ndalmolin_13
asked on
Block Pandora using DNS in a AD 2003 environmnet
Hello Experts,
We have a ton of users that are using pandora and eating up bandwidth. I would like to configure DNS so that when a user tries to access www.pandora.com, they are rerouted to our internal web page. Based on information that I have found here and on the web, I have done the following:
1. From our DNS server (which is also a 2003 domain controller), I have created a new forward lookup zone. I have tried this as both a primary DNS zone and an AD integrated DNS zone.
2. Once the zone was created, I added a new A record. For the name of the A record I entered "*". For the IP I entered the internal IP of our intranet site 10.10.10.1.
3. I cleared the DNS cache
4. Opened IE and typed www.pandora.com and was taken right to the pandora site.
What am I missing here?
Thanks,
Nick
We have a ton of users that are using pandora and eating up bandwidth. I would like to configure DNS so that when a user tries to access www.pandora.com, they are rerouted to our internal web page. Based on information that I have found here and on the web, I have done the following:
1. From our DNS server (which is also a 2003 domain controller), I have created a new forward lookup zone. I have tried this as both a primary DNS zone and an AD integrated DNS zone.
2. Once the zone was created, I added a new A record. For the name of the A record I entered "*". For the IP I entered the internal IP of our intranet site 10.10.10.1.
3. I cleared the DNS cache
4. Opened IE and typed www.pandora.com and was taken right to the pandora site.
What am I missing here?
Thanks,
Nick
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You blocked Pandora? Let the phone calls begin !!! :-)
BTW, you do realize that there will always be some users who get around the DNS trick - an enterprising music-starved person might just use an IP address. Might be better to do it at the firewall if you have equipment that allows you to do that.
BTW, you do realize that there will always be some users who get around the DNS trick - an enterprising music-starved person might just use an IP address. Might be better to do it at the firewall if you have equipment that allows you to do that.
I had a very hard time finding servers to block at my firewall but have had success blocking 208.85.40.0/24.
BillMars - that's kind of harsh, blocking 200-something IPs. Hope there's no collateral damage ;-)
We are a small company and if we have any users that can't get to a site I will hear about it pretty quickly. So far it hasn't been an issue. I know Pandora is using a lot of those IPs although all that I have seen have been in the sub .100 range so I suppose you could probably get away with using a /25 instead.
ASKER