Announcement

Collapse
No announcement yet.

Anyway to have a user use a differnt ex-dns then the rest of domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Anyway to have a user use a differnt ex-dns then the rest of domain

    Im using opendns for my netowkr i want the boss on my AD domain not to be blocked or using opendns can i point his user or pc throught the server to a differnet external dns (all other fwd use opendns dns)?

  • #2
    Re: Anyway to have a user use a differnt ex-dns then the rest of domain

    Not using your internal DNS will cause issues when the user logs on or browses the network as the external DNS will NOT know of your internal LAN.

    Comment


    • #3
      Re: Anyway to have a user use a differnt ex-dns then the rest of domain

      Originally posted by ziklx View Post
      i want the boss on my AD domain not to be blocked
      Do you mean that you use DNS to prevent access to some websites? This is not recommended.
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: Anyway to have a user use a differnt ex-dns then the rest of domain

        Originally posted by gforceindustries View Post
        Do you mean that you use DNS to prevent access to some websites? This is not recommended.
        Also in my opinion a poor mans solution.
        I agree with wullieb1.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Anyway to have a user use a differnt ex-dns then the rest of domain

          i use this
          https://www.opendns.com/smb/start/de...ws-server-2003
          never had a problem its external dns server through the server
          now i want a user in the AD to use a differbt external dns

          Comment


          • #6
            Re: Anyway to have a user use a differnt ex-dns then the rest of domain

            If you change your workstations to use an external DNS server as their primary DNS, it will cause numerous problems. Active Directory relies on DNS.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: Anyway to have a user use a differnt ex-dns then the rest of domain

              Originally posted by ziklx View Post
              inow i want a user in the AD to use a differbt external dns
              Well I'm not going to explain why you should use DNS on your local network especially if you use AD.
              However if I see you article then you are using forwarders within the DNS server.
              So.... you have to explain because I'm a bit lost. But if I'm correct then I think you do the following:

              Clients point to the Internal DNS server.
              The DNS server uses forwarders from OpenDNS.

              And right now you want a single user to use a different forwarder?
              No this can't be done and you are in my opinion misusing DNS.

              You should setup a decent firewall and on that firewall you should create the rules.
              With ISA you can do this on group membership quite easily.
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Anyway to have a user use a differnt ex-dns then the rest of domain

                "No this can't be done and you are in my opinion misusing DNS."
                To bad for the boss
                And why am i misusing dns it works fine like this I use it on many netowrks without any problems

                Comment


                • #9
                  Re: Anyway to have a user use a differnt ex-dns then the rest of domain

                  Originally posted by ziklx View Post
                  it works fine like this I use it on many netowrks without any problems
                  Active Directory networks?
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment


                  • #10
                    Re: Anyway to have a user use a differnt ex-dns then the rest of domain

                    Active Directory networks
                    domain servers with and without exchange

                    Comment


                    • #11
                      Re: Anyway to have a user use a differnt ex-dns then the rest of domain

                      ziklx. If it works for you then no problem. I believe the issue is that using DNS to block websites is fine until people realise they can just type in IP addresses or use proxy servers to bypass it. Lots of things like file sharing software can easily bypass this also.
                      There are free proxy servers out there that can you could try, which can block sites without affect DNS.

                      That said, if your users never try then it is ok and there is no offence meant.
                      cheers
                      Andy

                      Please read this before you post:


                      Quis custodiet ipsos custodes?

                      Comment


                      • #12
                        Re: Anyway to have a user use a differnt ex-dns then the rest of domain

                        Exacally why I think you are misusing DNS.
                        DNS is a system to translate DNS names to IP adresses and Viceversa.
                        Blocking websites based on a DNS name is fine, but indeed if the user simply enters the IP adress from the webserver they are done.
                        Or when they simply use one of the many free internet proxies on the internet they have breached all the effort (and payments?) you put into DNS Solution.

                        Blocking webcontent by using a DNS solution simply doesn't work well, stable or safe.

                        It's cool that they have something like webcontent filtering, but it can't work for sure.
                        When you are using a proxy server in you're browser and you browse the Internet then all DNS requests are done by the proxy server and not by the client.

                        If I was a clever user I simply browse to http://www.publicproxyservers.com/ and guess what, I just enter one of those IP adresses and I'm done
                        I can you freely browse any website and I have no issues with any of your OpenDNS policies.
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          Re: Anyway to have a user use a differnt ex-dns then the rest of domain

                          Setup an addtional DNS server with differen't forwarders (other than OpenDNS) set your boss to use this DNS server.

                          Comment


                          • #14
                            Re: Anyway to have a user use a differnt ex-dns then the rest of domain

                            Originally posted by Dumber View Post
                            If I was a clever user I simply browse to http://www.publicproxyservers.com/ and guess what, I just enter one of those IP adresses and I'm done
                            I can you freely browse any website and I have no issues with any of your OpenDNS policies.
                            OpenDNS has a category for blocking proxies.

                            Comment


                            • #15
                              Re: Anyway to have a user use a differnt ex-dns then the rest of domain

                              based on dns names.
                              Yeah cool.
                              Then I look it up at home.
                              Marcel
                              Technical Consultant
                              Netherlands
                              http://www.phetios.com
                              http://blog.nessus.nl

                              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                              "No matter how secure, there is always the human factor."

                              "Enjoy life today, tomorrow may never come."
                              "If you're going through hell, keep going. ~Winston Churchill"

                              Comment

                              Working...
                              X