Admin Tips
- Windows Server 2008/2003/2000/XP/NT Administrator Knowledge Base
  - Windows NT
    - User Tips
      - Security
        Preventing Spyware Infections with DNS

Section(s): Security
Published on Aug 21, 2008.
Last Modified on Jul 03, 2008.
Last Modified by Chris Sanders.
Rated 1 out of 5 based on 1 votes.

Fighting spyware on client computers within a network is a constant battle. This tip describes a technique that will help prevent certain spyware sites from being accessed.

One of the biggest battle any network engineer has to fight is constantly dealing with spyware issues on client PCs. One technique that is commonly used to prevent devices from accessing known spyware related sites is using DNS to blackhole these domains. In doing this, you create a record on your internal DNS servers for a particular domain so that the server things it is authoritative for that domain. When a client computer using this server for DNS queries that name, the server will be configured to point it to a loopback address of 127.0.0.1 or something like 0.0.0.0. The end result is that the client computers cannot access these malicious sites.

Doing this in DNS is as simple as creating a forward lookup zone for the domain in question. You can get a pretty good listing of some known spyware related domains at http://malwaredomains.com/.

About Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at www.chrissanders.org contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.