• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 338
  • Last Modified:

how to set up a black and white list on the dns level

I'm trying to set up, on the dns level, a white list and black list that would allow me to black all but say three or four websites for a client.

The idea is to be able to, on the fly, edit in the future if need be.

any ideas?
0
jwattsit
Asked:
jwattsit
2 Solutions
 
-tjsCommented:
A useable white list for DNS is hard implement because the client is going to need to access domain names not apparent from the address bar of a web browser.  For example, CRLs for certificates for signed code need to be checked, and software on the computer may need to update itself by visiting external sites (antivirus if you don't have an enterprise antivirus solution, for example).

Having said this, you can delete all root hints from your DNS server, configure it to not use recursion, and configure conditional fowarders for good domain names such that those queries are forwarded to a functional DNS server with the ability to use root hints.

You'll then need a way to force clients to use only your customized DNS server and prevent users from being able to edit local hosts files.
0
 
jwattsitAuthor Commented:
Is it recommended to use a firewall to block certain websites (facebook, youtube, etc) instead of creating a whitelist to enable only certain websites?

What is the best method/recommended method if DNS is hard to implement?  Is software or hardware usually purchased in addition to the existing Windows Server and basic firewall?
0
 
SteveCommented:
using DNS to control web access is not great for loads of reasons:
there are many ways to bypass it
its takes a lot of admin
you'll struggle with certain websites that consist of elements from multipe locations on the internet.

there are several free proxy programs available but proper paid ones are more configurable and better at the job.
some firewalls have basic webfilters built in and are pretty good. I'd use those if your firewall has the facility.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now