Preventing Spyware Infections with DNS

by Chris Sanders [Published on 21 Aug. 2008 / Last Updated on 3 July 2008]

Fighting spyware on client computers within a network is a constant battle. This tip describes a technique that will help prevent certain spyware sites from being accessed.

One of the biggest battle any network engineer has to fight is constantly dealing with spyware issues on client PCs. One technique that is commonly used to prevent devices from accessing known spyware related sites is using DNS to blackhole these domains. In doing this, you create a record on your internal DNS servers for a particular domain so that the server things it is authoritative for that domain. When a client computer using this server for DNS queries that name, the server will be configured to point it to a loopback address of or something like The end result is that the client computers cannot access these malicious sites.

Doing this in DNS is as simple as creating a forward lookup zone for the domain in question. You can get a pretty good listing of some known spyware related domains at

See Also

The Author — Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

Featured Links