Blocking *.example.com at the OS (Windows) level

Solution 1:

The "easiest" way to do this would be to run your own DNS server and add primary zones for the domain(s) you want to block. You wouldn't even need to create 'A' records. any references to hosts within the zone (domain) would be returned unresolved by your DNS server. Posadis is one freeware/open source DNS available that runs under Windows (though I have not used is personally). Of course, if you have just about any version of Windows Server running anywhere, you can use Microsoft's DNS server.

One side "benefit" of this solution is that you could (if you wanted to) redirect requests to the "banned" domains to an internal "not allowed" web page.

Solution 2:

Try an IP blocker

http://blocklistpro.com/download-center/protowall/

There are many other IP blockers available, most allow you to make your own block lists and allow for ip ranges

Some do not work with W7 very well, do your homework.

Solution 3:

Taking over the DNS resolver functions is a good solution. You may want to sign up for an account at OpenDNS and hard code the DNS server settings in Windows to use OpenDNS as your resolver. They allow you to enter domains that will always be blocked. Sign up is free but a small fee gets you extra features.

Solution 4:

Use OpenDNS. They can do category filtering('Nudity', 'Pornography', 'Gambling', 'Adware', etc) in addition to individual domains. Downside is that it requires a little extra setup on the server side for dynamic updates, but it is documented here.