OT: General networking problem

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hi,

I have a general networking problem which maybe someone can help me with,
the scenario is this. We have implemented a 3rd DNS filtering service
(www.opendns.com) which we use to block non-work related web browsing - our
DNS servers are on our internal LAN (Windows server 2000) which resolve
local names but the forwarders go to opendns where content is filtered as
per our rules.

The MD of the company is now insisting that he be exempt from this
filtering, so we have the problem that if we change his DNS settings to
external DNS servers he will not be able to resolve any internal names. One
obvious solution would be to give him 2 PCs, one for web browsing only with
external DNS servers & one for internal use but I don't think that would
wash. Another solution I have considered would be to give him 2 NICs one
with internal DNS & one with external DNS & somehow configure the browser
to use the one NIC for web browsing & the other one for internal use but I
don't know how I could do this? The PC is running Windows XP prof, SP2 - if
anyone has any thoughts I'd be interested to hear them?


TIA, Jase

Re: OT: General networking problem
Jason wrote:
Quoted text here. Click to load it

Put another internal DNS server that does not resolve externally to
opendns.com. Allow it to pull data from your main internal DNS server as
a secondary slave. Point the MD's DNS service to that new box.

Re: OT: General networking problem
OpenDNS states:


Jason wrote:
Quoted text here. Click to load it

A thought.....

OpenDNS states:

"Filtering by Department

OpenDNS makes it easy to implement different filtering levels for
different networks within your organization. Set up more restrictive
filtering for some departments, and less restrictive filtering for
others. It's as easy as adding the network and checking a box."

Give him his open department/settings at opendns?  IDK, I haven't used
any of their solutions, sounds like it might work?

Re: OT: General networking problem
Jason wrote:
Quoted text here. Click to load it

A thought.....

OpenDNS states:

"Filtering by Department

OpenDNS makes it easy to implement different filtering levels for
different networks within your organization. Set up more restrictive
filtering for some departments, and less restrictive filtering for
others. It's as easy as adding the network and checking a box."

Give him his open department/settings at opendns?  IDK, I haven't used
any of their solutions, sounds like it might work?

Re: General networking problem

Quoted text here. Click to load it

Ha MDs like to do that - just because they can.

If you go the 2 NIC path you can configure specific routes on XP using the
"route add" command at the command prompt. Point internal routes to the
appropriate NIC and a default route to the other.

"route ?" will show you all the options.

Hmm, I'm not sure if the route will stick if the PC reboots though - you may
have to write a batch/script file to always set the routes at startup.

Aubrey



Re: General networking problem
wrote:
Quoted text here. Click to load it

Routing will not solve this.  The pc still have to point at one DNS or
the other.  If it goes to the solution they have now, the MD can't
surf openly.  If they point to a public DNS, it won't resolve internal
hosts.  You could put in a host file for local (manual updates of
course), and point him/her to the public DNS...but I think using the
your service provider to solve is probably a better option.

Site Timeline