Re: DNS to block google talk

From: "Julian Dragut" <julian.dragut@xxxxxxx>
Date: Thu, 10 Aug 2006 15:46:25 -0400

Thanks Roger,

I cannot use neither ISA nor the PIX firewall for specific reasons. I would
like to play with the host file at a central location rather than all the
users on the network, but a host file on a DNS server doesn't seem to be
doing too much.
Any more ideas?

Thanks,

J
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:eSKHCBLvGHA.2260@xxxxxxxxxxxxxxxxxxxxxxx

Most of the time such IP spoof blockage is effected via the hosts file,
as it takes priority in the Windows resolver over DNS resolution.
Now, that is not a centralize approach, but implemented on each client
with NTFS to prevent their changing it. However, as mail.google.com
is not your zone your only other choice is to define a privately accessed
primary zone and populate it with what is needed (which of course you
would have to guess and otherwise work out . . . and then wait for it to
need alterations, new records, changed IPs, etc. . . . a total mess).

The real solution is filtering at your network edge.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Julian Dragut" <julian.dragut@xxxxxxx> wrote in message
news:%23cKVcsKvGHA.1288@xxxxxxxxxxxxxxxxxxxxxxx

Hi,

I'm trying to block google talk by using the dns lookup to
chatenabled.mail.google.com to return 127.0.0.1, but I don't want to
block any other google services/sites.

Creating and maintaining a primary zone is out of the scope, secondary
zone won't transfer to my server (duh) and I was wondering is there are
other options down there ....

Thanks

J

Follow-Ups:
- Re: DNS to block google talk
  - From: karl levinson, mvp

References:
- DNS to block google talk
  - From: Julian Dragut
- Re: DNS to block google talk
  - From: Roger Abell [MVP]

Prev by Date: Re: New Google Toolbar
Next by Date: Looking for Microsoft (freelance) engineers for project work
Previous by thread: Re: DNS to block google talk
Next by thread: Re: DNS to block google talk
Index(es):
- Date
- Thread

Relevant Pages

Re: dns & host file
... How to add 192.168.0.100 to my local DNS server. ... is setup accept email relay and 192.168.0.101 use ... If I don't put 192.168.0.100 in host file, the email won't go out, I ...
(microsoft.public.win2000.dns)
Re: dns & host file
... How to add 192.168.0.100 to my local DNS server. ... is setup accept email relay and 192.168.0.101 use ... If I don't put 192.168.0.100 in host file, the email won't go out, I ...
(microsoft.public.win2000.dns)
Re: dns & host file
... Why do you not install your own DNS server? ... Think it will be more easy then using host file. ... I have two win 2000 servers(application and database server). ... The other network cards connect to internet. ...
(microsoft.public.win2000.dns)
Re: very confused with new ad and dns setup
... both setup for a primary zone called inbox360.local and they both are ... I also have another DC which i setup with dns at another site. ... server from the same server by connecting to other dns server it shows ...
(microsoft.public.windows.server.dns)
Re: Server 2003 not reading hosts file
... you could use them on the server and have MS implamentation of DNS consult ... cut your overhead by being able to edit a host file in notepad and not having ... Otherwise, there is no way to populate the DNS server cache, which is different than the DNS server's local cache, which only it's own local client side resolver will use, and will not be used for client queries to the DNS service. ...
(microsoft.public.windows.server.dns)