how to set up a black and white list on the dns level

Posted on 2011-10-05
Last Modified: 2012-05-12
I'm trying to set up, on the dns level, a white list and black list that would allow me to black all but say three or four websites for a client.

The idea is to be able to, on the fly, edit in the future if need be.

any ideas?
Question by:jwattsit
    LVL 6

    Accepted Solution

    A useable white list for DNS is hard implement because the client is going to need to access domain names not apparent from the address bar of a web browser.  For example, CRLs for certificates for signed code need to be checked, and software on the computer may need to update itself by visiting external sites (antivirus if you don't have an enterprise antivirus solution, for example).

    Having said this, you can delete all root hints from your DNS server, configure it to not use recursion, and configure conditional fowarders for good domain names such that those queries are forwarded to a functional DNS server with the ability to use root hints.

    You'll then need a way to force clients to use only your customized DNS server and prevent users from being able to edit local hosts files.

    Author Comment

    Is it recommended to use a firewall to block certain websites (facebook, youtube, etc) instead of creating a whitelist to enable only certain websites?

    What is the best method/recommended method if DNS is hard to implement?  Is software or hardware usually purchased in addition to the existing Windows Server and basic firewall?
    LVL 27

    Assisted Solution

    using DNS to control web access is not great for loads of reasons:
    there are many ways to bypass it
    its takes a lot of admin
    you'll struggle with certain websites that consist of elements from multipe locations on the internet.

    there are several free proxy programs available but proper paid ones are more configurable and better at the job.
    some firewalls have basic webfilters built in and are pretty good. I'd use those if your firewall has the facility.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Suggested Solutions

    One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
    Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
    Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
    This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now