We help IT Professionals succeed at work.

Editing DNS to block Facebook

metamatic
metamatic asked
on
919 Views
Last Modified: 2012-05-10
Our company has decided to block Facebook plus various other social networking sites.

I have amended a hosts file which seem to do the trick. However I need to role this out to 80 users. I understand that this can be done via group policy. However, i've also seen people suggest that web sites can be blocked via entries in my windows DNS servers.

Can anybody let me know what I need to do to the DNS to achieve this?
Comment
Watch Question

Commented:
I believe you can just add a "New Host" for that site.  If this is a company, the best way to do it would be to use a firewall with content filtering.  We use sonicwall content filtering at our office and all you have to do is deny the whole category of social networking.
Swapnil PrajapatiSr. System Administrator

Commented:
You can goto DNS on your server right click Goto Forwarders
Add new forwarder and say it as facebook.com domain give forwarder ip as 127.0.0.1

Once you do it the queries for facebook.com should resolve to local and it should be blockec.

Commented:
Create a new zone on your dns server called facebook.com and then create an A record that points to a bogus IP address.
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Put the new DNS server in the DHCP configuration and it should be pushed out automatically as each machine renews it's IP address lease with the DHCP server.

Commented:
Then to make sure that no one uses another DNS to get around the filter, you can block outgoing port 53 (DNS) on your firewall for every machine except your server.

Commented:
Rereading your question, if depends if you host your own DNS server or use another one (like one provided by your ISP).  If you host your own, then you put in a forwarder like someone mentioned above.  If you use your ISP, then you can switch to something like OpenDNS.  Anyway, the way to push out the DNS settings would be through your DHCP server.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.