Windows Thread, DNS for AD Group in Technical; Hi,
Is there a way to have a certain AD group use 1 set of DNS and the rest use ...
23rd November 2011, 11:08 AM #1
- Rep Power
DNS for AD Group
Is there a way to have a certain AD group use 1 set of DNS and the rest use another.
Basically I have blocked facebook.com via an A Record in DNS to a dead IP address. I want to block dailymotion for 1 group of users but allow it for everyone else. I don't have ISA
IDG Tech News
23rd November 2011, 02:17 PM #2
I think the best option might be to setup a proxy.
do you only have the one server?
and I'm assuming you dont have a cache box(proxy)
Depending on the current load or roles your server has then it might be worth installing squid proxy using AD authentication, I've never done this but based on the fact our school is using a Cache pilot from equinet it uses Ad auth and runs Squid. it allows you to block or allow access to certain sites depending on the AD group they belong to. as well as it's primary function to serve as a web cache.
24th November 2011, 08:07 AM #3
I would do this with a proxy/firewall. But i guess you could do this the hard way by creating a loginscript that copies a modified hostname (that points facebook.com to dead ip) based on AD groups to the local machine.
24th November 2011, 08:26 AM #4
I have set up a ubuntu server box with squid, and dansguardian, webmin and the dansguardian plugin for webmin. we have difrent lists for difrent sets of users staff students admin. and it authenitcates via ident which we have deployed through GPO. there is also a script wich i think is on the dansguardian homepage to copy a list of specific users, we copy admin and staff as students are in the lower group so if some one brings anything in and connects they are automaticly filterd as students. and it can be set up transparently so no setings in each machine have to be specifyed if you so wished.
24th November 2011, 09:29 AM #5
DNS is set per domain/network rather than per OU or Security Group. I don't think it'd ever be possible with how Active Directory currently works. I agree a proxy would be the best way.
By bart21 in forum Internet Related/Filtering/Firewall
Last Post: 18th October 2010, 03:09 PM
By Paid_Peanuts in forum Windows
Last Post: 7th December 2007, 06:46 PM
By localzuk in forum *nix
Last Post: 11th February 2007, 08:57 PM
By StewartKnight in forum General Chat
Last Post: 7th February 2007, 10:10 PM
By ajbritton in forum Downloads
Last Post: 10th August 2006, 02:08 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)