Everyone please don't get me wrong, but I really need to put this answer like this:
Please don't fool yourself with the idea of blocking anything within name resolution (DNS)!
If you want to block access to / from a network, you really need a full featured proxy and a state-full firewall.
Note that I'm not saying that you need to buy anything, though.
As everyone know, we get what we pay for; but you can achieve a good level of protection with completely free products. (more on that later if you need)
Please post back if you need further help.
PLEASE, look again at the comment of Saturno from
27 of July, 2011 – caveat lector !
Unfortunately, only the question author can mark it as an
approved answer – I can’t!
two ways of doing so.
1) make an entry in the host file of system as 127.0.0.1.
E.g : gmail.com 127.0.0.1
this will block the gmail.com on that computer.
2) try with making the same entry in your DNS. i never tried that.
3) you can even use freeware proxy tools available on google.
a). You can use “open dns” to block websites.
b). If your switch support “port mirroring”, you also can setup an internet filtering program(ie: WFilter, websense) to filter certain websites.