using DSN to block instant messaging services

[Gary Massengale]

I am trying to block IM from our network.

I keep reading that the best way to do this is to make my DNS server the
authoritative DNS for the websites users have to login to access IM, such as
login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
because they may change their IP addresses at any time for these servers.

Suppsedly what you do is you make your DNS server authoritative for these
sites, and resolve the names to a localhost of 127.0.0.1

I'm just uncertain of where to do this. I see where I can do new host or
new alias, or rightclick on domain and select other new records and I can
choose from resource records like alias and host, but I am uncertain if it
is one of these or I have to do this someplace else.

I'm sure it is something simple I am overlooking, so any help would be
appreciated.

gary

 

[Brian S. Bergin]

I am trying to block IM from our network.

I keep reading that the best way to do this is to make my DNS server the
authoritative DNS for the websites users have to login to access IM, such as
login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
because they may change their IP addresses at any time for these servers.

Suppsedly what you do is you make your DNS server authoritative for these
sites, and resolve the names to a localhost of 127.0.0.1

I'm just uncertain of where to do this. I see where I can do new host or
new alias, or rightclick on domain and select other new records and I can
choose from resource records like alias and host, but I am uncertain if it
is one of these or I have to do this someplace else.

I'm sure it is something simple I am overlooking, so any help would be
appreciated.

gary

Perfectly simple. First, you must be running DNS internally AND your
systems must point to your local DNS servers for resolution. Now,
open the DNS MMC on your server and add a new zone called
login.oscar.aol.com. It needs to either be AD-Integerated or a
Primary zone (replicate the zone to all internal DNS servers too to
make sure queries to them are also returned with no answer). You
don't even need to put A records in it. Simply having a primary zone
makes the DNS server report it as authoritative and will prevent
access to any site in that zone. We do it often for customers who
want to prevent access to sites such as ebay.com. If you want to
block all aol.com sites simply create a primary zone for aol.com.

Sincerely,
Brian S. Bergin
Terabyte Computers, Inc.

Please post replies here so everyone may benefit.

NOTICE: Use of this information is contingent upon acceptance of Paragraph 17 of Terabyte's Terms and conditions located at http://terabyte.net/terms.htm#postings.

 

[Gary Massengale]

great!
many thanks.
gary

Perfectly simple. First, you must be running DNS internally AND your
systems must point to your local DNS servers for resolution. Now,
open the DNS MMC on your server and add a new zone called
login.oscar.aol.com. It needs to either be AD-Integerated or a
Primary zone (replicate the zone to all internal DNS servers too to
make sure queries to them are also returned with no answer). You
don't even need to put A records in it. Simply having a primary zone
makes the DNS server report it as authoritative and will prevent
access to any site in that zone. We do it often for customers who
want to prevent access to sites such as ebay.com. If you want to
block all aol.com sites simply create a primary zone for aol.com.

Sincerely,
Brian S. Bergin
Terabyte Computers, Inc.

Please post replies here so everyone may benefit.

NOTICE: Use of this information is contingent upon acceptance of Paragraph
17 of Terabyte's Terms and conditions located at
http://terabyte.net/terms.htm#postings.

 

[EN]

Can this be set up for only certain users without having to set up
two dns servers for two different groups?

I am trying to block IM from our network.

I keep reading that the best way to do this is to make my DNS server the
authoritative DNS for the websites users have to login to access IM, such as
login.oscar.aol.com for AOL and csc.yahoo.com for Yahoo IM. You do this
because they may change their IP addresses at any time for these servers.

Suppsedly what you do is you make your DNS server authoritative for these
sites, and resolve the names to a localhost of 127.0.0.1

I'm just uncertain of where to do this. I see where I can do new host or
new alias, or rightclick on domain and select other new records and I can
choose from resource records like alias and host, but I am uncertain if it
is one of these or I have to do this someplace else.

I'm sure it is something simple I am overlooking, so any help would be
appreciated.

gary

Perfectly simple. First, you must be running DNS internally AND your
systems must point to your local DNS servers for resolution. Now,
open the DNS MMC on your server and add a new zone called
login.oscar.aol.com. It needs to either be AD-Integerated or a
Primary zone (replicate the zone to all internal DNS servers too to
make sure queries to them are also returned with no answer). You
don't even need to put A records in it. Simply having a primary zone
makes the DNS server report it as authoritative and will prevent
access to any site in that zone. We do it often for customers who
want to prevent access to sites such as ebay.com. If you want to
block all aol.com sites simply create a primary zone for aol.com.

Sincerely,
Brian S. Bergin
Terabyte Computers, Inc.

Please post replies here so everyone may benefit.

NOTICE: Use of this information is contingent upon acceptance of Paragraph
17 of Terabyte's Terms and conditions located at
http://terabyte.net/terms.htm#postings.