Please teach me how to remove DNS completely and permanently.

Page 1 of 2 12 LastLast

  1. hma
    Posts : 4
    Windows 7 64 bit
       #1

    Please teach me how to remove DNS completely and permanently.


    Hi everyone,

    Could somebody teach me how to remove Windows 7 (Home Premium) DNS completely and permanently?

    I want to use hosts file instead of DNS to visit less than 5 websites only.

    I am not asking how to disable DNS Client Services.

    Help will be greatly appreciated. :)
      My Computer

  2.    #2

    What do you mean remove DNS?

    This may be useful to read -Domain Name System - Wikipedia, the free encyclopedia
      My Computer


  3. Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       #3

    Aye, x BlueRobot is correct. Removing DNS is like trying to delete the foundations of the internet

    If you are obtaining an IP address stack via DHCP then it is almost certain that your DHCP server is handing out a DNS sever for you to use. Please follow this tutorial on the interface used to connect to the internet but rather than entering a severs IP address please leave the box empty.

    DNS Addressing - How to Change in Windows 7

    To apply to all clients within the network you would need to edit the DHCP scope options. Typically in most home environments this is managed by the router therefore you would need to make the changes there.

       Note
    Remember to either reboot the machines or type ipconfig /renew into a command prompt otherwise the clients will still use their old leases.


    Also understand that this will not restrict any internet access but rather prevent you from accessing severs using their hostnames. Also you may find issues with websites that use load balancing unless you map all IP addresses because if the one IP address you use goes down then you will not be automatically redirected a working server. An example of Google's multiple servers can be seen below:

    Please teach me how to remove DNS completely and permanently.-nslookup.jpg

    Another point to consider is that internet IP addresses can change and do change all the time therefore any previous mappings in your hosts file will be rendered useless.

    All in all, I would strongly advise against such task and personally would only use the HOSTS file to map local computers rather than internet addresses. If you wish to restrict internet access then I would setup an Access control list to block or allow only specific websites offering a more redundant option.

    Hope This Helps,
    Josh :)
    Last edited by Shadowjk; 26 Aug 2013 at 16:28. Reason: Grammar correction
      My Computer


  4. Posts : 31,242
    Windows 11 Pro x64 [Latest Release and Release Preview]
       #4

    The safest way I can think of achieving this in win7 is by the use of parental controls, create a standard user, apply parental controls, set to use a site white list and add your allowed sites to this list

    This just controls access on a user by user basis whilst not risking issues when system processes are blocked from access the net
      My Computers


  5. hma
    Posts : 4
    Windows 7 64 bit
    Thread Starter
       #5

    Thank you very much for these quick answers.

    To clarify my request further more. I want to block my PC from going out using any DNS services on the Internet. I want to use hosts file completely instead of DNS servers. I don't mind keeping updating hosts file regularly. I am not afraid of website load balancing might make me update hosts file more often.I just do not want my PC to use any DNS. Maybe DNS Client Service removed or uninstalled would do the job......, I am guessing.

    I want my PC to be unable to connect to any DNS completely and permanently. I want that function disappear forever.

    Thank you very much for your help.:)
      My Computer


  6. Posts : 102
    Windows 7 Profession x64
       #6

    Could you statically assign your DNS servers to your loopback address (127.0.0.1)? Go to network and sharing center in your control panel, click change adapter settings, right click your network adapter, and change your DNS servers to static under IPv4 and / or IPv6 by clicking on their respective properties. I would start here and then look at blocking DNS with something like Peerblock or by crippling services and / or changing firewall rules. There is a default windows outbound firewall rule allowing DNS (UDP-Out) that you could try disabling. Good luck!
      My Computer


  7. Posts : 10,485
    W7 Pro SP1 64bit
       #7

    diplo said:
    Could you statically assign your DNS servers to your loopback address (127.0.0.1)? .....
    @OP,
    The method quoted above is the best way to point DNS queries back to the local computer... but apps can still get to web based servers if they know the IP address of interest. You don't want to break the DNS process as doing so will slow stuff down as apps wait for a DNS reply.

    Disabling/removing the DNS service will not stop DNS queries from being made. It will just force each app to make their own DNS queries. I keep the DNS service disabled and you should too for this setup.

    How will you handle the Windows update process and anti-virus updates?

    Let us know how this works out for you.
    Last edited by UsernameIssues; 27 Aug 2013 at 23:17. Reason: typo
      My Computer


  8. hma
    Posts : 4
    Windows 7 64 bit
    Thread Starter
       #8

    Thank you very much for these good suggestions.:)

    Once I finish testing, I will report it here to let everybody know the results.

    I do not worry about Windows update and anti-virus updates. This PC will be used to do online banking and stock trading only. No surfing at all. I use at least one or two external commercial firewall(s) (like Palo Alto, Fortinet, Check Point, or Sonicwall) to protect it.
      My Computer

  9.    #9

    hma said:
    I do not worry about Windows update and anti-virus updates. This PC will be used to do online banking and stock trading only. No surfing at all. I use at least one or two external commercial firewall(s) (like Palo Alto, Fortinet, Check Point, or Sonicwall) to protect it.
    That's even more reason to check Windows Updates and anti-virus definitions.
      My Computer


  10. Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       #10

    I wouldn't rely on your firewall to protect you unless it has some sort of intrusion prevention system. An attack can come in the same port as your web traffic (TCP port 80). Equally if you get infected by any malware whether it be from a thumb drive or the internet then it is likely for it to remotely connect to a host without your knowledge. This could be done using TCP port 80 which is the same port as your HTTP traffic.

    Also, it is possible for some malware to spoof the DNS servers and use that therefore to reduce this risk I would strongly recommend placing a deny inbound statement on the inside interface of your firewall to deny any DNS requests (UDP port 53). Please understand that this will not restrict any communications that use IP addresses and if I were to make some sort of application I would set the machine to connect to an IP address rather than a URL since my remote server will most likely not be in the public DNS servers.

       Note
    This would apply to all hosts if done on your firewall. If you wish to only do it on a single PC then you would need to edit the personal firewall


    Just a caution that you may wish to consider,
    Josh
    Last edited by Shadowjk; 28 Aug 2013 at 08:20.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:57.
Find Us