:40 am, "Herb Martin" <n...[ at ]learnquick.com> wrote: [Quoted Text] > "mcp" <zafarhuss...[ at ]blueyonder.co.uk> wrote in message > > news:1177875864.881102.310610[ at ]n59g2000hsh.googlegroups.com... > > > hi > > > can you please provide an example for stubzone, as i never created > > one. > > A Stub Zone is NOT what you want -- that is a specific technical > thing in Windows 2003 DNS. > > What you want is a "server specific zone" -- create a zone with the > ACTUAL name of the SERVER, e.g.,www.badplace.com. > Add an A record with a BLANK (or Same As Parent) name > and the address pointed somewhere worthless, e.g., 127.0.0.1. > > Again, though, some type of proxy server with filters is a much > better idea. > > How about the FREE Privoxy from SourceForge.net? > > -- > Herb Martin, MCSE, MVPhttp://www.LearnQuick.Com > (phone on web site) Thankyou everyone for your eply i will test this soon. much appreciated.