Church DNS servers/Use of opendns

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
jimr17
New Member
Posts: 11
Joined: Tue Feb 05, 2008 5:59 pm

Church DNS servers/Use of opendns

Postby jimr17 » Mon Mar 23, 2009 12:29 pm

All,

We are configuring the various buildings for internet access including allowing wireless access to approved individuals for presentations at stake training meetings, etc.

At home I have been sucessfully using www.opendns.com for my DNS servers and have found it quite convienent to manage blocking of specific categories of sites as well as easily creating and maintaining specific whitelist/blacklists of domains.

Some questions:

1) Does the church use its own DNS servers for connections that go through the church's firewall?
(Note: I am pretty sure that it does not as a the DNS server is identified
as the IP address for the local phone company's DSL router. However,
I am not a "hardware guy" and not sure of the impact of the 3 devices
between the computer and the DSL line in the wall :)

2) If not, has anyone used opendns successfully?

2a) Is there any policy against using opendns?

3) We share a connection with the family history center. In using OpenDNS I have found at home the best use is to configure the router to automatically send any DHCP request the OpenDNS servers as the DNS servers for that connection. Can I do the same at the church?
3a) Will doing so interfer with the way that FHC computers are setup?
3b) We have wall->DSL Modem->LDS Firewall (with 4 ports)->
port 1) 3com 8 port HUB used in FHC
port 2) connect to Ward1 MLS computer
port 3) connect to Ward2 MLS computer
port 4) connect to Stalke MLS computer (soon to Stake Wireless router)

Thx in advance - I searched for Opendns but couldn't find prior threads - if I missed some please let me know

russellhltn
Community Administrator
Posts: 20781
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Mon Mar 23, 2009 12:40 pm

jimr17 wrote:3) We share a connection with the family history center. In using OpenDNS I have found at home the best use is to configure the router to automatically send any DHCP request the OpenDNS servers as the DNS servers for that connection. Can I do the same at the church?


The stake does not have access to the internals of the Church firewall. Unless GSD is willing to do that, it's out of the question.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jimr17
New Member
Posts: 11
Joined: Tue Feb 05, 2008 5:59 pm

Postby jimr17 » Mon Mar 23, 2009 12:43 pm

RussellHltn wrote:The stake does not have access to the internals of the Church firewall. Unless GSD is willing to do that, it's out of the question.


I understand that but if the DNS servers are not being redirected by the firewall - they could be easily set on the DSL Modem itself - or at the very least on the Wireless Router - so that all wireless connections would be forced to use the DNS servers we specify.

russellhltn
Community Administrator
Posts: 20781
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Mon Mar 23, 2009 12:53 pm

jimr17 wrote:they could be easily set on the DSL Modem itself


I can't say as I've ever seen that function on a broadband modem. If it was also a router, I would expect that possibility. However, it might be better to turn the router off - it's just an unnecessary layer.

jimr17 wrote:or at the very least on the Wireless Router - so that all wireless connections would be forced to use the DNS servers we specify.


True.

Unless the ISP's DNS is deficient, what would be the purpose in using OpenDNS? Are the advantages worth going "off-standard"? Keep in mind you probably won't be in your current position for ever.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jimr17
New Member
Posts: 11
Joined: Tue Feb 05, 2008 5:59 pm

Postby jimr17 » Mon Mar 23, 2009 1:09 pm

RussellHltn wrote:I can't say as I've ever seen that function on a broadband modem. If it was also a router, I would expect that possibility. However, it might be better to turn the router off - it's just an unnecessary layer.


The DSL modem is a netopia one and it has a slick web interface that allows one to make changes to the default DNS servers when you change to "expert mode." Near as I can tell, although the LDS Firewall is serving up teh IP address to the computer/hub/router, it is passing on the DNS settings being provided by the DSL modem. I.E. an "ipconfig /all" results in a gateway that is the LDS firewall, and IP address that is obviously from there (only last number different than the gateway), but the DNS server matches that of the DSL modem.

RussellHltn wrote:Unless the ISP's DNS is deficient, what would be the purpose in using OpenDNS? Are the advantages worth going "off-standard"? Keep in mind you probably won't be in your current position for ever.


This is my main concern about implementing it (other than if it is against policy). However, I have drafted instructions for maintaining its use, and several people are familiar with it including the Stake Technology Specialist, and the HC member over media.

The advantages would be to restrict access beyond that provided by "General Access" that is provided by the LDS firewall (the FHC is it's first user).

Although I know people can get around using direct IP access or by changing their network connection to specify alternative DNS servers, I think that this in addition to the protections provided by the LDS Firewall we are making best efforts to protect the integrity of the internet connection that we are providing.

jimr17
New Member
Posts: 11
Joined: Tue Feb 05, 2008 5:59 pm

Postby jimr17 » Mon Mar 23, 2009 1:34 pm

jimr17 wrote:The advantages would be to restrict access beyond that provided by "General Access" that is provided by the LDS firewall (the FHC is it's first user).

For example I was just able to get access to b a b e.com through the LDS Firewall (configured for FHC use) and I although this site is generally a "PG" or "swimsuit" type site I would like to see sites like it blocked somewhere along the line.

jdlessley
Community Moderators
Posts: 6527
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Mon Mar 23, 2009 6:11 pm

jimr17 wrote:1) Does the church use its own DNS servers for connections that go through the church's firewall?
From what I have seen from our FHC CCN setup the DNS servers are ISP provided. I think there is another thread where someone confirmed this same thing in a post.
jimr17 wrote:2) If not, has anyone used opendns successfully?
I have not been able to find any threads or posts that discuss OpenDNS.
jimr17 wrote:2a) Is there any policy against using opendns?
While I have not found a policy that would prohibit using OpenDNS or similar services, you would get your best answer concerning this by contacting the technicians at the GSD second level support. Using a service such as this must not interfere with the FHC CCN operations in any way.
jimr17 wrote:
3) We share a connection with the family history center. In using OpenDNS I have found at home the best use is to configure the router to automatically send any DHCP request the OpenDNS servers as the DNS servers for that connection. Can I do the same at the church?
Probably not. Just as I explained in your question above you must not interfere with the normal operations of the FHC CCN. Russell explained in his post that while you may be able to accomplish your objectives in using OpenDNS you will probably be the only expert on the setup in your stake. When you are released from your calling can your successor step in and continue to support the setup? Most likely not. If the GSD cannot support the setup then getting approval to use a non-standard setup will in all likelihood be disapproved.
jimr17 wrote:3a) Will doing so interfer with the way that FHC computers are setup?
Probably for the reasons just stated.

You propose an interesting solution others have been trying to solve. Some have done it by inserting a router between the Church provided firewall and the administrative computers, or the network outside the FHC. For this configuration then you have the liberty of controlling that network in the manner you desire. The FHC CCN and firewall function merely as a gateway for your stake network.

If you do end up finding a way to use OpenDNS to provide a level of filtering to suit your needs please return and post your results and the setup.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Mon Mar 23, 2009 6:55 pm

jdlessley wrote:I have not been able to find any threads or posts that discuss OpenDNS.


See the following threads:
White list internet browsing
A great Web Filtering Solution

jdlessley
Community Moderators
Posts: 6527
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Mon Mar 23, 2009 8:53 pm

Alan_Brown wrote:See the following threads:
White list internet browsing
A great Web Filtering Solution
I guess I didn't try hard enough to find it.

From the posts in those threads it may be questionable as to whether OpenDNS would be compatible with a CCN.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

jimr17
New Member
Posts: 11
Joined: Tue Feb 05, 2008 5:59 pm

Postby jimr17 » Tue Mar 24, 2009 4:08 am

Alan_Brown wrote:See the following threads:
White list internet browsing
A great Web Filtering Solution

Thanks - interesting reading. I am going to get approval from the Stake President after outlining pros/cons and let you know what happens.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest