using DSN to block instant messaging services

G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

I am trying to block IM from our network.

I keep reading that the best way to do this is to make my DNS server the
authoritative DNS for the websites users have to login to access IM, such as
login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
because they may change their IP addresses at any time for these servers.

Suppsedly what you do is you make your DNS server authoritative for these
sites, and resolve the names to a localhost of 127.0.0.1

I'm just uncertain of where to do this. I see where I can do new host or
new alias, or rightclick on domain and select other new records and I can
choose from resource records like alias and host, but I am uncertain if it
is one of these or I have to do this someplace else.

I'm sure it is something simple I am overlooking, so any help would be
appreciated.

gary
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

"Gary Massengale" <garym_jnospam@hotmail.com> wrote:

>I am trying to block IM from our network.
>
>I keep reading that the best way to do this is to make my DNS server the
>authoritative DNS for the websites users have to login to access IM, such as
>login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
>because they may change their IP addresses at any time for these servers.
>
>Suppsedly what you do is you make your DNS server authoritative for these
>sites, and resolve the names to a localhost of 127.0.0.1
>
>I'm just uncertain of where to do this. I see where I can do new host or
>new alias, or rightclick on domain and select other new records and I can
>choose from resource records like alias and host, but I am uncertain if it
>is one of these or I have to do this someplace else.
>
>I'm sure it is something simple I am overlooking, so any help would be
>appreciated.
>
>gary
>

Perfectly simple. First, you must be running DNS internally AND your
systems must point to your local DNS servers for resolution. Now,
open the DNS MMC on your server and add a new zone called
login.oscar.aol.com. It needs to either be AD-Integerated or a
Primary zone (replicate the zone to all internal DNS servers too to
make sure queries to them are also returned with no answer). You
don't even need to put A records in it. Simply having a primary zone
makes the DNS server report it as authoritative and will prevent
access to any site in that zone. We do it often for customers who
want to prevent access to sites such as ebay.com. If you want to
block all aol.com sites simply create a primary zone for aol.com.

Sincerely,
Brian S. Bergin
Terabyte Computers, Inc.

Please post replies here so everyone may benefit.

NOTICE: Use of this information is contingent upon acceptance of Paragraph 17 of Terabyte's Terms and conditions located at http://terabyte.net/terms.htm#postings.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

great!
many thanks.
gary

"Brian S. Bergin" <net.terabyte@mspublicnntp.reverse> wrote in message
news:do4851p5lumr7p4een1h1lstbt8mfv5ac6@4ax.com...
> "Gary Massengale" <garym_jnospam@hotmail.com> wrote:
>
>>I am trying to block IM from our network.
>>
>>I keep reading that the best way to do this is to make my DNS server the
>>authoritative DNS for the websites users have to login to access IM, such
>>as
>>login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
>>because they may change their IP addresses at any time for these servers.
>>
>>Suppsedly what you do is you make your DNS server authoritative for these
>>sites, and resolve the names to a localhost of 127.0.0.1
>>
>>I'm just uncertain of where to do this. I see where I can do new host or
>>new alias, or rightclick on domain and select other new records and I can
>>choose from resource records like alias and host, but I am uncertain if it
>>is one of these or I have to do this someplace else.
>>
>>I'm sure it is something simple I am overlooking, so any help would be
>>appreciated.
>>
>>gary
>>
>
> Perfectly simple. First, you must be running DNS internally AND your
> systems must point to your local DNS servers for resolution. Now,
> open the DNS MMC on your server and add a new zone called
> login.oscar.aol.com. It needs to either be AD-Integerated or a
> Primary zone (replicate the zone to all internal DNS servers too to
> make sure queries to them are also returned with no answer). You
> don't even need to put A records in it. Simply having a primary zone
> makes the DNS server report it as authoritative and will prevent
> access to any site in that zone. We do it often for customers who
> want to prevent access to sites such as ebay.com. If you want to
> block all aol.com sites simply create a primary zone for aol.com.
>
> Sincerely,
> Brian S. Bergin
> Terabyte Computers, Inc.
>
> Please post replies here so everyone may benefit.
>
> NOTICE: Use of this information is contingent upon acceptance of Paragraph
> 17 of Terabyte's Terms and conditions located at
> http://terabyte.net/terms.htm#postings.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Can this be set up for only certain users without having to set up
two dns servers for two different groups?


"Brian S. Bergin" <net.terabyte@mspublicnntp.reverse> wrote in message
news:do4851p5lumr7p4een1h1lstbt8mfv5ac6@4ax.com...
"Gary Massengale" <garym_jnospam@hotmail.com> wrote:

>I am trying to block IM from our network.
>
>I keep reading that the best way to do this is to make my DNS server the
>authoritative DNS for the websites users have to login to access IM, such
as
>login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
>because they may change their IP addresses at any time for these servers.
>
>Suppsedly what you do is you make your DNS server authoritative for these
>sites, and resolve the names to a localhost of 127.0.0.1
>
>I'm just uncertain of where to do this. I see where I can do new host or
>new alias, or rightclick on domain and select other new records and I can
>choose from resource records like alias and host, but I am uncertain if it
>is one of these or I have to do this someplace else.
>
>I'm sure it is something simple I am overlooking, so any help would be
>appreciated.
>
>gary
>

Perfectly simple. First, you must be running DNS internally AND your
systems must point to your local DNS servers for resolution. Now,
open the DNS MMC on your server and add a new zone called
login.oscar.aol.com. It needs to either be AD-Integerated or a
Primary zone (replicate the zone to all internal DNS servers too to
make sure queries to them are also returned with no answer). You
don't even need to put A records in it. Simply having a primary zone
makes the DNS server report it as authoritative and will prevent
access to any site in that zone. We do it often for customers who
want to prevent access to sites such as ebay.com. If you want to
block all aol.com sites simply create a primary zone for aol.com.

Sincerely,
Brian S. Bergin
Terabyte Computers, Inc.

Please post replies here so everyone may benefit.

NOTICE: Use of this information is contingent upon acceptance of Paragraph
17 of Terabyte's Terms and conditions located at
http://terabyte.net/terms.htm#postings.