Blocking domain via DNS...

06-29-2006, 12:03 AM

Well I'm on a small 200 user network. Some higher ups wanted to block
ebay.com etc. So I stopped the record from being updated via DNS.
(Maybe not the best way.) However is there anyway I can have the
domain resolved locally on one machine???

External DNS server work or am I out of luck?

06-29-2006, 01:13 PM

Deploy a proxy server like ISA server that can control this type of stuff
via the Users Account.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Well I'm on a small 200 user network. Some higher ups wanted to block
> ebay.com etc. So I stopped the record from being updated via DNS.
> (Maybe not the best way.) However is there anyway I can have the
> domain resolved locally on one machine???
>
> External DNS server work or am I out of luck?
>

06-30-2006, 04:58 PM

My experience with proxy servers is limited. But my experience has
been 1000 user environment..once implemented it actually performed
poorly. In addition asking a user for an additional proxy password
was difficult and produced excessive calls to our helpdesk.

I believe we could block it via firewall...I'm actually not sure why we
didn't do it this way in the first place.
Phillip Windell wrote:
> Deploy a proxy server like ISA server that can control this type of stuff
> via the Users Account.
>
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/pro...isaserver.mspx
> -----------------------------------------------------
>
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > Well I'm on a small 200 user network. Some higher ups wanted to block
> > ebay.com etc. So I stopped the record from being updated via DNS.
> > (Maybe not the best way.) However is there anyway I can have the
> > domain resolved locally on one machine???
> >
> > External DNS server work or am I out of luck?
> >

07-05-2006, 10:22 PM

"(E-Mail Removed)" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> My experience with proxy servers is limited. But my experience has
> been 1000 user environment..once implemented it actually performed
> poorly. In addition asking a user for an additional proxy password
> was difficult and produced excessive calls to our helpdesk.

ISA Server uses Intergrated Authentication. There is no "prompt". It goes
by what they logged into their workstation as.

> I believe we could block it via firewall...I'm actually not sure why we
> didn't do it this way in the first place.

ISA is a "firewall". "Firewall" is a generic term. Both a Proxy Server or
a NAT Server can be a "firewall". They are just two competing technologies
to accomplish the same task. What most people call "firewalls" as simply
NAT Servers and are not as capable as a product such as ISA Server. NAT
Devices cannot use Integrated Authentication with Domain Level Accounts.
Even MS's own NAT Server (Windows Server with RRAS) cannot do Intergrated
Authentication,...I believe it is a limitation of NAT.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Unix domain socket: can't test for blocking before sendto	Poluekt	Linux Networking	2	11-22-2010 07:27 PM
Blocking only one site of a Domain with SQUID	marcel.amaral@gmail.com	Linux Networking	0	05-12-2006 08:16 PM
linux improper 0 return from read on blocking unix domain socket	tx_scott_stevens@yahoo.com	Linux Networking	0	11-18-2005 10:11 PM
Server 2003 VPN blocking access to non-domain machines	tprebble@gmail.com	Windows Networking	1	04-02-2005 07:57 AM
VERY strange problem.. domain blocking from intuit's quickbooks?		Windows Networking	3	05-18-2004 10:00 AM