Windows 7 – How to Block a Domain or Website Without Using Hosts File?

You could use OpenDNS (it's free) as your DNS service provider and then use its filtering/monitoring services.

"Join more than 40,000 schools and districts, including some of America's largest, that use OpenDNS today to achieve CIPA compliance and keep their kids safe online. Start using OpenDNS! It's free. Make navigating the Internet on your network a safe and controlled experience with OpenDNS. Easily achieve CIPA compliance required for E-Rate funding, and make access to online learning tools easier, while blocking unsafe and inappropriate Web sites — including proxies and anonymizers — altogether. There's no appliance to buy and you can manage filtering for all schools in your district from one centralized Web-based dashboard. "

I Assume with hosts file you're talking about /etc/hosts or it's os specific equivalent, if not, my answer won't be of any value.

First, you're lucky, as it doesn't care (or, correctly, know) anything about protocols. the hosts file is only about hostnames (or domains).

Second, you're bad luck. There is no way to retrieve all existing hosts under a specific domain. In fact, the names could be even dynamic, and don't need to exist befor beeing queried.

To block anything behind example.com., you have two options:

1. Run your own local DNS server, with a record for *.foobar.com., and recursing everthing else to the real dns.

2. Sniff on dns traffic, grep every request for foobar.com., and dynamically add all labels found that way to your hosts file. This will only take effect after some time, so it's not bulletproof, and will be damn hard to do correct.

2.) is bullshit.

1.) is the way do it. It's the way everyone in the need uses.

Running your own DNS isn't rocket science, and there are lots of friendly resources on the net. Try googling for "bind howto".

But, take a minute and reconsider your goals.

If you want to forbid some program to phone home, a moderate amount of traffic sniffing will probably reveal any hostnames it uses, and you can put them into your hosts file manually.

On the other hand, if you want prevent users (humans) watching youporn, don't bother, they are probably smarter than you, and will circumvent your actions faster than you can deploy them.