using DSN to block instant messaging services

Archived from groups: microsoft.public.win2000.dns (More info?)

I am trying to block IM from our network.

I keep reading that the best way to do this is to make my DNS server the
authoritative DNS for the websites users have to login to access IM, such as
login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
because they may change their IP addresses at any time for these servers.

Suppsedly what you do is you make your DNS server authoritative for these
sites, and resolve the names to a localhost of 127.0.0.1

I'm just uncertain of where to do this. I see where I can do new host or
new alias, or rightclick on domain and select other new records and I can
choose from resource records like alias and host, but I am uncertain if it
is one of these or I have to do this someplace else.

I'm sure it is something simple I am overlooking, so any help would be
appreciated.

gary
3 answers Last reply
More about using block instant messaging services
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Gary Massengale" <garym_jnospam@hotmail.com> wrote:

    >I am trying to block IM from our network.
    >
    >I keep reading that the best way to do this is to make my DNS server the
    >authoritative DNS for the websites users have to login to access IM, such as
    >login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
    >because they may change their IP addresses at any time for these servers.
    >
    >Suppsedly what you do is you make your DNS server authoritative for these
    >sites, and resolve the names to a localhost of 127.0.0.1
    >
    >I'm just uncertain of where to do this. I see where I can do new host or
    >new alias, or rightclick on domain and select other new records and I can
    >choose from resource records like alias and host, but I am uncertain if it
    >is one of these or I have to do this someplace else.
    >
    >I'm sure it is something simple I am overlooking, so any help would be
    >appreciated.
    >
    >gary
    >

    Perfectly simple. First, you must be running DNS internally AND your
    systems must point to your local DNS servers for resolution. Now,
    open the DNS MMC on your server and add a new zone called
    login.oscar.aol.com. It needs to either be AD-Integerated or a
    Primary zone (replicate the zone to all internal DNS servers too to
    make sure queries to them are also returned with no answer). You
    don't even need to put A records in it. Simply having a primary zone
    makes the DNS server report it as authoritative and will prevent
    access to any site in that zone. We do it often for customers who
    want to prevent access to sites such as ebay.com. If you want to
    block all aol.com sites simply create a primary zone for aol.com.

    Sincerely,
    Brian S. Bergin
    Terabyte Computers, Inc.

    Please post replies here so everyone may benefit.

    NOTICE: Use of this information is contingent upon acceptance of Paragraph 17 of Terabyte's Terms and conditions located at http://terabyte.net/terms.htm#postings.
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    great!
    many thanks.
    gary

    "Brian S. Bergin" <net.terabyte@mspublicnntp.reverse> wrote in message
    news:do4851p5lumr7p4een1h1lstbt8mfv5ac6@4ax.com...
    > "Gary Massengale" <garym_jnospam@hotmail.com> wrote:
    >
    >>I am trying to block IM from our network.
    >>
    >>I keep reading that the best way to do this is to make my DNS server the
    >>authoritative DNS for the websites users have to login to access IM, such
    >>as
    >>login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
    >>because they may change their IP addresses at any time for these servers.
    >>
    >>Suppsedly what you do is you make your DNS server authoritative for these
    >>sites, and resolve the names to a localhost of 127.0.0.1
    >>
    >>I'm just uncertain of where to do this. I see where I can do new host or
    >>new alias, or rightclick on domain and select other new records and I can
    >>choose from resource records like alias and host, but I am uncertain if it
    >>is one of these or I have to do this someplace else.
    >>
    >>I'm sure it is something simple I am overlooking, so any help would be
    >>appreciated.
    >>
    >>gary
    >>
    >
    > Perfectly simple. First, you must be running DNS internally AND your
    > systems must point to your local DNS servers for resolution. Now,
    > open the DNS MMC on your server and add a new zone called
    > login.oscar.aol.com. It needs to either be AD-Integerated or a
    > Primary zone (replicate the zone to all internal DNS servers too to
    > make sure queries to them are also returned with no answer). You
    > don't even need to put A records in it. Simply having a primary zone
    > makes the DNS server report it as authoritative and will prevent
    > access to any site in that zone. We do it often for customers who
    > want to prevent access to sites such as ebay.com. If you want to
    > block all aol.com sites simply create a primary zone for aol.com.
    >
    > Sincerely,
    > Brian S. Bergin
    > Terabyte Computers, Inc.
    >
    > Please post replies here so everyone may benefit.
    >
    > NOTICE: Use of this information is contingent upon acceptance of Paragraph
    > 17 of Terabyte's Terms and conditions located at
    > http://terabyte.net/terms.htm#postings.
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    Can this be set up for only certain users without having to set up
    two dns servers for two different groups?


    "Brian S. Bergin" <net.terabyte@mspublicnntp.reverse> wrote in message
    news:do4851p5lumr7p4een1h1lstbt8mfv5ac6@4ax.com...
    "Gary Massengale" <garym_jnospam@hotmail.com> wrote:

    >I am trying to block IM from our network.
    >
    >I keep reading that the best way to do this is to make my DNS server the
    >authoritative DNS for the websites users have to login to access IM, such
    as
    >login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
    >because they may change their IP addresses at any time for these servers.
    >
    >Suppsedly what you do is you make your DNS server authoritative for these
    >sites, and resolve the names to a localhost of 127.0.0.1
    >
    >I'm just uncertain of where to do this. I see where I can do new host or
    >new alias, or rightclick on domain and select other new records and I can
    >choose from resource records like alias and host, but I am uncertain if it
    >is one of these or I have to do this someplace else.
    >
    >I'm sure it is something simple I am overlooking, so any help would be
    >appreciated.
    >
    >gary
    >

    Perfectly simple. First, you must be running DNS internally AND your
    systems must point to your local DNS servers for resolution. Now,
    open the DNS MMC on your server and add a new zone called
    login.oscar.aol.com. It needs to either be AD-Integerated or a
    Primary zone (replicate the zone to all internal DNS servers too to
    make sure queries to them are also returned with no answer). You
    don't even need to put A records in it. Simply having a primary zone
    makes the DNS server report it as authoritative and will prevent
    access to any site in that zone. We do it often for customers who
    want to prevent access to sites such as ebay.com. If you want to
    block all aol.com sites simply create a primary zone for aol.com.

    Sincerely,
    Brian S. Bergin
    Terabyte Computers, Inc.

    Please post replies here so everyone may benefit.

    NOTICE: Use of this information is contingent upon acceptance of Paragraph
    17 of Terabyte's Terms and conditions located at
    http://terabyte.net/terms.htm#postings.
Ask a new question

Read More

DNS Server Instant Messaging Windows