[thelist] Restricting Internet Access by LAN IP

Tue Jun 28 19:16:03 CDT 2005

Place the hosts you wish to resolve into the hosts file.

Then, in the TCP/IP properties for the machine, either:
a) remove the existing DNS servers 
	-or- 
B) point the machine to an internal DNS server that does not perform
recursive lookups or an internal DNS server that believes it's authoritative
for the entire DNS

Cheers
Ken

--
www.adOpenStatic.com/cs/blogs/ken/ 

: -----Original Message-----
: From: thelist-bounces at lists.evolt.org [mailto:thelist-
: bounces at lists.evolt.org] On Behalf Of Matthew Lewis
: Sent: Wednesday, 29 June 2005 8:50 AM
: To: thelist at lists.evolt.org
: Subject: Re: [thelist] Restricting Internet Access by LAN IP
: 
: Okay, I'm not very experienced with using the hosts file beyond very
: basic purposes.  What would I have to do to disallow DNS lookups for
: sites that aren't in the hosts file?  The first option you listed below
: sounds a little more complex than I want to get into, seeing as how I'm
: doing the whole job for free anyway.  The second option, setting the
: computer's DNS to not get service and give DNS resolution by the hosts
: file, sounds doable but I'm not sure how to get started. If anyone could
: provide a quick example, I'd appreciate it.
: 
: > ...Unfortunately, I can't get a Linux machine for this network...
: 
:  > just wondering WHY you can't get a linux
:  > box on the network? As this is the simplest
:  > solution wondering what the restriction is so
:  > we don't come up with a solution that has
:  > the same problem.
: 
: The problems are that the organization in question doesn't have money
: for another box to install Linux on, and if it did, I must confess that
: I have absolutely no experience using anything on Linux beyond web
: applications. I'd hate to have them buy something only to find out that
: I still can't get the system running anytime soon.  I think the hosts
: file will be the easiest alternative at this point, if someone can head
: me in the right direction with it.  I wish I could get Squid to work on
: one of the Windows boxes - but I gave it a try and got absolutely
: nowhere with it.
: 
: Thanks for all the ideas guys,
: 
: Matthew
: 
: Joshua Olson wrote:
: 
: >>-----Original Message-----
: >>From: Ken Schaefer
: >>Sent: Monday, June 27, 2005 9:23 PM
: >>
: >>
: >
: >
: >
: >>A HOSTS file will work.
: >>
: >>
: >
: >The hosts file may help, but is not a total solution.  You would need to
: >disallow DNS lookups for sites NOT in the hosts file.  You could, in
: theory,
: >set the DNS of the machines in question to either an in-house DNS server
: >that only has records for a few sites (those that are allowed) or set the
: >computer's DNS to something that provides no service and provide DNS
: >resolution via the hosts file.