I would install a firewall on whatever server/service that the IP is actually bound to and block whoever you want there. You could block them at the DNS server which would keep them from using those resolvers but it wouldn't stop them from using something like Google Public DNS to get the records.
Thanks Mike. I don't quite understand the firewall part.
I don't have any control at the destination servers (the IP I want to block). On the client end (my users), I have no control either except that they will be forced to use my DNS server to resolve domain names.
How can I prevent direct IP access to the client end by manipulating my DNS server? Is it even possible?
You can't, no. Directly accessing a system via IP has absolutely nothing to do with DNS short of finding out what that IP is initially (i.e. resolving a domain name to an IP address). Once they have the IP, there's nothing you can do to stop it short of putting a firewall in place.
As Mike as stated there isn't a huge amount that you can do. When the client tries to resolve your IP address they they request your IP from their ISPs DNS server then their ISPs DNS server talks with your DNS server so there is no way to know who is trying to resolve your domain name.
Blocking the end users access to your server (web/ftp etc) via IPtables is your best bet, if the user really wants your servers IP address then they will get it.
██ | Brad - Hoopla Hosting - Email or add me to Gtalk! brad [at] hooplahosting.com
██ | Web Hosting New Zealand - Reseller Hosting - cPanel - Zurmo Hosting - Softaculous - CloudFlare
██ | VPS - SolusVM - E3-1230 - RAID10 - 1Gbit