Restrict Internet Access by securing DNS

[Jordan]

I was looking at the security on DNS and I was wondering if I could use that
to restrict Internet access. All my clients are DHCP so I can point their
DNS to my W2K DNS server. If I remove the group "Authenticated Users" and
replace it with a group "Internet Users" that I create, wouldn't that only
allow users in the "Internet Users" group to access DNS records.

I realize that they could still access the Internet by IP, but who does that
anyway?

 

[Kevin D. Goodknecht [MVP]]

In Jordan <[email protected]> posted a question
Then Kevin replied below:
: I was looking at the security on DNS and I was wondering if I could
: use that to restrict Internet access. All my clients are DHCP so I
: can point their DNS to my W2K DNS server. If I remove the group
: "Authenticated Users" and replace it with a group "Internet Users"
: that I create, wouldn't that only allow users in the "Internet Users"
: group to access DNS records.
:
: I realize that they could still access the Internet by IP, but who
: does that anyway?

It won't work, it may or may not stop users from getting internet access. In
an AD Domain environment Internet access is not why you use DNS. If by
chance you did stop users from accessing DNS, they won't even be able to use
the local network which relies on DNS.
Get a Firewall and apply rules that keep certain users or machines from
getting to the internet gateway.

 

[Jonathan de Boyne Pollard]

J> I was looking at the security on DNS and I was wondering if
J> I could use that to restrict Internet access.

DNS service is the wrong tool for that job. Configure your IP connectivity
and routing appropriately.

 

[jaimin]

hi Jordon

You can use Browse Control to do this, download this from:
www.browsecontrol.com

Regards
Divyesh