Preventing Spyware Infections with DNS

by Chris Sanders [Published on 21 Aug. 2008 / Last Updated on 3 July 2008]

Fighting spyware on client computers within a network is a constant battle. This tip describes a technique that will help prevent certain spyware sites from being accessed.

One of the biggest battle any network engineer has to fight is constantly dealing with spyware issues on client PCs. One technique that is commonly used to prevent devices from accessing known spyware related sites is using DNS to blackhole these domains. In doing this, you create a record on your internal DNS servers for a particular domain so that the server things it is authoritative for that domain. When a client computer using this server for DNS queries that name, the server will be configured to point it to a loopback address of 127.0.0.1 or something like 0.0.0.0. The end result is that the client computers cannot access these malicious sites.

Doing this in DNS is as simple as creating a forward lookup zone for the domain in question. You can get a pretty good listing of some known spyware related domains at http://malwaredomains.com/.

See Also

Featured Links