Hello, > Well, I wouldn't be so strict, something like this could probably be done > using forwarding: > name: whitelist1.dom > forward-addr: 1.2.3.4 > name: whitelist2.dom > forward-addr: 1.2.3.4 > name: . > forward-addr: <ip_of_dummy_nameserver_returning always nxdomain, f.e. > running on 127.0.0.2> Thanks. > Implement transparent HTTP proxy with block list or even simple firewall > rules are better. Not trivial on single windows workstation. > Protection on DNS level is very fragile and probably could > be easily circumvented if not implemented together with strict firewall > rules. I know. greetings Carsten