During a visit to a customer’s site the owner and I discussed how the Computer Usage Policy I wrote for him came in handy. The conversation drifted into how we could prevent non-productive web surfing in the first place.

I subscribe to a Sunbelt Software e-mail list serve that has many very knowledgeable administrators. Remembering many endorsements from them for a product called Open DNS I thought this customer would be a perfect candidate to try it.

Open DNS is a service that provides content filtering to block categories such as pornography, dating, humor, and gambling. At the time of this writing there are 55 categories.

We surfed over to http://www.opendns.com and clicked the Plans and Pricing link. Deciding the Open DNS Basic free version would fulfill the needs of his company, at least for the time being, we clicked the sign up link. Registration was fast and easy.

Once the account was setup and we were logged in we looked at the settings tab. There are six settings: High, Moderate, Low, Minimal, None, and Custom. Each has a view link to see the categories blocked within its setting as well as a customize link. After studying each we decided to use the Custom setting and clicked on the categories he wanted blocked.

In addition to the categories, Open DNS has whitelisting and blacklisting features as well. If there is a domain (web site) that is blocked by Open DNS but should be permitted it can be whitelisted. Alternatively, if a site doesn’t get blocked but should be it can be entered as blacklisted. The free version allows for up to 25 whitelist/blacklist domains (total, not each).

We then logged into the company’s perimeter router and put Open DNS addresses into the DNS settings of the router. Networked workstations typically get their DNS settings from a router or server(s), so setting Open DNS’s addresses at that level propagates the Open DNS lookups throughout the network without having to configure every computer.

Whether you administer a business network and want to keep temptations of unproductive sites away from employees or a parent concerned about the dark corners of the Internet, Open DNS provides cost effective content filtering. Since this setup I have done several more of my customer sites, leaving each satisfied. I even configured my network to use it. Why not use it to block Adware, Phishing, and Tasteless sites? It’s one more layer to your security as discussed in my Security FAQ.

How it works:
Domain Name Service (DNS) enables us to use names for locations on networks, including the Internet, instead of having to know the TCP/IP addresses. Typing schmahl.net into your browser to surf to my site is much easier than typing 98.131.88.213. Servers that do this lookup and translation are called DNS Servers.

Open DNS recognizes your network’s address and correlates the lookups to the settings and categories configured for your account. If a request to www.somebadsite.com is made and during Open DNS’s lookup that site is in one of the blocked categories, Open DNS returns a page to the users’ browser that the site requested is blocked.

Caveats:
If the public IP address of the network getting configured changes often you’ll have to download and install a program “OpenDNS Updater” or manually update within your account. I haven’t had to do this yet, so I’ll either post a comment with details later when I do or let a reader do so.

Another is allowing a user administrator privileges on the workstation, enabling the user to manually configure DNS settings to a DNS server of choice and bypassing Open DNS. This, however, is a problem with your user configuration, not of Open DNS.

No Comments
Uncategorized