Thanks for the reply. I'm pretty sure that it can be done in ISA20006 also. My question is which way would be the most efficient. By setting it up in DNS, I could redirect those requests to a local page which could tell the users what is going on and give me one easy log to monitor for these.
...Tim > -----Original Message----- > From: Ben Scott [mailto:[EMAIL PROTECTED] > Sent: Monday, March 17, 2008 6:06 PM > To: NT System Admin Issues > Subject: Re: DNS Wildcard zones for malware protection > > On Mon, Mar 17, 2008 at 7:39 PM, Tim Evans <[EMAIL PROTECTED]> wrote: > > I've been looking at www.malwaredomains.com and thinking about > setting up a > > block list using their list of malicious domains. I'm thinking about > doing > > this by setting up a wildcard zone for each domain on our DNS server. > > You don't need to use a DNS wildcard record. Simply claim authority > for the domain in question, and any subdomain which might be > referenced under the domain will get an NXDOMAIN record in return. > > > Right now, the list has almost 20,000 domains. > > With that many, you might want to configure your Windows nameservers > to forward queries to different server, and do the filtering on that > server. Possibly using ISC BIND or another nameserver program. I > haven't seen any reports on Windows 2003, but MS-DNS in Windows 2000 > tended to... "have issues"... under large loads like that. It wasn't > really designed with that in mind. > > > -Is there a more efficient way to block these domains (we also have > ISA > > 2006)? > > I would be fairly surprised if ISA didn't have a web filter with > domain blacklisting facility. > > I know you can do it with Squid. > > -- Ben > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
