[AccessD] It just goes to show ya

jwcolby jwcolby at colbyconsulting.com
Sat Dec 17 09:06:21 CST 2011


OpenDNS is just a domain name server with filters.  A Domain Name Server takes names such as 
Microsoft.Com and turns that into a numeric IP address www.xxx.yyy.zzz.  OpenDNS simply takes those 
"natural language" IP addresses and filters them against known attributes and makes a decision 
whether to perform the translation into a numeric IP address.

So... my teenage son types in penthouse.com.  The request is sent to OpenDNS, where I have set up my 
filters based on what I want to allow through.  There are checkboxes on that page which allows me to 
filter out specific things.  I have checked a box to filter out adult content.

http://www.opendns.com/web-filtering/

My son's browser responds with a generic message that he is not allowed to surf to that site.  My 
son then embarks on a concerted attempt to circumvent this issue and within minutes has discovered 
what is going on and has locally set his system to use a different Domain name server.  15 minutes 
later he is reading penthouse.

Of course the last paragraph was tongue in cheek but still....

You can actually set up your router to use a specific domain name server such as OpenDNS, which is a 
much more secure implementation method.  The problem is that IIRC if you set the NIC itself to use a 
specific DNS then it goes around the router.

But in general, other than for very sophisticated, computer literate and determined teenagers, a 
service like OpenDNS works rather well, for what it is and what it does.

John W. Colby
Colby Consulting

Reality is what refuses to go away
when you do not believe in it

On 12/17/2011 9:12 AM, Dan Waters wrote:
> I use different email addresses, and also log into 4 different customers
> with 4 different VPN methods.  Would OpenDNS cause an issue with any of
> this?  I'm also using Comcast as an ISP - is that OK?
>
> I looked at the OpenDNS site, but I didn't see a good explanation of what it
> was actually doing, or even a general description of how it worked.
>
> I don't have my own 'network' - is it helpful without that?
>
> Dan
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Hans-Christian
> Andersen
> Sent: Saturday, December 17, 2011 4:09 AM
> To: Access Developers discussion and problem solving
> Subject: Re: [AccessD] It just goes to show ya
>
> One of the nicest features of opendns is that it will tell you if there are
> any dns queries coming from malware on your network.
>
> Best regards,
> Hans-Christian Andersen
>
>
> On 16 Dec 2011, at 13:33, "Rusty Hammond"<rusty.hammond at cpiqpc.com>  wrote:
>
>> Another thing I've done is setup an opendns account for my home.  It's
>> free and does a nice job of content filtering.  No need to install
>> filtering software on the computers, but I do run the opendns ip
>> address update client on my desktop that's on all the time.
>>
>> www.opendns.com
>>
>>
>> Rusty
>>
>>
>> -----Original Message-----
>> From: accessd-bounces at databaseadvisors.com
>> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
>> Sent: Thursday, December 15, 2011 6:47 AM
>> To: Access Developers discussion and problem solving
>> Subject: [AccessD] It just goes to show ya
>>
>> I got an email this morning - XYZ wants to be your friend on facebook.
>> I don't know xyz, but I often go look to see if maybe I do know them
>> out in a circle somehow.
>>
>> I clicked on the link...  It *looked* just like those things from
>> Facebook...
>>
>> You guessed it, it was a social engineering attempt to get me to a
>> page to do something bad to my computer.
>>
>> I run firefox in DropMyRights sandbox AND I have a widget to prevent
>> running scripts in firefox which just saved my bacon.
>>
>> It just goes to show though.  I *know* about this stuff, I am very
>> careful and I still got suckered.
>>   Only my safeguards saved me.
>>
>> --
>> John W. Colby
>> Colby Consulting
>>
>> Reality is what refuses to go away
>> when you do not believe in it
>>
>> --
>> AccessD mailing list
>> AccessD at databaseadvisors.com
>> http://databaseadvisors.com/mailman/listinfo/accessd
>> Website: http://www.databaseadvisors.com
>> **********************************************************************
>> WARNING: All e-mail sent to and from this address will be received,
>> scanned or otherwise recorded by the CPI Qualified Plan Consultants, Inc.
>> corporate e-mail system and is subject to archival, monitoring or
>> review by, and/or disclosure to, someone other than the recipient.
>> **********************************************************************
>>
>> --
>> AccessD mailing list
>> AccessD at databaseadvisors.com
>> http://databaseadvisors.com/mailman/listinfo/accessd
>> Website: http://www.databaseadvisors.com
>
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>




More information about the AccessD mailing list