Church DNS servers/Use of opendns

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
Enigma1-p40
New Member
Posts: 41
Joined: Fri Jan 09, 2009 9:59 am
Location: Provo, Utah

#11

Post by Enigma1-p40 »

Opendns will not work with the Cisco Hardware that we use. Besides the problem of security, it would be against church policy to run open/dyndns at a site. We use the cisco hardware (pricey, yet secure) instead of just whatever hardware specifically for security reasons.
iswcky
New Member
Posts: 27
Joined: Mon Feb 05, 2007 7:57 am

Using OpenDNS

#12

Post by iswcky »

Reading through the posts it appears there may be some misunderstandings about how OpenDNS works. It is not a local DHCP server (like that in your gateway/router, which provides a local IP address for your computer to use on your local network). It is also not a local DNS server as some companies use. It is a service similar to the DNS server(s) provided by your ISP used to provide DSN resolution.

When your computer makes a request for a URL, it is not normally in the form of the real IP address <XXXX.XXXX.XXXX.XXXX>, but some readable text like <www.lds.org>. However the only thing that matters on the Internet is the IP address.

Your computer tries several things to "resolve" the URL into the actual IP address. Although a little more complicated than what follows, basically your computer (assuming it is using Windows) will look in the "hosts" file, then use the DNS servers listed in the network adapter TCP/IP properties, and then the DNS servers listed in the gateway/router and/or Cisco firewall. These are usually the DNS servers for your ISP, but can be changed to another source, including OpenDNS.

OpenDNS provides website and content filtering, in some ways like a firewall, to provide a "safer" experience on the Internet. It is user-configurable, which in most cases your ISP's DNS is not.

Hope this is helpful.
jimr17
New Member
Posts: 13
Joined: Tue Feb 05, 2008 5:59 pm

OPENDNS works just fine

#13

Post by jimr17 »

Enigma1 wrote:Opendns will not work with the Cisco Hardware that we use. Besides the problem of security, it would be against church policy to run open/dyndns at a site. We use the cisco hardware (pricey, yet secure) instead of just whatever hardware specifically for security reasons.
OpenDNS works just fine with the church's hardware - just put it on the router on the LAN side of the Cisco hardware. We've found that it catches many sites that the cisco hardware misses - and provides better protection since it is continually being updated for new sites that pop up.

I've not been pointed to any authoritative source that it is against church policy since it does not circumvent any security the church puts in place, just supplements it to allow granular control of sites that the church hardware lets through the firewall.
jdlessley
Community Moderators
Posts: 9861
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#14

Post by jdlessley »

jimr17 wrote:I've not been pointed to any authoritative source that it is against church policy since it does not circumvent any security the church puts in place, just supplements it to allow granular control of sites that the church hardware lets through the firewall.
There are two methods used in getting Internet access for units. The first is by sharing the Church provided Internet access for a family history center, a facilities management office, and so on. The policies for the family history center computers, networks, and Internet connections are the provided by the Area Family History Support Office and are contained in two documents. The first is the Policy and Guidelines For Computers in Family History Centers, and the second is the Family History Center Internet Use Policies (Available at the FHC and through the Family History Online Guide - requires username and password for access). The second Internet access method is through the Broadband Meetinghouse Internet Services in Meetinghouses program. Other than the Church provided security and Internet filtering, the policies for this program are left up to the stake president.


It is important to note that shared use of a Church provided Internet connection should not interfere with the primary user's activities. For the purpose of simplicity I will be refering to units sharing an FHC Internet connection. The FHC Internet user policies state:
Altering Hardware or Software
  • No one may modify, alter, or disable the Internet filter hardware or software supplied by Church headquarters.
With that in mind, how you employ a filtering solution such as OpenDNS depends on how a unit connects to the Internet. A unit connecting to the Internet through a FHC connection would have to employ a solution that does not alter or interfere with the FHC Internet connection without obtaining approval and support from the Area Family History Support Office. Setting up a unit sub-network off the FHC firewall employing another firewall device using OpenDNS would not interfere with the FHC network. That may be the simplest solution. It permits both wired connections and wireless connections with added filtering.

When using OpenDNS for added filtering there are two options that are available. The first is to use a router/firewall configuration. The second is to configure individual devices. For wireless operations this would be done at the wireless access point(s).

For any added filtering option employed you must consider the added complexity for support. While you may be comfortable understanding and maintaining the configuration, will your successor? Also contributing to potential difficulties will be the level of support you will be able to get from Church headquarters. Church headquarters may not be able to help you with non-standard networks behind the Church provided firewall.

It is for these reasons that I have not implemented a solution such as OpenDNS for networks and systems under my care.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
schester
New Member
Posts: 37
Joined: Sun Sep 30, 2007 11:40 am

#15

Post by schester »

Another thing to mention about OpenDNS is that it typically speeds up the network. I use it on all of my networks for one reason or another. In addition to the filtering of inappropriate content, it will also help protect you against malware. It's just another layer in the mix of protection.

Most ISP's don't want to maintain DNS servers and are more than happy to pass off that administrative burden to openDNS.

For those interested, I did some basic testing a while back with some different consumer routers and found that using OpenDNS was just as important in looking at latency. http://www.schester.com/2010/07/26/veri ... et-tested/
Post Reply

Return to “Meetinghouse Internet”