I run a Windows Server 2008 R2 network with 2 DCs providing DNS and DHCP to about 65 internal users. The DHCP licenses define the 'main' DC as the DNS server for the clients. I have several dozen internal resources named and pointed as forward zones and then simply route all www. traffic to our ISP's DNS server first and Google's public DNS second via conditional forwarding. Works as expected.
I'm experiencing more and more of a need to limit web traffic, specifically sites such as Spotify. Would conditional forwarding be the preferred method to accomplish this? If so, what might the setup look like? I'm thinking forwarder #1 is for all www and then there's a second forwarder created for all www.spotify
dns requests, a third for www.pandora
requests, etc. These blocking forwarders would not resolve for the user. I feel certain I'm oversimplifying the process and wanted some feedback before I started poking around.