Lockdown internet using DNS server

I tried something yesterday that didn't work very well and I'm hoping you can spot the error.

A client of ours wanted to lock down the internet for their users while keeping the managers free to do whatever.

There are 2 DNS servers there. One forwards out to the internet and I configured the second as a forwarder to opendns.com. DNS2 was configured as a secondary zone to DNS1. I put the 4 XP computer accounts into their own OU and applied a group policy to assign DNS2 as their DNS server.

When the policy replicated, however, they didn't have access to their main database (hosted on DNS1) or the Internet.

I ended up having to undo the whole solution last night and now we're back where we started - with DNS2 disabled and all machines pointing to DNS1.

What do you guys think?
taiell0Asked:
Who is Participating?
 
dr_linuxConnect With a Mentor Commented:
The DNS entries should match on both DNS1 and DNS2.  It seems that your main database DNS name was not entered onto your other DNS server.  As long as the entries match, you can set up the other one not to even forward.  Keep in mind this only drops the name resolution, user can still enter the IP addresses and be fine (yes, most users may not even try).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.