pfSense Gold Subscription

Author Topic: Additional OpenDNS intergration  (Read 852 times)

0 Members and 1 Guest are viewing this topic.

Offline Ragen

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
Additional OpenDNS intergration
« on: April 12, 2017, 02:52:19 pm »
I would love to see further integration with OpenDNS.

There is a need for a Dynamic DNS service with them to keep the network (Dynamic IP) updated when using their Family Shield or Home services.


Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +551/-3
    • View Profile
    • International Nepal Fellowship
Re: Additional OpenDNS intergration
« Reply #1 on: April 12, 2017, 07:39:34 pm »
OpenDNS is in the list of dynamic DNS services already. What exactly is it that is needed extra, or does not work?
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline Ragen

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
Re: Additional OpenDNS intergration
« Reply #2 on: April 13, 2017, 01:03:48 pm »
The two free products at the below link...

https://www.opendns.com/home-internet-security/

I think the current OpenDNS is for Dynamic DNS only, not for these specifically.

I believe there is an API for it.

Thanks
Ragen

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Additional OpenDNS intergration
« Reply #3 on: April 14, 2017, 03:52:43 am »
Like what? Configure it via their website and set up the firewall to force OpenDNS DNS servers to be used (DHCP server, firewall rules, NAT + forwarder, or whatever...)
Do NOT PM for help!

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +551/-3
    • View Profile
    • International Nepal Fellowship
Re: Additional OpenDNS intergration
« Reply #4 on: April 14, 2017, 08:56:56 am »
The OpenDNS Family Shield product uses 2 different DNS server addresses that automagically do not translate "bad" names of sites that are in the "bad things for families" categories. If you want this "standard" behavior then just use those DNS servers in pfSense (and have users on your LAN using pfSense as their DNS server). If you want to stop people on the LAN from manually setting their DNS server on their client system, then put block rules on LAN to stop packets going out to other DNS servers.

The OpenDNS Home product means you have to create an account, then update your IP address for the account as it changes. You should already be able to do that with a pfSense Dynamic DNS entry for OpenDNS.

Note: Side-issue - these days ISPs have a load of home users hidden behind a single public IP address. If more than 1 of those is using OpenDNS Home, then there will be multiple people trying to set their OpenDNS account to the same public IP. If all the people concerned happened to use the same filtering options, that could work. But if they use different filtering options, then there is no way for OpenDNS Home to know which user the request comes from, and so it cannot know which filtering to apply.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline Ragen

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
Re: Additional OpenDNS intergration
« Reply #5 on: April 14, 2017, 09:32:09 am »
The OpenDNS Home product means you have to create an account, then update your IP address for the account as it changes. You should already be able to do that with a pfSense Dynamic DNS entry for OpenDNS.

Setting my DHCP server up for my family is the easy part. I was thinking there may need to be more integration for the IP address to be updated automatically specifically for the home product.

Thanks for y'alls input!

Offline Ragen

  • Newbie
  • *
  • Posts: 15
  • Karma: +1/-0
    • View Profile
Re: Additional OpenDNS intergration
« Reply #6 on: April 14, 2017, 10:49:11 am »
The credentials for the account I created for OpenDNS Home is working in the OpenDNS Dynamic IP Service.

Sweet!

Additional integration isn't necessary.  :)

Offline huzbub

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Additional OpenDNS intergration
« Reply #7 on: April 28, 2017, 07:06:47 am »
Can PFBlockerNG DNSBL be used in conjunction with OpenDNS?  I realize this may be a little redundant as OpenDNS does much of what PFBlocker does but I like the multiple layers of protection and additional customization of PFBlocker.

I used the guide below to get OpenDNS setup and it indicates that DNS Resolver must be disabled.  And if I understand correctly the DNS Resolver is required for PFBlocker to work.

https://forum.pfsense.org/index.php?topic=112288.0

Quote
DNS Resolver & Forwarder

Once you completed the above process, you need to disable DNS Resolver and enable DNS Forwarder.
(I am not sure if DNS Resolver can be configured with OpenDNS, I tried to configure it but no luck. With DNS Forwarder, everything work well. Maybe someone can help out to explaining it WHY)
To do this, you need to go to Services > DNS Resolver > Enable: (Unchecked)
After that, Go to Services > DNS Forwarder > Enable: Checked
Interfaces: All
Click Save

Any help appreciated!

Offline BBcan177

  • Hero Member
  • *****
  • Posts: 2554
  • Karma: +797/-5
    • View Profile
    • Click for Support
Re: Additional OpenDNS intergration
« Reply #8 on: April 28, 2017, 09:27:12 am »
Can PFBlockerNG DNSBL be used in conjunction with OpenDNS?  I realize this may be a little redundant as OpenDNS does much of what PFBlocker does but I like the multiple layers of protection and additional customization of PFBlocker.

I used the guide below to get OpenDNS setup and it indicates that DNS Resolver must be disabled.  And if I understand correctly the DNS Resolver is required for PFBlocker to work.

https://forum.pfsense.org/index.php?topic=112288.0

Quote
DNS Resolver & Forwarder

Once you completed the above process, you need to disable DNS Resolver and enable DNS Forwarder.
(I am not sure if DNS Resolver can be configured with OpenDNS, I tried to configure it but no luck. With DNS Forwarder, everything work well. Maybe someone can help out to explaining it WHY)
To do this, you need to go to Services > DNS Resolver > Enable: (Unchecked)
After that, Go to Services > DNS Forwarder > Enable: Checked
Interfaces: All
Click Save

Any help appreciated!

The DNS Resolver (Unbound) can be enabled in Resolver or Forwarder mode. Don't confuse that with the DNS Forwarder (DNSMasq). 

So you can check the DNS forwarder option in the Resolver. And add the OpenDNS servers to the pfSense General tab settings to utilize both DNSBL and OpenDNS.
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |