Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Myspace.com
- Thread starter Russmis
- Start date
You could use GPO to block it, but there is still ways around that. There are many proxy sites that allow you to access myspace through them, although you could block access to those as well in the GPO. I found it easier to use my firewall to block myspace.com as well as the proxy sites some of my users were finding (via google). I wound up putting in over 100 IP addresses to block to cover this, finally my user gave up. Easiest way I guess would be a proxy server, but I didn't want to go through the hassle of setting that up.
I used do this with my local DNS server. I didnt have to block myspace.com at the time so I dont know how client machines would react, but what I would have done was add myspace.com to my local DNS server and giving it an ip of 127.0.0.1 It worked ok, but we have sice installed websense which blocks the site nicely.
This may not help if you do not have local DNS servers
Hope this helps
This may not help if you do not have local DNS servers
Hope this helps
- Thread starter
- #4
ShackDaddy
MIS
Create a new forward lookup zone for myspace.com
Then create a 'www' A record that points to 127.0.0.1 and any other hostnames that you find are associated with myspace, add them as A records that point to 127.0.0.1.
You can do this for any domain that you find you want to block. The only way around it is to go directly to the IP of the site, or perhaps using some sort of anonymizer service.
ShackDaddy
Then create a 'www' A record that points to 127.0.0.1 and any other hostnames that you find are associated with myspace, add them as A records that point to 127.0.0.1.
You can do this for any domain that you find you want to block. The only way around it is to go directly to the IP of the site, or perhaps using some sort of anonymizer service.
ShackDaddy
elperrogrande
Programmer
This only blocks the casual user since it only gives the "wrong" DNS info. A creative user can easily subvert this by editing the hosts file locally, since the local file takes precedence.
gene
gene
ShackDaddy
MIS
Removing it from DNS is just the first step. In my experience, most users don't know how to edit a hosts file, and will usually assume that the site's been blocked in another way when they can no longer access the site.
If it looks like enough users actually do start bypassing the dummy DNS zone that this is ineffective, the next step is then blocking outbound traffic to specific IPs/Subnets on your firewall.
You could block at the firewall as your first step, but you came to the DNS forum for a solution, right? ;-)
ShackDaddy
If it looks like enough users actually do start bypassing the dummy DNS zone that this is ineffective, the next step is then blocking outbound traffic to specific IPs/Subnets on your firewall.
You could block at the firewall as your first step, but you came to the DNS forum for a solution, right? ;-)
ShackDaddy
- Thread starter
- #8
- Status