The network on/off status of the LAN is “mastered” by the DNS server

  
        

In today's stock market, the market is getting hot and mad, and the whole people are crazy about stocks. Many employees in the work are not working at work, but they are checking the stock information online and analyzing the stock market online. As a unit owner, they definitely don’t want their employees to go to work. During the period of things that have nothing to do with work, can we have the means to control the Internet access of workstations in the local area network in the hands of the boss? Maybe someone will say, & ldquo; This is not easy! As long as the network cable that connects the workstation to the switch is unplugged, or the network card device is temporarily disabled directly in the workstation, it will not solve the problem! ” However, these control methods are relatively "savage", not only easy to cause "public anger", but also may affect the normal work of the important workstations in the LAN, and the control efficiency of these methods is also very low.

In fact, most of the current workstations use the routing and forwarding function in the LAN server to share the Internet. We can use the DNS forwarding function in the server to control the LAN very easily and conveniently. The Internet connection status of the workstation ensures that the network on/off status of the LAN is controlled by the DNS server "master”! Below, this article takes the Windows 2000 system server as the operating blueprint, and gives you a detailed introduction on how to effectively control the network on/off status of workstations in the LAN through the forwarding function of the DNS service.

Network On/Off Control Environment

Assume that there are 20 ordinary workstations in the local area network and one server with Windows 2000 system. They are connected to a switch with 24 ports at the same time. The IP addresses in each common workstation in the LAN are dynamically allocated by the server's DHCP service, and they all share the Internet through the routing and forwarding function in the Windows 2000 server, while the Windows 2000 server directly through the ADSL device. Dial-up Internet access. In order to be able to access the contents of the Internet, each workstation uses the DNS server in the LAN as the domain name resolution server; now, we hope that every workstation in the LAN cannot perform normal domain name resolution through the DNS server during work. As a result, every workstation during the work hours will not be able to access the Internet to view information or observe the stock market.

Network On/Off Control Preparation

In order to ensure that workstations on the LAN can use the DNS server on the intranet, we must first install and set up the DNS service on the Windows 2000 server. By default, the Windows 2000 server does not have the DNS service installed. At this point, we can click the “Start”/“Set”/“Control Panel” command in the server system desktop to pop up afterwards. In the interface, double-click the "Add or Remove Programs" option, and then click the "Add/Remove Windows Components" tab to open the Windows Component Add Wizard dialog box (shown in Figure 1); use the mouse to select the component list. In the “Network Service” option, click the “Details” button under the option to enter the network service list interface, select “DNS Service” from the list interface, and then click ““ The next step is to complete the remaining installations as prompted by the wizard, so that the DNS service component in the Windows 2000 server is successfully installed.


Figure 1

In order for the DNS server to properly provide domain name resolution services for LAN workstations, we also need to properly configure the DNS server. When configuring the DNS parameters, we can click the “Start”/“Set”/“Control Panel” command, and then double-click the <quo;Administrative Tools” icon in the pop-up window. In the subsequent interface, double-click the “DNS” option to open the DNS console interface of the server system;

Then in the console interface, click “Actions<quo;/“ Configure the server & rdquo; command, then follow the wizard prompts to set the DNS server's zone name, network identification parameters, and add relevant host records; the above DNS parameters can be arbitrarily set, after all, we do not really want to use the DNS The server performs the domain name resolution operation, but only wants to borrow the forwarding function of the DNS server to achieve the network connectivity control purpose of the LAN workstation.

After configuring the parameters of the DNS server, return to the main window of the DNS console, and right-click the target DNS server you just configured, and execute the “Properties” command from the shortcut menu that pops up. Go to the property setting interface of the DNS server; click the "repeater" tab in the interface to open the label setting page as shown in Figure 2, select the "Enable forwarder" option in the page, and then In the “IP address” box of the page, enter the DNS server address on the Internet that can provide the domain name resolution service. Therefore, once the intranet DNS server receives the domain name resolution application from other workstations on the LAN, it will automatically pass. The forwarder sends the address request request to the real DNS server specified here for processing, and after the real DNS server completes the parsing task, it returns the parsing result to the target LAN workstation through the repeater of the intranet DNS server, in which case LAN workstations can successfully access content on the Internet.


Figure 2

Network On/Off Control Operation

Now we want to control the network connectivity of LAN workstations through the intranet DNS server. It is also necessary to properly configure each workstation parameter in the LAN. When configuring the Internet access parameters of the workstation, we can right-click the “My Network Places” icon in the system desktop and execute the “Properties” command from the pop-up context menu to open the network connection list window of the workstation system. Then right click on the "Local Area Connection" icon in the network connection list window, and execute the "Properties" command in the shortcut menu to open the local connection property setting interface, select "“ in the general tab page of the interface". Internet Protocol (TCP/IP)” option, click the “Properties” button to enter the TCP/IP property setting window as shown in Figure 3; select “Automatically obtain IP address” in the setting window. Option, select “ use the following DNS server address & rdquo; project, then enter the IP address of the host where the intranet DNS server is located in the address box activated after it, and finally click the "OK" button to end the LAN workstation Internet parameter configuration work.


Figure 3

After the workstation's Internet access parameters are configured successfully, we also need to restart the workstation system so that the workstation's Internet access parameters can be valid. Now, when the LAN workstation needs to access the content on the Internet, the IE browser will automatically send the domain name resolution request to the DNS server of the intranet. Once the DNS server of the intranet receives such an address resolution request, it will pass its own The forwarder function is forwarded to the real DNS server; after the real DNS server completes the target resolution request, it will automatically feed the parsing result back to the IE client program of the LAN workstation through the intranet DNS server. Then IE browser can access the content on the Internet.



summary:

If we prohibit LAN workstations when accessing Internet content networks during working hours, only need to open the transponder tag settings page shown in Figure 2 Then, the "Enable Forwarder" option in the page is cancelled. In this case, the domain name resolution request of the LAN workstation cannot be forwarded to the real DNS server, and the target workstation cannot access the real and effective Internet. Website address, then the target workstation will naturally not access any website content, of course, this also includes the inability to query stock information and analyze the stock market online. When it is necessary to restore the Internet connection status of the target workstation during the work hours, we only need to re-enable the forwarding function of the DNS server and re-enable the transponder function, so that the target workstation can be re-visited.

How is this way of controlling LAN access is very simple and convenient? More importantly, this kind of Internet access control is not easy to be noticed. It is not easy to use this method to control the employees' access to the Internet. “Popular anger”

Copyright © Windows knowledge All Rights Reserved