How can I block all Hotmail and other such messenger services with our Cisco Router?

OK, another attempt to use technology to solve personnel behavioral issues....
Couple of things. Since you are AD and obviously have your local clients point to your own dns server, try simply adding a bogus dns entry for *.hotmail.com to one of your own web servers with a special web page that says something like "Get back to work, loafer!"

If you can find the IP addresses of all the hotmail servers, you can create access-lists on the router to block all access to those IP addresses.

If you have an acceptible use policy that prohibits the use of hotmail during work hours, everyone has read, understood and signed it, then reprimand or fire someone for violating their privileges.

If you have ISA /Proxy server, you can monitor which users violate the policy.

Else you can use some other content filtering appliance like the iPrism http://www.stbernard.com/iprism
or WebSense http://www.websense.com  or surfcontrol  http://www.surfcontrol.com

On a technical note, there is no PIX firewall "card" that goes into a 1700 router. There is a firewall "feature set" of the IOS that will run on a 1700 giving it some of the capabilities of a PIX firewall.

f you have an acceptible use policy that prohibits the use of hotmail during work hours, everyone has read, understood and signed it, then reprimand or fire someone for violating their privileges.

if the upper management had the gumption to go through the bother of finding someone to replace the offending party(s), then this would be the obvious solution.

We paid extra for a pix card add in for that router and I may be mistaken about it being used for a firewall feature, although the IOS definately has firewall software features, our T1 line is plugged directly into the card.

How would I associate the DNS record with a webpage? We don't have web servers although I could set up a new website to specifically do that I guess.

Excellent!!
Exactly what I was hoping to learn. Thank you much.

One more thing please. I created a new zone on the DNS server and with it a new host(A) record..forward only. I couldn't create the A record on the same subnet that our AD Domain is on so I created an adjacent (private) subnet and assigned a number from that subnet to the new website that is hosting the suggested webpage. Of course it doesn't work, It spins the iconic microsoft globe for a bit and says that it is unreachable. The webserver that the new website resides on has a dynamic IP that is part of the AD domain subnet, even though the website has this other fictitious IP assigned to it on Port 80. WHEW! Is this workable, or am I doing something half-backwards?

Not sure why you can't just use an ip in the local subnet ( I don't have a win server to test with at the moment)..
But, this adjacent subnet must be known as local by whatever you default gateway is..
I assume your local gateway is the 1700 router. You might need to assign it a secondary IP in the same subnet range

  interface fast 0
   ip address 192.168.2.1 255.255.255.0 secondary

It wouldn't allow the IP on the same subnet during the initial setup, however I was able to edit it later and give it an IP on our subnet afterall.