10.7. Creating a Custom DNS Block List
Problem
You need to create a custom DNS block list (DNSBL) instead of (or in addition to) using a third-party DNSBL service.
Solution
Using a graphical user interface
To create the block list, do the following:
Assemble a list of the IP addresses that you want to block.
Open the DNS Management snap-in (dnsmgmt.msc) using an account that has administrative privileges in your domain.
Expand the server and Forward Lookup Zones objects.
Right-click Forward Lookup Zones and select New Zone. When the New Zone Wizard appears, click Next.
Select Primary zone in the Zone Type wizard page, then click Next.
On the Active Directory Zone Replication Scope page, click Next.
Name the zone and click Next.
On the Dynamic Update page, click the Do not allow dynamic updates radio button and click Next.
Click Finish to create the zone.
Right-click the new zone and select New Domain. When the New DNS Domain dialog box appears, name the domain after the first octet of the first server on your block list. For example, if one of the servers you want to block has an IP address of 1.2.3.4, you'd name this domain 1. Click OK to create the domain.
Right-click the newly created domain and select New Domain; name the new subdomain after the second octet of the host you want to block and click OK.
Repeat step 11, this time using the third octet.
Right-click the third octet's subdomain and select New Host (A).
In the New Host dialog, enter the fourth octet of the blocked host as the host ...