How best to block all IP traffic to the new .XXX domains
In a Microsoft Windows Server 2003 AD network, is it possible to use Microsoft DNS to block access to all subdomains of the new .XXX TLD? The firewall router is not capable of URL filtering.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What type of firewall/ router do you have?
ASKER
Chev_PCN, we did in fact try your suggestion already, but without success. However, I have realised that I was making a mistake when testing by using a fictitious xxx domain/host. I discovered that porn.xxx and sex.xxx are "Safe for Business" placeholder sites. When I used these for testing, I found that the disruption to DNS resolution works fine. Thank you! I understand your point about direct access via IP address. Also, there are plenty of porn sites on .com, etc which would still be accessible. Still, the client asked me a specific question...
Thank you for your comment about proxies. This is also under consideration.
setasoujiro, Fair point, although most users are not local admins and so would not be able to change any workstation IP settings.
Thank you for your comment about proxies. This is also under consideration.
setasoujiro, Fair point, although most users are not local admins and so would not be able to change any workstation IP settings.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you to both of you for your comments. I have certainly told the company that just focussing on .XXX does not mean no porn... ;-)
ASKER
The first answer was the technical answer to my question strictly speaking, but I appreciate the issues mentioned in the other answer too. Thanks!
Unless you blocked their ability to change their dns settings