Redirecting Objectionable Sites

Discussion in 'DNS Server' started by Bear, Oct 2, 2006.

  1. Bear

    Bear Guest

    Greetings,

    Is there a simple way for me to redirect users that are attempting to use
    outside proxy servers to an internal site using the DNS capabilities of
    Windows Server 2003. For instance, if a user wants to access
    http://www.offsurf.com they could be redirected to http://mywebserver.mydomain

    We are experiencing this issue with our students using these web-accessable
    proxies to bypass our content filtering solution. Unfortunately I am part of
    a consortia that doesn't provide direct access to filtering lists.

    Any suggestions would be greatly appreciated.
     
    Bear, Oct 2, 2006
    #1
    1. Advertisements

  2. Bear

    steve_t Guest

    If you knew the URL for every site that the students are using, you could
    create an alias, or CNAME record, for each site. In your example, you would
    use www.offsurf.com as the alia and mywebserver.mydomain as the FQDN for the
    target host. The biggest problem you'll have with this solution is
    determining all of the sites you want to filter. There are probably other
    solutions as well, but I hope this helps a bit.

    Steve
     
    steve_t, Oct 2, 2006
    #2
    1. Advertisements

  3. Bear

    steve_t Guest

    steve_t, Oct 2, 2006
    #3
  4. The only 100% sure way of doing this is to disable or block NAT to the
    clients and force the use of your own proxy server.
    Creating aliases and zones in DNS won't stop a determined user.

    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Oct 2, 2006
    #4
  5. Bear

    Bear Guest

    Steve,
    Thanks for the input. Would I have to create a new Zone, as wouldn't my
    domain name be appended to the end of the of the record, such as
    www.offsurf.com.mydomain or am I mistaken?
     
    Bear, Oct 2, 2006
    #5
  6. Bear

    steve_t Guest

    I don't think it will append your domain name, but I'm not sure - I don't
    have a system I can play with to test it out. However, as Kevin pointed out
    in his reply, this won't really stop a determined person. Inputting the IP
    address of the site bypasses DNS resolution completely, and it's very easy to
    get that information.

    Steve
     
    steve_t, Oct 2, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.