DNS Blacklist MS DNS 2003

Home Forums Microsoft Networking and Management Services DNS DNS Blacklist MS DNS 2003

This topic contains 4 replies, has 4 voices, and was last updated by Avatar christobal 9 years, 2 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • Avatar
    g7rpo
    Member
    #150631

    Hi All

    I used this a long time ago in the distant past using bind, more to act as a web filter than anyting else but now its seems to be a nice option to block malware etc.

    My main problem is that I cant figure out how to do it in MS DNS.

    I have a list from

    malwaredomains.com

    Have read the the only practical option is to use a 3rd party plugin which I am loathed to do.

    Any help would be greatly appreciated.

    Avatar
    Dumber
    Participant
    #201398

    Re: DNS Blacklist MS DNS 2003

    Denying such domains using manual created blacklists will be a hell to maintain.
    Sure you can create the zones and add an A record to block it but if it is wisely?

    Avatar
    Anonymous
    #376135

    Re: DNS Blacklist MS DNS 2003

    Nothing built into MS DNS 200x to maintain a “blacklist”. You’ll either need to use another vendor’s DNS solution or use a proxy infrastructure to protet your users while browsing web sites.

    Avatar
    christobal
    Member
    #377390

    Re: DNS Blacklist MS DNS 2003

    As pretty much said before you are stuck with 1 of 2 options. I am actually being asked to look into something similar.

    1) Create zones and A records in your primary dns. uuuuugly and if your using AD integrated dns will likely bloat your reg.

    2) Use an intermediate dns forwarder between you and whomever you forward to and load the zones into these servers. This is better as you setup your internal to point here and then setup those to point the nasty to either a 127.0.0.1 or maybe a webserver so you can log who goes there better.

    though if your looking for better protection I would use something like a bluecoat to control/proxy your traffic. MUUUCH better.

    Avatar
    Anonymous
    #376137

    Re: DNS Blacklist MS DNS 2003

    Bluecoat Proxies are excellent, especially for the Enterprise. However, they can be pricy.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.