I've been looking at www.malwaredomains.com and thinking about setting up a block list using their list of malicious domains. I'm thinking about doing this by setting up a wildcard zone for each domain on our DNS server. Right now, the list has almost 20,000 domains. We're running Windows 2003 domain & forest functional mode, with AD integrated zones. Our DNS servers are for internal use only and are not publicly accessible. Here is the batch file I'm planning to use:
wget http://www.malwaredomains.com/files/domains.txt for /F "eol=# tokens=1 " %%f in (domains.txt) do @echo %%f >>file.txt for /F %%f in (file.txt) do dnscmd %server% /zoneadd %%f /DsPrimary /DP /forest for /F %%f in (file.txt) do dnscmd %server% /recordadd %%f * A 127.0.0.1 Some questions: -Is there a more efficient way to block these domains (we also have ISA 2006)? -Is there a downside to having all that many domains on our DNS servers? -any other words of wisdoms or warnings before I try this? Thanks. ...Tim ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
