Blocking Instant Messenger Apps at the DNS Level
Michael Kohne
mhkohne at discordia.org
Fri May 11 18:01:53 UTC 2001
At 09:22 AM 5/11/2001 -0700, you wrote:
>I was able to block AOL Instant Messenger by putting an entry for
>LOGIN.OSCAR.AOL.COM (that points to nothing) in our DNS.
>
>Anyone know how to block Yahoo Messenger, MSN Messenger, and ICQ at the DNS
>also? Do they "login" in the servers using a particular DNS query? If
>so, what
>are the lookups that they do?
Ummm... I don't think this is the best way to go blocking these services.
Making false DNS entries is likely to bite you at some later time, AND any
user with enough smarts will get around you by either using IP addresses
directly (in clients where these can be set) or by adding the relevant
hosts to their local hosts file. You are much better off making an IP block
at your firewall or link machine. That way you can be specific about what
hosts you don't want people accessing, without them being able to easily
circumvent you, AND you don't risk your screwed-up DNS biting you later on.
Michael Kohne mhkohne at discordia.org
3000 lbs of wood, 300 foot per minute - DO NOT get in the way.
More information about the bind-users
mailing list