DNS server and hosts file???

  • Thread starter Thread starter PJ
  • Start date Start date
P

PJ

Hi all,

Have a quastion. I want to block spyware programs access to spyware sites on
corporate network computers. I download HOSTS file with most spyware sites
and plase it on our DNS servers - but as I see it didnot work (DNS did not
use HOSTS file for lookup).

Can I change this?
May be possible to upload text file to DNS server cashe?

Thank You...
 
DNS doesn't use hosts files. And rather than try to create hundreds of bogus
records for these sites, you should instead copy the hosts file to
everyone's computer (location depends on version of Windows) and you should
be fine. You can do this in your login script if you use one.
 
PJ said:
Hi all,

Have a quastion. I want to block spyware programs access to spyware sites on
corporate network computers. I download HOSTS file with most spyware sites
and plase it on our DNS servers - but as I see it didnot work (DNS did not
use HOSTS file for lookup).

Can I change this?
May be possible to upload text file to DNS server cashe?

Thank You...
Click to expand...

Hosts files on a machine areonly for that machine when resolving. So the
hosts file on a DNS server will only be good for YOU when you are cruising
the net from THAT machine.

You would have to put the hosts files on each client individually. Can you
load it in DNS cache? NO. What you would need is to create the rogue spyware
zones individually in DNS and point them to 127.0.0.2 so they won't resolve,
unless there's a 3rd party tool to do that for you.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
As always, it's best to use the right tool for the right project. While
doing this host file stuffs may be cheap in terms of cash, using something
like ISA Server (or even SurfControl) is the "proper" way to accomplish
this, IMO. The cash you "save" by going the hosts file route will all be
spent on countless hours of maintaining multiple host files on multiple
clients, as well as procurring large supply of Aspirin and Tylenol.

Just to say, DNS was not designed for this.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
Hi all,

Have a quastion. I want to block spyware programs access to spyware sites on
corporate network computers. I download HOSTS file with most spyware sites
and plase it on our DNS servers - but as I see it didnot work (DNS did not
use HOSTS file for lookup).

Can I change this?
Click to expand...

Sure. Use a hosts file the way it's intended. Replace the hosts file
on your workstation with it.

Jeff
 
Yeah.... I forgot Advil. Good, strong doses of Advil VERY handy, especially
when it's getting close to midnight on a Saturday and I find myself still
pecking at my keyboard :)

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
Yeah.... I forgot Advil. Good, strong doses of Advil VERY handy,
especially when it's getting close to midnight on a Saturday and I
find myself still pecking at my keyboard :)
Click to expand...

Saturday nite? Hmm...that's when I'm out drinking...I usually take a couple
before going to bed with a huge glass of water!

:-)


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hi all...

Thank You for Your answer's. It is a bad news that DNS did not use hosts
file for name resolution. :(

Yes, I use ISA server for network protection. I place HOSTS file on it - it
work only for PROXY client, but not for FIREWALL clients (this because of
different DNS resolution for PROXY and FIREWALL clients when they work with
ISA).
So I must put HOSTS file on all our workstations :( - It is time for
scripting...
 
I use a BIND DNS "forwarder" for EXTERNAL (only) DNS resolution.

I load the equivalent (75,000+) records into the BIND cache and can make
changes in a second or so with as little or as much scripting as I prefer.

The purpose here is far more than pure security -- but includes the speedup
due to preventing the download of many, many add graphics.

I have lobbied for the ability to "preload" the Win2000+ DNS server cache
so that I can dispense with the additional BIND server (on my proxy
machine.)

Windows DNS doesn't allow this preload -- BIND does. In general, I prefer
Windows DNS, especially for internal purposes.
 
The purpose here is far more than pure security -- but includes the
speedup
due to preventing the download of many, many add graphics.
Click to expand...

What do you mean by graphics and is that related to your dns?
I have lobbied for the ability to "preload" the Win2000+ DNS server cache
so that I can dispense with the additional BIND server (on my proxy
machine.)
Click to expand...

What do you mean by preload and why is it important to you?
 
I have lobbied for the ability to "preload" the Win2000+ DNS server
cache
What do you mean by preload and why is it important to you?
Click to expand...

Sorry I thought this was common knowledge -- it is covered in some of
those links we gave earlier.

It turns out that about 75% (maybe 90%) of all Advertisement graphics
and "insert pages" come from a relatively small number (but in the ten's of
thousands) of servers.

By disabling effective resolution (common is to use the loopback address
but I have another method I personally prefer) of those servers you can
avoid the transfer of those graphics -- a bandwidth saving -- and the need
to view that junk.

Although it isn't strictly "graphics" this is the most typical format for
insert
ads.
 
Back
Top