On Mon, Mar 17, 2008 at 7:39 PM, Tim Evans <[EMAIL PROTECTED]> wrote: > I've been looking at www.malwaredomains.com and thinking about setting up a > block list using their list of malicious domains. I'm thinking about doing > this by setting up a wildcard zone for each domain on our DNS server.
You don't need to use a DNS wildcard record. Simply claim authority for the domain in question, and any subdomain which might be referenced under the domain will get an NXDOMAIN record in return. > Right now, the list has almost 20,000 domains. With that many, you might want to configure your Windows nameservers to forward queries to different server, and do the filtering on that server. Possibly using ISC BIND or another nameserver program. I haven't seen any reports on Windows 2003, but MS-DNS in Windows 2000 tended to... "have issues"... under large loads like that. It wasn't really designed with that in mind. > -Is there a more efficient way to block these domains (we also have ISA > 2006)? I would be fairly surprised if ISA didn't have a web filter with domain blacklisting facility. I know you can do it with Squid. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
