Using the cisco IOS to black list domain names
this configuration can be used to to black list domains by redirecting the request to an inactive IP
ip dns view BLOCK
logging
dns forwarder 10.0.0.254
ip dns view COMPANY
domain list company.local
dns forwarder 10.10.8.4
dns forwarding source-interface FastEthernet0/1
ip dns view default
dns forwarder 8.8.8.8
dns forwarding source-interface FastEthernet0/1
ip dns view-list DNS
view BLOCK 1
restrict name-group 2
view COMPANY 10
restrict name-group 1
view default 1000
ip dns name-list 1 permit .*.company.LOCAL
ip dns name-list 1 permit \.company\.LOCAL
ip dns name-list 1 permit 10\.IN-ADDR
ip dns name-list 1 permit company.LOCAL
ip dns name-list 2 permit AMZDIGITAL-A.AKAMAIHD.NET
ip dns name-list 2 permit AMZDIGITALDOWNLOADS.EDGESUITE.NET
ip dns name-list 2 permit SOFTWAREUPDATES.AMAZON.COM
ip dns name-list 2 permit UPDATES.AMAZON.COM
ip dns server view-group DNS
ip dns server