Block Pandora using DNS in a AD 2003 environmnet

Posted on 2011-04-20
Last Modified: 2012-05-11
Hello Experts,

We have a ton of users that are using pandora and eating up bandwidth.  I would like to configure DNS so that when a user tries to access, they are rerouted to our internal web page.  Based on information that I have found here and on the web, I have done the following:
1.  From our DNS server (which is also a 2003 domain controller), I have created a new forward lookup zone.  I have tried this as both a primary DNS zone and an AD integrated DNS zone.
2.  Once the zone was created, I added a new A record.  For the name of the A record I entered "*".  For the IP I entered the internal IP of our intranet site
3.  I cleared the DNS cache
4.  Opened IE and typed and was taken right to the pandora site.

What am I missing here?

Question by:ndalmolin_13
    LVL 14

    Accepted Solution

    1.  Create an A record - www, and point that at your intranet address ?

    2.  Also, rather than use " * " for the first A record that you created, you should just leave it blank.
    (you can test whether this is good advice by typing in * in your web browser)

    Try that.
    LVL 1

    Author Closing Comment

    That did it
    LVL 14

    Expert Comment

    You blocked Pandora?  Let the phone calls begin !!!  :-)

    BTW, you do realize that there will always be some users who get around the DNS trick - an enterprising music-starved person might just use an IP address.  Might be better to do it at the firewall if you have equipment that allows you to do that.

    Expert Comment

    I had a very hard time finding servers to block at my firewall but have had success blocking
    LVL 14

    Expert Comment

    BillMars  - that's kind of harsh, blocking 200-something IPs.  Hope there's no collateral damage  ;-)

    Expert Comment

    We are a small company and if we have any users that can't get to a site I will hear about it pretty quickly.  So far it hasn't been an issue.  I know Pandora is using a lot of those IPs although all that I have seen have been in the sub .100 range so I suppose you could probably get away with using a /25 instead.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now