• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 344
  • Last Modified:

how to set up a black and white list on the dns level

I'm trying to set up, on the dns level, a white list and black list that would allow me to black all but say three or four websites for a client.

The idea is to be able to, on the fly, edit in the future if need be.

any ideas?
2 Solutions
A useable white list for DNS is hard implement because the client is going to need to access domain names not apparent from the address bar of a web browser.  For example, CRLs for certificates for signed code need to be checked, and software on the computer may need to update itself by visiting external sites (antivirus if you don't have an enterprise antivirus solution, for example).

Having said this, you can delete all root hints from your DNS server, configure it to not use recursion, and configure conditional fowarders for good domain names such that those queries are forwarded to a functional DNS server with the ability to use root hints.

You'll then need a way to force clients to use only your customized DNS server and prevent users from being able to edit local hosts files.
jwattsitAuthor Commented:
Is it recommended to use a firewall to block certain websites (facebook, youtube, etc) instead of creating a whitelist to enable only certain websites?

What is the best method/recommended method if DNS is hard to implement?  Is software or hardware usually purchased in addition to the existing Windows Server and basic firewall?
using DNS to control web access is not great for loads of reasons:
there are many ways to bypass it
its takes a lot of admin
you'll struggle with certain websites that consist of elements from multipe locations on the internet.

there are several free proxy programs available but proper paid ones are more configurable and better at the job.
some firewalls have basic webfilters built in and are pretty good. I'd use those if your firewall has the facility.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now