Forums/OpenDNS Community/Getting Started with OpenDNS

Introduction to Configuring OpenDNS

mattp1
posted this on Jan 29 17:36

 

Configuring OpenDNS means that OpenDNS is being specified as the DNS server for a network, usually in place of the DNS servers provided by an ISP. As the DNS server for a network, OpenDNS receives and answers the Internet DNS requests that originate from the computers and devices connected to that network.

It is important to understand that OpenDNS’s advanced-feature settings are applied to a network and those settings are subsequently inherited by all of the computers and devices that connect to that network.

The topics in this section reference the most common ways to configure OpenDNS on a home, small to medium business, or Enterprise network.

Topics in this Article

  • Network Routers and Modems
  • Computers
  • Internal DNS Servers
  • Enterprise Networks
  • Networks with Dynamic IP Addresses
  • WiFi Devices: Smartphones, Game Consoles, etc.
  • Configuration Hiccups
  • Testing for Successful Configuration of OpenDNS

 

NETWORK ROUTERS AND MODEMS

Configuring OpenDNS on routers and modems ensures that all computers and devices that connect to that router or modem use OpenDNS and the subsequent Web content filtering and security settings. This is recommended as the best-practice configuration to use for networks that do not have an internal DNS server.

A router manages the incoming and outgoing traffic of a public IP address, which defines a unique network to OpenDNS and to the Internet. Network routers, including WiFi routers and modems with integrated routers, are the easiest and best place to configure OpenDNS as the DNS server for a network.

One or more computers and/or devices may be connected to a network to access the Internet and other resources. OpenDNS settings are applied to a network and those settings are inherited by all of the computers and devices that connect to that network.

To configure OpenDNS on a network router or modem, follow this link for detailed instructions.

 

COMPUTERS

Configuring OpenDNS on computers is beneficial in cases where it might not be possible to change the DNS settings on a network router. OpenDNS can be configured directly on computers through the network settings program of the computer’s operating system. Computers configured thusly will always use OpenDNS servers for Internet DNS requests.

Configuring OpenDNS on computers also ensures that computers do not have another DNS resolver configured; having other DNS resolvers configured will allow for circumvention of OpenDNS network filtering settings.

Comprehensive OpenDNS filtering and security features may still be applied through an OpenDNS account as long as that computer does not traverse other networks where it may acquire (or cache) another DNS resolver setting/configuration.

To configure OpenDNS on a computer, follow this link for detailed instructions.

 

INTERNAL DNS SERVERS

Some home networks and most small-and-medium businesses, schools, and large enterprises use a dedicated server to route and answer all DNS requests from computers and devices within the network. For these networks, configuring OpenDNS on the internal DNS server is the recommended best practice.

A network that uses an internal DNS server can increase performance when using OpenDNS as the forwarder for external DNS requests. Configuring an internal DNS server to use OpenDNS ensures that all systems on that network realize an intelligent, safer, and faster Internet experience.

Internal DNS servers forwarding to OpenDNS will return results more quickly and consistently as the result of the two OpenDNS features detailed in the following table.

OpenDNS FeaturesThe Benefits
Proprietary OpenDNS SmartCache returns the last known valid IP address for websites that may be experiencing difficulty and actively stores the IP addresses of the most visited sites by all Internet users. OpenDNS end-users can access websites that are temporarily not accessible to other Internet users. In addition, OpenDNS end-users will get to websites much faster.
Our server network uses Anycast routing technology to guarantee the best performance and most readily available Internet DNS service. Internet DNS requests are routed to the closest OpenDNS server to you. If that server is down for maintenance, your DNS requests are routed to our next closest server.

To configure OpenDNS on an internal DNS server, follow this link for detailed instructions.

If you need additional IP addresses (3rd and 4th priority forwarders), you should use the following: 208.67.220.222 and 208.67.222.220.

 

NETWORKS WITH DYNAMIC IP ADDRESSES

Comprehensive OpenDNS Web content filtering and security features are implemented and managed through a network and a network is defined by an IP address. If a network’s IP address is dynamically assigned by the ISP, that address will eventually change and most OpenDNS filtering and security settings will no longer apply to your customer’s network and the computers and devices that connect to it.

To preserve OpenDNS Web filtering and security settings, networks that use dynamic IP addresses must be configured appropriately.

Unless you are certain that a network has been assigned a static IP address, you should perform the following steps to properly configure OpenDNS Enterprise on your customer’s dynamic IP network.

  1. OpenDNS Administrators (you) must enable dynamic IP updates for the network registered in an OpenDNS account, regardless of whether using a Dynamic DNS client or managing the network manually.

    Log into the OpenDNS Dashboard and select the network on the Home or Settings tab. Choose Advanced Settings, navigate to the Dynamic IP Update section, select Enable… and Apply your setting.

  2. For ease and greatest consistency, download an OpenDNS Dynamic IP Updater onto at least one computer in the network, according to these guidelines:
    • The computer should be stationary to the network (only used in the network on which you are configuring OpenDNS).
    • The computer should always be ON, or turned on before any other computers log on to the network.
    • The computer should not be accessible by children or young adults who may be savvy enough to turn off the updater client.

    The OpenDNS Dynamic IP Updater automates the discovery and registration of a network’s IP address to your customer’s OpenDNS account whenever the IP address should change.

    Benefit: consistent protection provided by the OpenDNS settings to the network and to all computers and devices that connect to that network.

    Note: Most Dynamic DNS (DDNS) clients will work, but cannot be supported by OpenDNS customer service. If you have developed a Dynamic DNS client, follow this link for related information.

  3. OpenDNS MSP Administrators can also manage dynamic IP addresses manually, but there may be lapses in OpenDNS protection should you not apply the IP address update immediately after it changes.
    Log in to the OpenDNS Dashboard and go to the Settings tab. If OpenDNS has detected a new IP address for the network, an icon displaying green arrows will be visible next to the customer’s network IP address. Another IP address will be displayed underneath the original. If this second IP address is now being used by this network, click the icon to complete the IP address update to OpenDNS.

WIFI DEVICES: SMARTPHONES, GAME CONSOLES, ETC.

OpenDNS speed, reliability and safety can be applied to devices that access the Internet through wireless (WiFi) networks or hotspots. Supported devices include personal computers, many smartphones, game consoles, digital media players and Internet browsing devices such as tablet computers and iPads.

A WiFi network is provided from an integrated wireless network router (WiFi capability and network router in a single device) or a wireless access point connected to a port of a network router. In either case, a WiFi network is simply a wireless extension of an existing network, which is defined by a unique IP address.

All OpenDNS filtering and security settings for a network, including a WiFi network, are inherited by the computers and devices connected to that network.

To configure OpenDNS for WiFi devices, we highly recommend configuring your WiFi network router to use the OpenDNS servers. For those instructions, follow this link.

Two Network Options for Smartphones

 

The OpenDNS Umbrella product features a VPN client that can be installed on a modern iPhone or iPad and use the OpenDNS services via the VPN.  For more information about how to use it, click here http://www.opendns.com/enterprise-security/products/mobility/

Many cellular smartphones are WiFi compatible, which provides two network options for sending and receiving data: the cellular network primarily used by the phone (e.g. 3G, 4G, GPRS, etc.) and a WiFi network. If OpenDNS is configured as the DNS for the WiFi network, OpenDNS filtering and security settings are applied to the smartphone that is utilizing that WiFi network.

To use a smartphone on a WiFi network, the phone must have WiFi activated and be connected to an available WiFi network. When connecting to a WiFi network that does not use OpenDNS, you may not be able to use OpenDNS during that session unless DNS settings can be explicitly set on that phone.

Some smartphones have adjustable DNS settings that you can configure to use OpenDNS servers when browsing the Internet, which enables OpenDNS benefits such as greater Internet speed, reliability and safety. A phone configured to use OpenDNS is protected from botnet and phishing threats, which is useful when connecting to WiFi routers that are not already configured to use OpenDNS.

However, comprehensive filtering and security settings that may have been configured on the WiFi router at home and office will not apply when your phone is connected to another WiFi network, as that network will have a different IP address.

To use OpenDNS for use on a smartphone via WiFi, we recommend configuring your router to use OpenDNS for DNS requests. To change the DNS settings on a smartphone, please refer to the manufacturer instructions or the cellular provider’s website.

 

CONFIGURATION HICCUPS

Unfortunately, not every Internet browsing experience can be enhanced and protected by OpenDNS. For example, some ISPs do not enable you to use third-party DNS services and some modems with integrated routers do not let you adjust DNS server settings.

The following table discusses known scenarios where using OpenDNS requires an extra configuration procedure or cannot be done.

Identified IncompatibilityWhy and What Can You Do?

 

HughesNet and potentially
other satellite Internet providers

Often use proxy servers to provide Internet service and redirect all DNS requests to their own network’s DNS servers. 
At this time, there is no known workaround to enable configuring OpenDNS.
AT&T U-Verse modem/router

 

Depending on the router, you may not be able to configure DNS settings.

To workaround: configure OpenDNS on your computer(s) or add an additional router. For more information search this OpenDNS Forums.

Smartphones not connected through
an OpenDNS protected WiFi network
If your smartphone is using the cellular network for data, you are using their DNS server. Enable and configure WiFi on your smartphone.
ISPs that use transparent proxy servers

 

You may not know if the ISP, if separate from you, is one of them, but when they use a proxy server, that system generates the DNS request and it will use the DNS server of that network, not yours.

If this is determined that the ISP is using a proxy, you might get them to disable it for your network. Then you will be able to use OpenDNS.

 

If you have tried to configure OpenDNS on a network and none of the above conditions apply, please contact us so that we may better understand the circumstances and guide you to a successful OpenDNS experience.

 

TESTING FOR SUCCESSFUL CONFIGURATION OF OPENDNS

 

OpenDNS provides three different URLs that enable you to test and verify the successful configuration of OpenDNS on a network. The OpenDNS test URLs are described in the following table.

OpenDNS Test URLResult When OpenDNS is Configured Correctly

 

http://welcome.opendns.com

An OpenDNS Web page with a large checkmark and wording that says, “Welcome to OpenDNS!”

 

http://www.internetbadguys.com

An OpenDNS Web page with a warning icon and wording that says, “Phishing Site Blocked!”
http://www.craigslist.og Notice the intentional typo of .og: OpenDNS will auto-correct and bring the user to www.craigslist.org, which highlights our typo-correction feature and confirms that OpenDNS is working. 
Note: This test is not valid for OpenDNS Enterprise because NXDOMAIN redirection is disabled by default.

 

If these tests return results other than those described in the table, further troubleshooting may be required. To begin, we suggest to contact your ISP and confirm that they are not running a proxy. Also ask them if they allow 3rd-party DNS services, such as OpenDNS or Google DNS. You might also want to follow the instructions for configuring OpenDNS on each computer, which are available here.

 
Topic is closed for comments