How can I block websites in local DNS

DNS configuration
Local DNS
Hi.. My company have local dns server here i want to block some sites in local DNS only for all clients pc... How can i do this quckly... PLZ help me Thanks in advance. Regards Hira Chilwal

Software/Hardware used:

Answer Wiki

Thanks. We'll let you know when a new response is added.

PLEASE, look again at the comment of Saturno from
27 of July, 2011 – caveat lector !

Unfortunately, only the question author can mark it as an
approved answer – I can’t!

two ways of doing so.

1) make an entry in the host file of system as
E.g :
this will block the on that computer.

2) try with making the same entry in your DNS. i never tried that.

3) you can even use freeware proxy tools available on google.

a). You can use “open dns” to block websites.
b). If your switch support “port mirroring”, you also can setup an internet filtering program(ie: WFilter, websense) to filter certain websites.

Discuss This Question: 8  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Gabe9527
    Add restircted sites to IE via a Group Policy.
    11,095 pointsBadges:
  • ErroneousGiant
    You really should have some kind of web filtering in place through something dedicated to the task. It will improve general security and help with situations like this. Do you have ISA? also another good place to block traffic from. You could put an entry in your DNS that refers the address to something else but it's not advised. I would go with Gabe9527's suggestion for a short term fix. If users figure out you've blocked it they can still get around this using a proxy avoidance website.
    3,120 pointsBadges:
  • Mariodlg
    I think restricted sites may help a little, but due the exist of many other browsers like Chrome, Firefox, Safari, this solution maybe is not what you need. Maybe if we know what type of DNS software you are using we can give you better options. Other thing you must consider is the fact some users can put IP entries in their hosts file if they actually know the IP address of the website you intend to block in order to jump the dns service. I think a firewall or a content filter are better options. If you like open source solutions take a look at ClearOS, a linux based solution for enterprises. Another recomendation could be Watchguard, a paid solution. Regards.
    2,790 pointsBadges:
  • saturno
    Hello, Everyone please don't get me wrong, but I really need to put this answer like this: Please don't fool yourself with the idea of blocking anything within name resolution (DNS)! If you want to block access to / from a network, you really need a full featured proxy and a state-full firewall. Note that I'm not saying that you need to buy anything, though. As everyone know, we get what we pay for; but you can achieve a good level of protection with completely free products. (more on that later if you need) Please post back if you need further help.
    4,585 pointsBadges:
  • KDubb
    115 pointsBadges:
  • CiscoOne
    I may be wrong and I'm not sure how much access you have to your network or what type of equipment you are running but wouldn't it be easier to place a few ACL's on your router?
    75 pointsBadges:
  • carlosdl
    Done (answer approved), Petko.
    85,865 pointsBadges:
  • petkoa
    Thanks, Carlos - and Saturno, to that matter!
    3,140 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: