?
Solved

Editing DNS to block Facebook

Posted on 2010-09-09
7
Medium Priority
?
890 Views
Last Modified: 2012-05-10
Our company has decided to block Facebook plus various other social networking sites.

I have amended a hosts file which seem to do the trick. However I need to role this out to 80 users. I understand that this can be done via group policy. However, i've also seen people suggest that web sites can be blocked via entries in my windows DNS servers.

Can anybody let me know what I need to do to the DNS to achieve this?
0
Comment
Question by:metamatic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 2

Expert Comment

by:dannyyo
ID: 33638084
I believe you can just add a "New Host" for that site.  If this is a company, the best way to do it would be to use a firewall with content filtering.  We use sonicwall content filtering at our office and all you have to do is deny the whole category of social networking.
0
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33638091
You can goto DNS on your server right click Goto Forwarders
Add new forwarder and say it as facebook.com domain give forwarder ip as 127.0.0.1

Once you do it the queries for facebook.com should resolve to local and it should be blockec.
0
 
LVL 3

Expert Comment

by:kf4zmt
ID: 33638092
Create a new zone on your dns server called facebook.com and then create an A record that points to a bogus IP address.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Accepted Solution

by:
CWCertus1 earned 2000 total points
ID: 33638099
Create a zone called facebook.com and add a www A (host) record pointing somewhere else i.e. 127.0.0.1.

Any user with enough rights on their own machine could get the IP address of the facebook and create a www.facebook.com entry in their own hosts file to get around this.

A better solution would be to use group policy to push internet explorer settings which prevent this (content adviser or trusted sites lockdowns etc.) or buy a purpose made solution for this e.g. webmarshal softwar or a hosted solution like websense - incidentally you can force users to use websense on their work machines at home as it is hosted and they would then have to abide by work guidelines for browsing on company machines at all times.
0
 
LVL 12

Expert Comment

by:mccracky
ID: 33639692
Put the new DNS server in the DHCP configuration and it should be pushed out automatically as each machine renews it's IP address lease with the DHCP server.
0
 
LVL 12

Expert Comment

by:mccracky
ID: 33639711
Then to make sure that no one uses another DNS to get around the filter, you can block outgoing port 53 (DNS) on your firewall for every machine except your server.
0
 
LVL 12

Expert Comment

by:mccracky
ID: 33639773
Rereading your question, if depends if you host your own DNS server or use another one (like one provided by your ISP).  If you host your own, then you put in a forwarder like someone mentioned above.  If you use your ISP, then you can switch to something like OpenDNS.  Anyway, the way to push out the DNS settings would be through your DHCP server.
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question