Putting a Stop to Internet Marketing - Modified DNS

Article Index

Modified DNS

The second place where sites can be blocked is at the local DNS server. Since home users generally do not have a DNS server on their network, they can skip reading this part. If you have a DNS server, you would know it because you would have had to configure it yourself or you are the network administrator for your company. For the purposes of this article, I am going to assume that you are running Microsoft Windows Server 2000 or greater to provide internal DNS to your local network.

Microsoft’s DNS service is generally considered to be dynamic because it constantly updates its cache with new sites. It conforms to the BIND standards and is easy to modify and manage. For this exercise, we will be adding zones to intercept requests from the network for resources at an undesired site.


In your DNS tool, expand your DNS server and the Forward Lookup Zones item.  I already have several forward lookup zones added. While I have used forward lookup zones to block ad sites, most of these are configurations to prevent access to specific sites by employees attached to my network. Let’s take a look at both situations.

If you have a problem with too many users accessing a particular non-work-related site such as YouTube, you can create a new zone called youtube.com by right clicking on the Forward Lookup Zones heading. Once the zone is created, you can add a new host (A) record to it. This (A) record can contain either the name of the specific server to block (such as www) or it can contain a wildcard * which will affect all sites within that domain. Generally, you would enter the IP address of a server hosting a blank page to keep this behavior transparent. But you could also have fun and put in the IP address of your primary business application to remind users that they should be doing their jobs rather than playing on company time.

The most useful thing to note is the top entry for adservers. Wolfram Kraushaar has provided instructions here for how to configure your DNS server to utilize its cache to block ad servers. It is worth checking out, but will still require manual updating of the registry on your server to stay current. I have this as a failsafe on the rare chance that one of my users gets smart enough to delete their HOSTS file and restore it to the default.