Preventing Spyware Infections with DNS


One of the biggest battle any network engineer has to fight is constantly dealing with spyware issues on client PCs. One technique that is commonly used to prevent devices from accessing known spyware related sites is using DNS to blackhole these domains. In doing this, you create a record on your internal DNS servers for a particular domain so that the server things it is authoritative for that domain. When a client computer using this server for DNS queries that name, the server will be configured to point it to a loopback address of 127.0.0.1 or something like 0.0.0.0. The end result is that the client computers cannot access these malicious sites.

Doing this in DNS is as simple as creating a forward lookup zone for the domain in question. You can get a pretty good listing of some known spyware related domains at http://malwaredomains.com/.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top