Network Administrators and Engineers alike today are often on the front lines of system and
network security.  Many times they are charged with figuring out exactly how their
organization should go about implementing delicate policies.  One of the most delicate areas
to address can be what is or is not appropriate internet usage.  While there are various
commercial solutions to the problem, there are very few (if any) effecitve free solutions. 
Additionally, being a security professional myself, I'm inherently mistrustful of security type
programs for which I am unable to obtain the source code.

Project Goals
  This project was born of a need to eliminate clearly non-business related material from a
  corporate network that I maintain as well as to allow us to restrict other more troublesome
  activities.  For instance, one site that I maintain has a pretty open policy when it comes to
  internet usage and the Firewall administrator has been prohibited from blocking most every
  type of traffic.  Now, however, as distributed file sharing programs and adult internet usage
  is on the rise, the policies are shifting to permit programs and images if this sort to be
  restricted, but how to do it?  Especially if you already have something like, say, gnutella in
  your network?  File sharing programs of this sort that can migrate to different ports become
  more difficult to block, especially when you are unable to implement a true lock down with
  your firewall.  Enter the DNS Blocker.

How it works
  DNS Blocker functions by passively monitoring all UDP based DNS traffic that passes on
  the network.  It works rather well sitting at the border of your network or even sitting on the
  corporate DNS server if the DNS server stands between the clients and the internet.  If you
  don't position the blocked at the border of your network and someone is clever enough, they
  can simply redirect their DNS requests to an external DNS server that's upstream from your
  DNS server.

  As the DNS requests pass by, the blocker software compares each request to three lists. 
  First, the name is checked against a list of explicitly approved sites.  If the name is on this
  list, the request is ignored unmolested.  The next list is a list of explicitly blocked sites.  
  The final list is a list of strings that you are interested in blocking.  For instance, if you're
  interested in blocking adult sites, you would likely have the string "sexy" in the string list.
  If the DNS request matches anything in the last two lists, the blocker software spoofs an
  authoritative reply from whatever server the request was directed to.  The reply contains a
  user configurable IP address.  In my environment, this IP address points to a machine running
  an apache web server configured to rewrite any request into a request for an "Access
  Denied" cgi script which logs the attempt, the time, which machine it was from, the full URL
  requested as well as attempting some information gathering against the requesting host and
  logs this as well.  Of course, a pretty "Access Denied" page is printed explaining my
  organization's appropriate use policy.

What do I need?
  The software currently comes in two forms.  You can either download the source code which
  should compile out of the box on any linux system on which you can install libnids and
  libpcap.  I would expect the code to work on any other platform on which you can compile
  and install these two packages as well.  This is our first release, so you'll have to do some
  tinkering.

  If you choose to use this software, my only request is that you post your constructive
  comments and feedback on the boards here on Sourceforge.

Enjoy!