Announcement

Collapse
No announcement yet.

DNS Blacklist MS DNS 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Blacklist MS DNS 2003

    Hi All

    I used this a long time ago in the distant past using bind, more to act as a web filter than anyting else but now its seems to be a nice option to block malware etc.

    My main problem is that I cant figure out how to do it in MS DNS.

    I have a list from

    malwaredomains.com

    Have read the the only practical option is to use a 3rd party plugin which I am loathed to do.

    Any help would be greatly appreciated.

  • #2
    Re: DNS Blacklist MS DNS 2003

    Denying such domains using manual created blacklists will be a hell to maintain.
    Sure you can create the zones and add an A record to block it but if it is wisely?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: DNS Blacklist MS DNS 2003

      Nothing built into MS DNS 200x to maintain a "blacklist". You'll either need to use another vendor's DNS solution or use a proxy infrastructure to protet your users while browsing web sites.
      JM @ IT Training & Consulting
      http://www.itgeared.com

      Comment


      • #4
        Re: DNS Blacklist MS DNS 2003

        As pretty much said before you are stuck with 1 of 2 options. I am actually being asked to look into something similar.

        1) Create zones and A records in your primary dns. uuuuugly and if your using AD integrated dns will likely bloat your reg.

        2) Use an intermediate dns forwarder between you and whomever you forward to and load the zones into these servers. This is better as you setup your internal to point here and then setup those to point the nasty to either a 127.0.0.1 or maybe a webserver so you can log who goes there better.

        though if your looking for better protection I would use something like a bluecoat to control/proxy your traffic. MUUUCH better.

        Comment


        • #5
          Re: DNS Blacklist MS DNS 2003

          Bluecoat Proxies are excellent, especially for the Enterprise. However, they can be pricy.
          JM @ IT Training & Consulting
          http://www.itgeared.com

          Comment

          Working...
          X