Home > IT Answers > Networking > How can I block websites in local DNS
Hirachilwal
25 pts.
 How can I block websites in local DNS
DNS, DNS configuration, Local DNS
Hi..
My company have local dns server here i want to block some sites in local DNS only for all clients pc...
How can i do this quckly...
PLZ help me
Thanks in advance.
Regards
Hira Chilwal

Software/Hardware used:
software
ASKED: Jul 19, 2011  1:17 PM GMT
UPDATED: May 21, 2012  5:39:50 PM GMT
RELATED QUESTIONS
Saturno
4,570 pts.
 
  Help
 Approved Answer - Chosen by Carlosdl
Hello,

Everyone please don't get me wrong, but I really need to put this answer like this:

Please don't fool yourself with the idea of blocking anything within name resolution (DNS)!

If you want to block access to / from a network, you really need a full featured proxy and a state-full firewall.
Note that I'm not saying that you need to buy anything, though.
As everyone know, we get what we pay for; but you can achieve a good level of protection with completely free products. (more on that later if you need)

Please post back if you need further help.
ANSWERED:  Jul 27, 2011  10:46 PM (GMT)  by Saturno   4,570 pts.
 
Other Answers:
===========================================
PLEASE, look again at the comment of Saturno from
27 of July, 2011 - caveat lector !

Unfortunately, only the question author can mark it as an
approved answer - I can't!
===========================================

two ways of doing so.

1) make an entry in the host file of system as 127.0.0.1.
E.g : gmail.com 127.0.0.1
this will block the gmail.com on that computer.

2) try with making the same entry in your DNS. i never tried that.

3) you can even use freeware proxy tools available on google.


a). You can use "open dns" to block websites.
b). If your switch support "port mirroring", you also can setup an internet filtering program(ie: WFilter, websense) to filter certain websites.
Last Wiki Answer Submitted:  Sep 3, 2011  12:37 AM (GMT)  by  Petkoa   3,060 pts.
Latest Answer Wiki Contributors:  Gengw2000   70 pts., Thmohan   50 pts.
To see other answers submitted to the Answer Wiki View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



 

Add restircted sites to IE via a Group Policy.

Gabe9527
 8,575 pts.
 

You really should have some kind of web filtering in place through something dedicated to the task.

It will improve general security and help with situations like this.

Do you have ISA? also another good place to block traffic from. You could put an entry in your DNS that refers the address to something else but it’s not advised. I would go with Gabe9527’s suggestion for a short term fix.

If users figure out you’ve blocked it they can still get around this using a proxy avoidance website.

ErroneousGiant
 3,120 pts.
 

I think restricted sites may help a little, but due the exist of many other browsers like Chrome, Firefox, Safari, this solution maybe is not what you need.

Maybe if we know what type of DNS software you are using we can give you better options.
Other thing you must consider is the fact some users can put IP entries in their hosts file if they actually know the IP address of the website you intend to block in order to jump the dns service.

I think a firewall or a content filter are better options.
If you like open source solutions take a look at ClearOS, a linux based solution for enterprises.
Another recomendation could be Watchguard, a paid solution.

Regards.

Mariodlg
 2,790 pts.

Hello,

Everyone please don’t get me wrong, but I really need to put this answer like this:

Please don’t fool yourself with the idea of blocking anything within name resolution (DNS)!

If you want to block access to / from a network, you really need a full featured proxy and a state-full firewall.
Note that I’m not saying that you need to buy anything, though.
As everyone know, we get what we pay for; but you can achieve a good level of protection with completely free products. (more on that later if you need)

Please post back if you need further help.

Saturno
 4,570 pts.
 

Opendns.com

KDubb
 115 pts.
 

I may be wrong and I’m not sure how much access you have to your network or what type of equipment you are running but wouldn’t it be easier to place a few ACL’s on your router?

CiscoOne
 75 pts.
 

Done (answer approved), Petko.

Carlosdl
 60,255 pts.
 

Thanks, Carlos - and Saturno, to that matter!

Petkoa
 3,060 pts.
 

This post is really helpful, but I also recommend a really easy way to block websites: using StopDistractions. Check it out: http://www.StopDistractions.com

Jamesd1
 10 pts.