Maybe I wasn't clear...
> 1: You can tell your DNS server that it is authoritative for any domains
> you want, but since DNS is hierarchical, the rest of the Internet won't
> take a blind bit of notice of it, unless your local DNS registration
> authority sanctions it ("I want to be authorative for Microsoft.com".
> "You can't, because Microsoft has the right to authorization for
> Microsoft.com).
Exactly! But you can control which DNS server your users use. When you
set up this 'fakey' DNS server--as in, it doesn't communicate with
others--that thinks it is authoritative, you can tell it that it is
authoritative for anything you want, including Microsoft.com!
>
> 2: You cannot filter out access from given domains to other domains with
> a DNS server.
I'm not sure what you're saying here.
