OpenDNS Forums
The official support and discussion site of OpenDNS
Support
K-12 Forums
Categories
- Administrative
- Adult site blocking
- DNS-O-Matic / dynamic IPs
- Domain blocking
- Domain Name System (DNS) troubles
- Mobile instructions
- OpenDNS services
- Proxies, accelerators, and more
- Router instructions
- Satellite
- Shortcuts
- Wishlists and feature requests
-
Feeds
Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.
This discussion has been inactive for longer than 30 days, and is thus closed.
-
Hello,
I'm using opendns for a short time, but i cant solve the problem "using manuel dns"...
if user pc's all settings are automatic, opendns works perfectly; but if a user change dns settings on his own pc with another dns he passes the open dns security system...
what can i do for this problem
thnx. -
- CommentAuthorsnorkpants
- CommentTimeJun 20th 2008
I have the same problem. Setting a pc to automatically get settings for ip and dns everything works fine. However when I set it manually it bypasses opendns. I have a draytek router with the dns setting set in there on 192.168.1.1 and setting the dns manually on the network card to 192.168.1.1 should pick up the correct opendns ip's from there on in but it doesn't. Any ideas? -
This can be solved by limiting the user ability to change the DNS setting, please consult the user guide/manual
-
Within our Network we block Outbound DNS Requests from the firewall, this is simple enough by blocking external port 53 Requests that A. Aren't an Authorized internal DNS Server/Router and B. are not going to Open DNS Name Servers.
Users will then not be able to bypass this. -
hello riskadmin,
do you think you can help me in my almost similar problem:
http://forums.opendns.com/comments.php?DiscussionID=1517&page=1#Item_1 -
thanks to everyone. ill try these suggsesitons... if any other one have an idea, please share to solve this problemm..
but when i block the DNS port number 53, i cant access to internet
how must i block the port number 53 ? -
- CommentAuthormarcusburge
- CommentTimeJun 22nd 2008
Allow port 53 to 208.67.222.222 and 208.67.220.220, but block port 53 to everywhere else. -
On my firewall (Untangle Firewall) this is my setup:
Rule 1: Allow ANY INTERNAL OUTGOING DNS to DESTINATION PORT: 53 and DESTINATION ADDRESS: (OpenDNS DNS IP Addresses)
Rule 2: Block ANY INTERNAL OUTGOING DNS to DESTINATION PORT: 53 and DESTINATION: ANY
In other words, if anything on port 53 (DNS port) goes to the OpenDNS IP addresses then the traffic is passed. If anything on port 53 goes to anything OTHER THAN OpenDNS IP addresses (such as Level3 DNS servers 4.2.2.1+) then it is blocked.
This works well for me because I have an open access network and can't control client PCs via GPOs.
http://johndball.blaize.net/2008/06/22/preventing-opendns-content-bypassing/Thankful People: lillkax -
- CommentAuthorbarneymcgrew
- CommentTimeAug 5th 2008
Snorkpants
Don't know if you've fixed this yet but there is a Telnet command to force manual DNS settings on Draytek Vigor routers. It is as follows:
"srv dhcp frcdnsmanl on" (without the quotes)
It will respond with: "Domain name server now is using manual settings!"
So, to be clear, put the OpenDNS settings in via the web GUI and then telnet in, issuing the command above. You should find the DNS server settings will then be as you want them and will stay put too!
Hope this helps.
1 to 9 of 9
This discussion has been inactive for longer than 30 days, and is thus closed.
