Page 2 of 4
Posted: Thu Apr 10, 2008 1:39 am
by daddy-o-p40
RussellHltn, OpenDNS.com can do what jhvdh is suggesting. You have to block all categories and then list the sites you want people to be able to visit in the white list. OpenDNS.com is a good solution. Been using it for years with no issues.
Posted: Thu Apr 10, 2008 3:59 am
by russellhltn
Can OpenDNS be bypassed by specifying the IP address?
Posted: Thu Apr 10, 2008 7:02 pm
by daddy-o-p40
RussellHltn, You cannot bypass OpenDNS by specifying IP addresses. It's pretty neat give it a spin.
Posted: Thu Apr 10, 2008 9:25 pm
by LakeyTW
RussellHltn wrote:Can OpenDNS be bypassed by specifying the IP address?
Yes, it can be bypassed. No DNS lookup = no filtering.
Posted: Thu Apr 10, 2008 10:48 pm
by daddy-o-p40
lakeytw, before assuring RuseellHltn of this I tested it on a domain category we block because of youtube. Then while I could resolve the IP and ping youtube at 208.67.219.130 I could not get the page to come up. Instead I get the block page.
Were you speaking from direct experience with OpenDNS? If so, I'd be more than happy to help you set it up to do this for you. It works great.
Posted: Fri Apr 11, 2008 3:33 am
by russellhltn
enriquer wrote:I tested it on a domain category we block because of youtube. Then while I could resolve the IP and ping youtube at 208.67.219.130 I could not get the page to come up. Instead I get the block page.
That's because 208.67.219.130 is the block page. Youtube is located at 208.65.153.238. It would seem that one could easily circumvent OpenDNS just by going to another DNS lookup such as network-tools.com and doing a manual lookup.
DNS filtering would stop a lot of people, but I'm concerned it's too easy to work around.
Posted: Fri Apr 11, 2008 7:21 am
by LakeyTW
enriquer wrote:lakeytw, before assuring RuseellHltn of this I tested it on a domain category we block because of youtube. Then while I could resolve the IP and ping youtube at 208.67.219.130 I could not get the page to come up. Instead I get the block page.
Were you speaking from direct experience with OpenDNS? If so, I'd be more than happy to help you set it up to do this for you. It works great.
Yes, from actual real world security experience using OpenDNS and other name resolution blocking schemes. This type of measure is a nice way of blacklisting stuff you dont want to accidentally see, but it absolutely does not PREVENT someone from browsing inappropriate material deliberately.
If you would like more info on why this is so, please look at the OpenDNS forums or I would be more than happy to explain name resolution to you.
Posted: Fri Apr 11, 2008 11:03 am
by daddy-o-p40
lakeytw, you are right.
I know how name resolution works and was surprised when it appeared to.
Thankfully IP rotate a lot to avoid DOS attacks AND people don't carry around a blackbook of IP addresses.
This is still the best FREE solution for the majority of the users out there.
Are there any other freebies that do this without software?
Posted: Fri Apr 11, 2008 1:16 pm
by russellhltn
enriquer wrote:Are there any other freebies that do this without software?
I'm willing to do this with software as long as I can lock down the software so the standard login can't defeat it. At least that will work on Church computers. Won't work on member computers (if that's where Meetinghouse Internet is headed.)
Posted: Fri Apr 11, 2008 8:55 pm
by peter.robison
I have a limited, simple solution to set up a whitelist with just a few button clicks. If you use
Firefox, there is an extension called
Pro Con Latte that filters for content. You can set varying levels of security; the most stringent "Secure" setting blocks all sites except those whitelisted. You can set an admin password to prevent other users from changing the settings.
I know it's an imperfect solution since IE is presumably still available, but it can provide some help.