A simple solution

[Junior]

Greetings to all,

I know that I am missing something here and if anyone can shed some light
for me, I am grateful.

Here is what I need to do. I need to drop access to the AOL website as well
as some of the other subdomains for MSN messenger, Yahoo and the like. I
have blocked ports on the firewall here, but I also want to block access to
the AOL website and what not.

I have 2 Windows 2K DC's on network. One is in Standard Primary mode, the
other is a secondary standard. I am wanting to list these domains, however,
I have noticed that by including the domain "aol.com" and thus listing
subdomain "oscar" and the A record for "www", having it resolve to the local
loop, AOL messenger as well as the aol.com site are not reachable.

Caveat is that no email sent out from my company can be sent to this domain.
I have tried adding the nameservers and what not into the domain record, I
am considering just setting up a BIOND server on the side and to say to hell
with it all, but I figured I would see what I am "recommended in doing " in
the Win2K DNS environment.

 

[Kevin D. Goodknecht [MVP]]

In

Greetings to all,

I know that I am missing something here and if anyone can shed some
light for me, I am grateful.

Here is what I need to do. I need to drop access to the AOL website
as well as some of the other subdomains for MSN messenger, Yahoo and
the like. I have blocked ports on the firewall here, but I also want
to block access to the AOL website and what not.

I have 2 Windows 2K DC's on network. One is in Standard Primary
mode, the other is a secondary standard. I am wanting to list these
domains, however, I have noticed that by including the domain
"aol.com" and thus listing subdomain "oscar" and the A record for
"www", having it resolve to the local loop, AOL messenger as well as
the aol.com site are not reachable.

Caveat is that no email sent out from my company can be sent to this
domain. I have tried adding the nameservers and what not into the
domain record, I am considering just setting up a BIOND server on
the side and to say to hell with it all, but I figured I would see
what I am "recommended in doing " in the Win2K DNS environment.

Adding a zone named aol.com will stop your DNS server from resolving any
name in aol.com that you don't specifically add records for or delegate.
As for the mail server, Exchange and many other mail servers allow you to
define an external DNS server for it to use for mail delivery.
This may not stop some very resourceful users from accessing aol.com or
using AOL Instant Messenger. A good firewall or proxy would be your best
bet.

 

[Ace Fekay [MVP]]

In

Greetings to all,

I know that I am missing something here and if anyone can shed some
light for me, I am grateful.

Here is what I need to do. I need to drop access to the AOL website
as well as some of the other subdomains for MSN messenger, Yahoo and
the like. I have blocked ports on the firewall here, but I also want
to block access to the AOL website and what not.

I have 2 Windows 2K DC's on network. One is in Standard Primary
mode, the other is a secondary standard. I am wanting to list these
domains, however, I have noticed that by including the domain
"aol.com" and thus listing subdomain "oscar" and the A record for
"www", having it resolve to the local loop, AOL messenger as well as
the aol.com site are not reachable.

Caveat is that no email sent out from my company can be sent to this
domain. I have tried adding the nameservers and what not into the
domain record, I am considering just setting up a BIOND server on
the side and to say to hell with it all, but I figured I would see
what I am "recommended in doing " in the Win2K DNS environment.

In addition to Kevin G's reply, setting up a BIND server isn't going to help
in this scenario. A proxy (MS, Netscape or whatever brand) is what you
really need to block AOL's website and other sites and ports, but still
let's mail thru. Super Scout is another suggestion (similar to a Proxy).

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Jonathan de Boyne Pollard]

J> I am considering just setting up a BIOND server on the side and
J> to say to hell with it all, [...]

That sort of blind floundering around won't do you any good. Your goal is not
a DNS service goal, and is not achieved by changing your DNS service, either
by changing what DNS data you have or by changing what DNS server software you
use.

Your goal is an _HTTP service_ one. You achieve it by changing your HTTP
services. Set up a proxy HTTP server, require that everyone use it, and
configure the proxy HTTP server to prevent access to the relevant web sites.