Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Bypass OpenDNS filtering for Marketing Department

Status
Not open for further replies.
magicrjm

magicrjm

IS-IT--Management
May 13, 2005
93
US
I have a network at xxx.xxx.xxx.160/27.

I have configured OpenDNS with my firewall’s IP Address of xxx.xxx.xxx.162/32. My Active Directory has been configured with the OpenDNS forwarders in the DNS server. The local LAN uses the internal DNS server for DNS requests.

In my Marketing department, I need them to bypass the OpenDNS filtering to get to websites like Twitter and Facebook. My thought was to have the private IP address of the Marketing Department computers leave the Firewall with an IP Address other than xxx.xxx.xxx.162 to bypass the filtering. I have set the firewall up for this. My LAN leaves the Firewall with the xxx.xxx.xxx.162 and my Marketing department leaves the Firewall with the public IP of xxx.xxx.xxx.174.

Since OpenDNS is only configured to filter xxx.xxx.xxx.162 I thought this would work. However it does not. Why? The other thing I noticed is that the Marketing department does not get the custom block page message I have setup in OpenDNS. I’ve tried flushing the DNS cache on the local computer and servers. I have also flushed the browser cache. Any ideas?
 
Sort by date Sort by votes
Have you defined the address the Marketing dep. uses coming out your firewall at OpenDNS and have different allowances for them? I know you can add networks to OpenDNS, and like you said, have each network at a /32 for 1 IP address. Each network would go under it's own "label" in which you could define different filtering levels. Although now that they are charging for some of the advanced stuff, that might be one of those particulars they charge for now... don't know that one.

I use OpenDNS myself and love it, but I use it only as a secondary/backup form of defense. I even have my firewall set to only allow DNS queries from my A.D. servers so that a user just can't change their DNS IP address on their machine and get Internet access (the ones that have access to change it that is ;-)

OpenDNS is great for that secondary coverage and or if that's all you can do, but it's not got that granularity of control like a internal filtering appliance would.

Hope I could help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Nick Ellson
  • Locked
  • Question
Bind9 with RPZ and local forwarding zones?
Replies
1
Views
10K
Nick Ellson
Nick Ellson
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
10K
Richard Carter
Richard Carter
Geeky_tiger
  • Locked
  • Question
BIND DNS - automatically search for www.xxxx.com
Replies
1
Views
10K
iggsterman
iggsterman
paul1122
  • Locked
  • Question
DNS for Exchange over VPN doesn't work
Replies
3
Views
184
iggsterman
iggsterman
jeroen2009
  • Locked
  • Question
SRV Records on GoDaddy/Google Apps for Work
Replies
1
Views
110
ShackDaddy
ShackDaddy

Part and Inventory Search

Sponsor

Back
Top