[1boredguy]

Hello,

I need help. I want to disable gmail chat in a network, under a DNS server. I found these directions on the gmail help center, but I'm clueless of DNS server editing. How/where do I block DNS lookups?


"I am a network administrator, and need to disable Gmail's chat features on my network.
We understand that it's sometimes necessary to disable instant messaging services on a network. If you need to prevent Gmail users on your network from chatting, we suggest blocking DNS lookups to chatenabled.mail.google.com, by returning 127.0.0.1."


Any replies are appreciated!

This post has been edited by 1boredguy: 12 May 2006 - 09:45 AM

[Gouki]

I think you need a 'static' entry on the Forward Lookup Zone so that the domain name ( chatenabled.mail.google.com ) gets resolved to 127.0.0.1.

[1boredguy]

Gouki, on May 12 2006, 11:06 AM, said:

I think you need a 'static' entry on the Forward Lookup Zone so that the domain name ( chatenabled.mail.google.com ) gets resolved to 127.0.0.1.

I created a new Zone. Does it matter if it's primary or active directory-integrated?

I just left the zone blank. It seems to work just like that, the chat feature doesn't load.

[Gouki]

Well, if it worked, great. I suggest Active Directory Integrated Zone. If you have the DNS server also as a DC, do it.

[1boredguy]

Gouki, on May 12 2006, 11:26 AM, said:

Well, if it worked, great. I suggest Active Directory Integrated Zone. If you have the DNS server also as a DC, do it.

Thanks, very cool! If I want to return 127.0.0.1, then where do I do that?

If I get the "properties" of the zone, I see the tabs: General, State of Authority, Name Servers, WINS, Zone Transfers.

[Gouki]

Create a new A record.

[RJARRRPCGP]

1boredguy, on May 12 2006, 11:44 AM, said:

Hello,

I need help. I want to disable gmail chat in a network, under a DNS server. I found these directions on the gmail help center, but I'm clueless of DNS server editing. How/where do I block DNS lookups?


"I am a network administrator, and need to disable Gmail's chat features on my network.
We understand that it's sometimes necessary to disable instant messaging services on a network. If you need to prevent Gmail users on your network from chatting, we suggest blocking DNS lookups to chatenabled.mail.google.com, by returning 127.0.0.1."


Any replies are appreciated!

I dunno about that, because if people know the IP address, then they can get around that!!

[Gouki]

He can still add a new record to the Reverse Lookup Zone. That should get that problem fixed.

[cluberti]

Ultimately, the only "sure-fire" way to block traffic anywhere is to use a proxy and funnel all traffic through it. DNS bloking will work for DNS names, but someone connecting to the IP address will bypass. However, if you don't have a proxy in place, the DNS blocking should work for most users, at least for a good while.

I'd still ultimately suggest a proxy to do things like this, but the DNS workaround will work.