Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, February 21, 2012 7:33 PM
We just got a phishing attempt and I felt really bad that I could not stop people from accessing a domain. Isn't there a way to override a domain in our DNS just for a while so I can stop people from accessing a domain?
We have Windows 2008 R2 DNS servers.
All replies (6)
Tuesday, February 21, 2012 7:54 PM ✅Answered
Yes, you could create a zone for that domain. No need to create any records, unless you want to point them to a webserver explaining why they are there. Having a DNS zone will make you authoritative for it. When people click on the phishing links, their computers will try to resolve the name with your DNS, and of course, will not be able to access the malware site.
Guides and tutorials, visit ITGeared.com.
Wednesday, February 22, 2012 2:20 AM ✅Answered | 1 vote
Jorge provided your answer. For example, when I want to block www.youtube.com, I create a zone called youtube.com, and don't create any records.
Sometimes if I want to play around, I'll create two CNAME records, one called www, and one with no hostname, under it, that both point to the company's website. THis way when they type in www.youtube.com or http://youtube.com, it goes to the company website. That confuses them. :-)
Ace
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Tuesday, February 21, 2012 8:59 PM
Also you may wan't to block all DNS request from all computers except your DNS servers.
Wednesday, February 22, 2012 3:38 AM
Ace, its actually funner to watch people click on the malware link and have them redirected to an intranet page that contains big security icons and a statement about being logged. give it a try sometime :-)
Guides and tutorials, visit ITGeared.com.
Wednesday, February 22, 2012 5:12 AM | 1 vote
You know, I might try that. I did the youtube thing because people were complaining about slow internet speeds during the day, but would speed up after 5PM. After some testing, they were messing wtih streaming music and vids. I am using OpenDNS to control the stuff, but I first did what I mentioned above. Next time I'll create an intranet page, as you suggested, and put a big Jolly Roger flashing GIF with some "pirate" laughter. If they don't get a kick out of it, I will! :-)
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Wednesday, February 22, 2012 10:58 AM
Yes, you could create a zone for that domain. No need to create any records, unless you want to point them to a webserver explaining why they are there. Having a DNS zone will make you authoritative for it. When people click on the phishing links, their computers will try to resolve the name with your DNS, and of course, will not be able to access the malware site.
Guides and tutorials, visit ITGeared.com.
![]()
![]()
Just add , we might also add this domain name into the golabl query block list on that DNS server:
Managing the Global Query Block List
http://technet.microsoft.com/en-us/library/cc794902(WS.10).aspx
Thanks.
Tiger Li
Tiger Li
TechNet Community Support