Blocking queries to certain domains

Pete Ehlke pde at ehlke.net
Sat Jan 12 19:21:43 UTC 2002


* Ali Eghtessadi <ali at babcockbrown.com> said, on [020112 10:53]:
> 
> I would like to know if there is a way to block or drop queries to
> certain domains? I am trying to block my users from using Yahoo
> messanger. One way is to block the IP address of the servers in the
> firewall but because there are so many servers it is not a good solution
> for us. I thought, may be using dns to block the entire domain would be
> an easier solution.
> 
You could set up your resolver hosts to be authoritative for the
*.yahoo.com zones in question, but that will only work until one of your
users figures out that they can get around it by changing the server
they use for name service.

You're trying to use a hammer to fry an egg. Hammers are good tools, but
they don't fry eggs terribly well. Why isn't it possible for you to
block the messenger servers in your firewall? YM isn't terribly *easy*
to block, but it's by no means impossible, and there are plenty of
resources on the web that show you exactly how to do it with a variety
of firewalling products.

-Pete


More information about the bind-users mailing list