----- "Ryan" <[email protected]> wrote: > > > > If you have a DNS server for internal use in your org, > > consider putting zones on it that are authoritative for the > > sites you wish to block, then putting in a wildcard entry > > that points to 127.0.0.1 > > > > I do that for all of the sites you mention, plus a few others. > > > > I do this for a few sites myself using the dns server in PFsense. I > forward to an internal webserver that has a page that says Get to work > and says some lie about All internet traffic is monitored and repeated > attempts to access this site will be sent to your supervsior. It's > not perfect, but it works well for our user. >
Agreed. I use this method at several locations as well. The DNS server that is authoritative for those domains is on a different subnet/interface as well so I can use a NAT rule to ensure *ALL* DNS traffic is forced to go through that DNS server. It really is pretty slick. However, the more savvy users will just find some proxy out there to use. 'Proxy' has become a new buzzword for the social networking crowd as of late it seems... --Tim --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
