Church DNS servers/Use of opendns

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
jimr17
New Member
Posts: 13
Joined: Tue Feb 05, 2008 5:59 pm

Church DNS servers/Use of opendns

#1

Post by jimr17 »

All,

We are configuring the various buildings for internet access including allowing wireless access to approved individuals for presentations at stake training meetings, etc.

At home I have been sucessfully using www.opendns.com for my DNS servers and have found it quite convienent to manage blocking of specific categories of sites as well as easily creating and maintaining specific whitelist/blacklists of domains.

Some questions:

1) Does the church use its own DNS servers for connections that go through the church's firewall?
(Note: I am pretty sure that it does not as a the DNS server is identified
as the IP address for the local phone company's DSL router. However,
I am not a "hardware guy" and not sure of the impact of the 3 devices
between the computer and the DSL line in the wall :)

2) If not, has anyone used opendns successfully?

2a) Is there any policy against using opendns?

3) We share a connection with the family history center. In using OpenDNS I have found at home the best use is to configure the router to automatically send any DHCP request the OpenDNS servers as the DNS servers for that connection. Can I do the same at the church?
3a) Will doing so interfer with the way that FHC computers are setup?
3b) We have wall->DSL Modem->LDS Firewall (with 4 ports)->
port 1) 3com 8 port HUB used in FHC
port 2) connect to Ward1 MLS computer
port 3) connect to Ward2 MLS computer
port 4) connect to Stalke MLS computer (soon to Stake Wireless router)

Thx in advance - I searched for Opendns but couldn't find prior threads - if I missed some please let me know
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#2

Post by russellhltn »

jimr17 wrote:3) We share a connection with the family history center. In using OpenDNS I have found at home the best use is to configure the router to automatically send any DHCP request the OpenDNS servers as the DNS servers for that connection. Can I do the same at the church?
The stake does not have access to the internals of the Church firewall. Unless GSD is willing to do that, it's out of the question.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
jimr17
New Member
Posts: 13
Joined: Tue Feb 05, 2008 5:59 pm

#3

Post by jimr17 »

RussellHltn wrote:The stake does not have access to the internals of the Church firewall. Unless GSD is willing to do that, it's out of the question.

I understand that but if the DNS servers are not being redirected by the firewall - they could be easily set on the DSL Modem itself - or at the very least on the Wireless Router - so that all wireless connections would be forced to use the DNS servers we specify.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#4

Post by russellhltn »

jimr17 wrote:they could be easily set on the DSL Modem itself

I can't say as I've ever seen that function on a broadband modem. If it was also a router, I would expect that possibility. However, it might be better to turn the router off - it's just an unnecessary layer.
jimr17 wrote:or at the very least on the Wireless Router - so that all wireless connections would be forced to use the DNS servers we specify.

True.

Unless the ISP's DNS is deficient, what would be the purpose in using OpenDNS? Are the advantages worth going "off-standard"? Keep in mind you probably won't be in your current position for ever.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
jimr17
New Member
Posts: 13
Joined: Tue Feb 05, 2008 5:59 pm

#5

Post by jimr17 »

RussellHltn wrote:I can't say as I've ever seen that function on a broadband modem. If it was also a router, I would expect that possibility. However, it might be better to turn the router off - it's just an unnecessary layer.

The DSL modem is a netopia one and it has a slick web interface that allows one to make changes to the default DNS servers when you change to "expert mode." Near as I can tell, although the LDS Firewall is serving up teh IP address to the computer/hub/router, it is passing on the DNS settings being provided by the DSL modem. I.E. an "ipconfig /all" results in a gateway that is the LDS firewall, and IP address that is obviously from there (only last number different than the gateway), but the DNS server matches that of the DSL modem.
RussellHltn wrote:Unless the ISP's DNS is deficient, what would be the purpose in using OpenDNS? Are the advantages worth going "off-standard"? Keep in mind you probably won't be in your current position for ever.

This is my main concern about implementing it (other than if it is against policy). However, I have drafted instructions for maintaining its use, and several people are familiar with it including the Stake Technology Specialist, and the HC member over media.

The advantages would be to restrict access beyond that provided by "General Access" that is provided by the LDS firewall (the FHC is it's first user).

Although I know people can get around using direct IP access or by changing their network connection to specify alternative DNS servers, I think that this in addition to the protections provided by the LDS Firewall we are making best efforts to protect the integrity of the internet connection that we are providing.
jimr17
New Member
Posts: 13
Joined: Tue Feb 05, 2008 5:59 pm

#6

Post by jimr17 »

jimr17 wrote:The advantages would be to restrict access beyond that provided by "General Access" that is provided by the LDS firewall (the FHC is it's first user).
For example I was just able to get access to b a b e.com through the LDS Firewall (configured for FHC use) and I although this site is generally a "PG" or "swimsuit" type site I would like to see sites like it blocked somewhere along the line.
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#7

Post by jdlessley »

jimr17 wrote:1) Does the church use its own DNS servers for connections that go through the church's firewall?
From what I have seen from our FHC CCN setup the DNS servers are ISP provided. I think there is another thread where someone confirmed this same thing in a post.
jimr17 wrote: 2) If not, has anyone used opendns successfully?
I have not been able to find any threads or posts that discuss OpenDNS.
jimr17 wrote:2a) Is there any policy against using opendns?
While I have not found a policy that would prohibit using OpenDNS or similar services, you would get your best answer concerning this by contacting the technicians at the GSD second level support. Using a service such as this must not interfere with the FHC CCN operations in any way.
jimr17 wrote:
3) We share a connection with the family history center. In using OpenDNS I have found at home the best use is to configure the router to automatically send any DHCP request the OpenDNS servers as the DNS servers for that connection. Can I do the same at the church?
Probably not. Just as I explained in your question above you must not interfere with the normal operations of the FHC CCN. Russell explained in his post that while you may be able to accomplish your objectives in using OpenDNS you will probably be the only expert on the setup in your stake. When you are released from your calling can your successor step in and continue to support the setup? Most likely not. If the GSD cannot support the setup then getting approval to use a non-standard setup will in all likelihood be disapproved.
jimr17 wrote:3a) Will doing so interfer with the way that FHC computers are setup?
Probably for the reasons just stated.

You propose an interesting solution others have been trying to solve. Some have done it by inserting a router between the Church provided firewall and the administrative computers, or the network outside the FHC. For this configuration then you have the liberty of controlling that network in the manner you desire. The FHC CCN and firewall function merely as a gateway for your stake network.

If you do end up finding a way to use OpenDNS to provide a level of filtering to suit your needs please return and post your results and the setup.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#8

Post by aebrown »

jdlessley wrote:I have not been able to find any threads or posts that discuss OpenDNS.

See the following threads:
White list internet browsing
A great Web Filtering Solution
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#9

Post by jdlessley »

Alan_Brown wrote:See the following threads:
White list internet browsing
A great Web Filtering Solution
I guess I didn't try hard enough to find it.

From the posts in those threads it may be questionable as to whether OpenDNS would be compatible with a CCN.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
jimr17
New Member
Posts: 13
Joined: Tue Feb 05, 2008 5:59 pm

#10

Post by jimr17 »

Alan_Brown wrote:See the following threads:
White list internet browsing
A great Web Filtering Solution
Thanks - interesting reading. I am going to get approval from the Stake President after outlining pros/cons and let you know what happens.
Post Reply

Return to “Meetinghouse Internet”