For privacy and performance reasons, I'd like to prevent my computer from ever communicating with certain Internet hosts. I'd like to do this at the OS level, not through web browser plug-ins (not broad enough), or even through my home router (my laptop travels). I'd prefer to use built-in tools.
I'm running Windows 7 Professional 64-bit. I'm all too familiar with the Windows hosts file – and its limitations. There seems to be some confusion over whether hosts supports wildcards, but my own tests confirm that it does not.
I have experimented with Windows Firewall and the IP Security Policy MMC snap-in. So far as I can tell, both require numeric addresses. I don't want to block specific IP addresses, or ranges of addresses, in part because IP-address-to-hostname mappings can and do change.
Is there any tool in Windows 7 Professional with which I can block (or route to 0.0.0.0) communication with Internet hosts by hostname mask? If not, are there any good, free, third-party tools?
Best Answer
The "easiest" way to do this would be to run your own DNS server and add primary zones for the domain(s) you want to block. You wouldn't even need to create 'A' records. any references to hosts within the zone (domain) would be returned unresolved by your DNS server. Posadis is one freeware/open source DNS available that runs under Windows (though I have not used is personally). Of course, if you have just about any version of Windows Server running anywhere, you can use Microsoft's DNS server.
One side "benefit" of this solution is that you could (if you wanted to) redirect requests to the "banned" domains to an internal "not allowed" web page.