Your IP:

Our Forums Have Moved!

Visit our new forums at https://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthormuzak24h
    • CommentTimeJul 19th 2012
     permalink
    Scenario, if multiple boxes are checked (say, not more than 10) in either Always Block or Never Block (not both): A merge button could parse through checked items to remove sub-domains leaving the lowest common denominator (so to speak).

    Going step further, IMO a better option than above, two buttons at the bottom of each of the lists: 'Export CSV' and 'Import CSV' (to a maximum of 50 domains). Files could be auto-named permit[date-time] or deny[date-time] to help users.

    Us Enterprise Users (identified via session cookie) could benefit by increasing this amount (say, to 250), and possibly the use of a second field (say, a '0' for This Network, and a '1' for All Networks).

    If users post a CSV's too many times in one session, post CSV's with too many records, invalid data or past a certain byte count, an alert could be posted "Sorry, could not process this event" (perhaps in the beginning, with a dis-claimer "this service is in public test-mode, check the forums for status and help").

    Can anyone give (at least the first option) some thought?
  1.  permalink
    I'm not sure how that first option would work. People are going to press that button and eliminate the subdomains that they actually want, and open up or block more than they had intended when they really want to limit to a specific subdomain. Best to know what level domain you want to use in the first place.
    • CommentAuthormuzak24h
    • CommentTimeJul 19th 2012
     permalink
    Merge, as I see it, can only be down (covering more hosts). An example:

    serv1.xyz.net + serv2.xyz.net + serv3.xyz.net + serv4.xyz.net becomes xyz.net

    So a script searches right to left and stops when strings stop matching and then removes the leftmost dot. String merge complete, it then removes listed sub-domains and posts the result.
    Thankful People: jokidd1979
  2.  permalink
    I suppose if one were given a this as an option to choose from, it may work. However, there may be other third-level (or above) domains that one would not want included to whitelist/blacklist, and someone who doesn't know to block/unblock an entire second-level domain in the first place isn't going to be any less confused by this option.

    Example: Someone wants to block seveal blogs hosted at blogspot (they have something objectionable or time wasting involved - whatever). So we block a.blogspot.com, b.blogspot.com, and c.blogspot.com. Script says, hey, do you want to block all blogspot.com? Sure, why not. Then, Hey, why is x.blogspot.com blocked?

    It's much more obvious in this example what is going on, and most users would say no, I only wanted these certain blogs blocked. But sites with complex and unexplained domains will not be so easily sorted out, and things contrary to the user's intent will be blocked or unblocked, and there will be much consternation and complaining.

    IOW, if you know you want to block/allow all of xyz.net, why add the subdomains of xyz.net in the first place?
    • CommentAuthormuzak24h
    • CommentTimeJul 21st 2012
     permalink
    Why did I add the sd's in the first place? Time constraints, of course.

    'maintenance', I know you've said, "I don't work for OpenDNS" and I find that username not only shamefully misleading, but very capable of inadvertently stopping many meaningful discussions, but I'd like to ask, "do you manage an OpenDNS account daily with multiple sites and an Enterprise account?"

    I have a chain of stores where sales staff spend inordinate amounts of time on internet leads and haphazard browsing. I'm also 'stuck' with IE as default browser, since IE specific dot-NET apps tend to plague my industry (and using 2 browsers is above the level of many staff).
    Tendency for users to veer off-track, getting tricked into installing browser toolbar's is getting to be like baby-sitting (they don't know any better and I'm not about to teach them, just so they can forget).

    You mentioned "third level (or above).."
    No, you must have meant below - otherwise TLD's would not be .com, .org, etc..

    You seem knowledgeable and I wish you could see what I see in my daily logs.. I have other things to do as well, so often I have only time to click-block 'odd' 3rd or 4th level domains and logout (a few days later, I'll use Robotex to query site-to-site relations and RBS stats merging the offending domains, so as not to cause work later).
    Some staff here (of varied global origin) visit oversea's sites to maintain contact with friends and family - I hope. Having lived many years oversea's, I've no problem with that - I do take another view of accountability and indiscriminate inter-site relations with overseas sites.. I prefer block first ask later.

    You mentioned "consternation and complaining".. but licence to do so, should not be assumed (work access is a privilege and not a right..). All users here, sign Internet "fair-use" policy forms. Users are advised at the outset, that filtering is in place (as much for them, as for customers and children sitting in our waiting rooms - equipped with wifi and disc-less "web-converger" PC's).

    "Block widely at first, they'll call if it's critical" - Does anyone else agree?
    • CommentAuthormuzak24h
    • CommentTimeJul 21st 2012
     permalink
    One button is really only required under the "always block" list.

    This is because many related entries end-up going here as a result of days (hopefully not weeks) of click-blocking from the log links provided in the daily admin email. I ask, do we have time for more?

    I wish one day, we could block/permit queries by ASN. I know that's another beast, but if we're limited to 500, the domains offered by Google will one day consume a major part..
  3.  permalink
    "Why did I add the sd's in the first place? Time constraints, of course."

    I didn't mean your case in particular, it was a generic question, but that is certainly one of a variety of possible reasons, certainly.

    "You mentioned "consternation and complaining".. but licence to do so, should not be assumed (work access is a privilege and not a right..)."

    Absolutely. I was not referring to your users, but users of OpenDNS.

    "...the domains offered by Google will one day consume a major part.. "

    Ha! No kidding. But this is why they should be added to domain tagging when it makes sense. You may not have time to submit them via the web interface, but you can always throw them into a support ticket. There's a pretty rapid approval process for that method, and as an Enterprise customer, your support level is well into the premium zone.

    Your idea may may be more useful if it were limited to Enterprise SLA customers. This is something I would also suggest that you bring to the attention of OpenDNS via support ticket. I'm just trying to lay out the obvious pitfalls in where this feature would be even more confusing and less helpful if made available to OpenDNS users in general. (This is a user to user forum, which is why I even bother mentioning what I see as probable causes for more, not less, support issues here.) Enterprise customers already have a different Dashboard and feature experience than customers at other service levels/types. It would certainly make more sense if this were a package option available to enterprises with actual network admins who actually know what they are doing, as you quite obviously do.

    In fact, never mind a support ticket, contact your OpenDNS rep. I'm sure that OpenDNS is always interested in increasing value to their Enterprise clients, and having a contact at OpenDNS is part of what you are paying for.

    Best wishes.

This discussion has been inactive for longer than 30 days, and is thus closed.