Ok, so basically I needed to block certain domains from my corporate network. What I did was create those domains in my Windows 2003 Server AD integrated DNS, create A records pointing them to an internal webserver with a page that says something like "Sorry you can't go here from work". This works perfectly for what we were trying to accomplish. But now I have an issue where upper management wants to be able to get to some of these sites. Is there any way that I can tell the DNS that if these users, or their specific IP's, request these domains that they should not use the internal DNS to resolve those addresses? Either by blocking them from reading the DNS entries for those specific domains or by pointing them to a different DNS server just for those domains? I have both Mac & PC users needing to do this. There are only a few people that I need to do this for, so if it can't be done on the server level (which would be highly preferred), I would not mind going to their computers to fix the problem. Any way to get them off my back would be appreciated.
Thanks in advance.