Your IP:

Our Forums Have Moved!

Visit our new forums at https://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorzs474
    • CommentTimeJul 26th 2011
     permalink
    Hi,
    i need to install Free OpenDNS for clients,
    the problem is, if they have a savvy kid that knows his way around in computers.
    so i was thinking that the best way is to Configure it on the 'Router' , that way there is a password on the router and the kid wont be able to change the DNS settings.

    or Option 2- Configure it on a admin account?(i don't know if it will help not changing the DNS in the other accounts?)

    is there a better way?

    Thanks in advance
    ZS
    • CommentAuthorkeith_b
    • CommentTimeJul 26th 2011 edited
     permalink
    Configure it on the router, and also block outgoing port 53 on your routers firewall, so that DNS requests cannot get past your router.

    That will prevent access, if users change the DNS settings on their computer.
    • CommentAuthorzs474
    • CommentTimeJul 26th 2011
     permalink
    Hi keith_b,
    Thank you very much
    • CommentAuthorgcastleton
    • CommentTimeAug 22nd 2011
     permalink
    You can also purchase a router that has OpenDNS filtering built in. I have been using one from simplethimble.com that works very well. keith_b is right about port 53 - it needs to be either blocked or redirected to make sure the filter can't be bypassed. The router I use redirects all DNS requests, so if someone sets their IP Settings manually, they will still be sent through the filter.
  1.  permalink
    gcastleton:

    You dug up 5 threads to post this same thing. At this point, it looks an awful lot like spam.
    • CommentAuthorrotblitz
    • CommentTimeAug 22nd 2011
     permalink
    Fine, but what is this to do with the topic of this thread? :confused:
    Or trying to spamvertize this router? :angry:
    This is nothing exceptional and can be done with many routers...
    • CommentAuthorRed Prince
    • CommentTimeAug 22nd 2011
     permalink
    >>At this point, it looks an awful lot like spam.<<

    That’s because it is.
    • CommentAuthorgcastleton
    • CommentTimeAug 22nd 2011 edited
     permalink
    I apologize, I recognize that it does look like spam. The fact is it does work well, and solves the problems many of these people are having ... OpenDNS is a great way to content filter your service, but some people prefer to have some of the set up done for them, that's all the router does.

    rotblitz - there actually is something different this router does - it uses iptables to forward all DNS lookups to OpenDNS. I have yet to find a regularly available router that can do that. Do you know of one?
    • CommentAuthorgcastleton
    • CommentTimeAug 22nd 2011
     permalink
    And how could this be construed as not on topic? The poster is directly asking about a way for content filtering to not be subverted by manually changing IP settings, or any other way. This router is one way to do that very easily across multiple devices. It comes preconfigured to use OpenDNS for filtering, you never have to touch it again. Are there other ways to do this? yes, of course, they have been mentioned here and elsewhere. But this is a viable option.
    • CommentAuthorrotblitz
    • CommentTimeAug 22nd 2011
     permalink
    "it uses iptables to forward all DNS lookups to OpenDNS. I have yet to find a regularly available router that can do that. Do you know of one?"

    Yep, any router flashed with DD-WRT, OpenWRT, Tomato and others. And all internal DNS servers based on Linux (e.g. SQID) or coming with their own OS like BIND or Untangle.

    http://forums.opendns.com/search.php?PostBackAction=Search&Keywords=iptables&Type=Comments&btnSubmit=Search

    And some others which can't, you can at least block port 53 by an outbound firewall rule, so the user can't use an alternative DNS service.

    "And how could this be construed as not on topic? The poster is directly asking about a way for content filtering to not be subverted by manually changing IP settings, or any other way."

    No, read again. He does the configuration himself for others and wanted some hints on how doing it.

    "Buy this and that" without first trying with what's already available *is* spam! Also, you posted this in around five threads, and it was always off-topic regarding the matter being discussed there. I could have understood if you opened your own thread pointing once to the product, this leaving the mods to decide to leave it or to delete it...
    Thankful People: Red Prince

This discussion has been inactive for longer than 30 days, and is thus closed.