No announcement yet.

DNS Server Entry - Block Sites

  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Server Entry - Block Sites

    Hi there,

    I am looking to block websites using the DNS server. I have heard that you can block websites here just as you would with a HOSTS file on a local machine.

    I honestly do not know how to access the DNS server - is it on our Win Server 2003? Do I need to go into the router?

    Once I find where the DNS server is, how do I go about blocking the sites?

    Any help appreciated - thanks in advance.

  • #2
    Re: DNS Server Entry - Block Sites

    It really depends on your network? a small network with one site and one or two servers would probably use the DNS of the router (which in turn would be getting DNS off your ISP)

    a large network with multiple sites would use an internal DNS server/servers to resolve internal names (they would also then use an external DNS server to resolve names outside of your internal newtwork)

    if you type nslookup from the command prompt, that will give you the address of the DNS server that your workstation is using.

    once you know what DNS server you are using then you can worry about blocking domains


    • #3
      Re: DNS Server Entry - Block Sites

      Most routers don't have the capabilities required to register all of the required records for AD so unless you are on a workgroup I would look at your 2003 server first. Bear in mind that anyone who knows the IP address of a website or knows how to add in their own DNS settings can bypass this block though.

      Please read this before you post:

      Quis custodiet ipsos custodes?


      • #4
        Re: DNS Server Entry - Block Sites

        OpenDNS does some rudimentary blocking for things like adult content, but as AndyJG247 said it's a trivial thing to bypass access restrictions that are implemented via DNS entries. What kind of environment are you working in and how committed to blocking people from accessing certain web sites are you? It may be better to invest in a router that can do some kind of content filtering (maybe with a subscription based engine). An option that would involve a bit more hands-on work would be to use some kind of alternate firmware (OpenWRT, tomato, etc.) on a regular LinkSys SOHO router and tweak the content filtering options. Definitely do some research on that before you make a decision. If you're really determined to block sites on a more granular level and aren't afraid of getting your hands a little dirty, you could use a proxy server such as squid with some plug ins that do content filtering. Dan's Guardian is a content filtering proxy based on squid. You might just want to use IPCop with a proxy plug in which would become your firewall and proxy server / content filter.

        Some of my suggestions might be a bit overboard for your situation, but at least you're aware of the possibilities now.
        Wesley David
        LinkedIn | Careers 2.0
        Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
        Vendor Neutral Certifications: CWNA
        Blog: || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
        Goofy kitten avatar photo from Troy Snow: