Block sites that are not that are not present in your database
I do not know if it's a good idea, and if you can accomplish with a DNS service. I think, for FamilyShield DNS, it is important to block sites that are not already marked. Therefore it seems appropriate to block sites that are not present in your database.
Thanks and sorry for my bad english
-
Whitelist on a per domain basis, since OpenDNS is a DNS service it only sees DNS lookups, it know nothing about sites, only domain.
By groups I assume you mean categories. I'm still using OpenDNS Enterprise where I can't whitelist categories, but I don't know about VIP Home or any of the other paid home products. Whitelisting by categories would be easier, but if not, at least with the pay products you'll get 50 whitelist slots to work with instead of the 25 you get with the free products. Plus, with the pay products you do have the ability to use a bypass code, so it would be easier to manage a whitelist only environment if the whole idea behind this is to keep kids off of sites you don't want them seeing.
-
"Whitelist on a per site basis? Or can you whitelist on a per group basis as this would work too."
This depends on your definition of "site" or "group". These terms are not part of the Domain Name System (DNS), but only zones, domains and subdomains are.
For example, if you whitelist (or blacklist) google.com, then this domain (zone) name and all its subdomain names and aliases (CNAME) are affected. Would this be "site" level or "group" level? I would call it zone level at the best.
-
Having an option to block uncategorized domains whould not be a "great option for every day use" either. You can't imagine how many uncategized domains there are, but essential for websites to work, so many people would come to here again to complain about domains still not being categorized... -
It is interesting your argument rotblitz and don't get me wrong I understand it! I work for a big company and Unclassified websites are blocked. If we have an issue with that we can have Mcafee Classify it or we can have our internal IT security department whitelist it. Most people searching items do not usually have an issue with this and you would not encounter an unclassified website too often. Again if you do though it is only a matter of someone saying HEY I don't think that should be blocked and then asking the Admin to whitelist it.
I certainly hope OpenDNS is looking at this thread and is in process of creating an option for this. Even if it is apart of the Home VIP....
-
@hanny1234 I think that's the problem you are trying to solve. Most here don't seem to be that narrow or specific in what they are looking for. They seem to want to block all uncategorized sites, regardless of if they are video sites or rapidly changing their domain names.
@picardfamily That doesn't mean that people who chose to block uncategorized sites wouldn't complain about the problems it causes, or wouldn't start screaming here and on other sites how OpenDNS "broke" the internet for them. My years of experience in supporting IT and other technical products tells me that for a number of reasons people would check it, have no clue what they were doing, then complain about the problems and demand that others fix whatever is screwed up with OpenDNS. They'd insist that there were no problems with their configuration, and that whatever the fix was it would have to include blocking uncategorized domains still "work" for them.
@bizztim I'm sure that at least one person from OpenDNS is reading this thread. I'm not sure if any of them have responded to this or similar threads, but I'm sure that one of the first thoughts they have is the potential, if not likely, nightmare support scenario that this would create for them. Personally speaking, for such a broadbased userbase as OpenDNS has I wouldn't implement it. The potential downside of a black eye from something like that is far more likely than the downside of not implementing it for what are likely a relative handful of users, many of whom don't even pay for the service.
Besides which, OpenDNS does already have an option in place, whitelist only with bypass page and the option to send a message to admins to whitelist additional domain as they are encountered. Of course that option does require paying for the service.
-
As written above, when using "Custom" filtering there should be an "Uncategorized" button, Then EVERY domain lookup is controlled by at least one (hopefully exactly one) of the buttons. The Uncategorized button is normally not checked and thus you are using the other buttons to build a blacklist by category. If you check Uncategorized to block uncategorized sites, then you are in effect using the other buttons to build a whitelist by category. This is easy to understand and this additional behavior would not apply unless Uncategorized were checked. Please add this -- I would buy VIP Home if it had it, but apparently it doesn't either. Thanks!
-
@howfamily and @hanny1234 You both say that you would pay extra for this, so what are you paying for now? If you get one of the pay products, most likely VIP Home or Umbrella Prosumer (since I assume you are home users), you have a "whitelist" only option as well as the option to use a bypass account or code.
If you do that you'll be getting the same functionality that most everyone else in this thread is asking for, and OpenDNS won't have to provide support to people using the free product that will result when people choose to block "uncategorized" and start screaming that OpenDNS "broke the internet". I can certainly understand OpenDNS not wanting to support something like that in a *basic* product that they are already giving away for free.
-
I have been watching this thread for 18 months now, and I'm getting a bit frustrated with the nay-sayers who assume we all must be a bunch of ignorant fools. Whitelisting is not the same at all, unless you expect me to whitelist a tens of thousands of commonly-used domains and all of the alternate domain names that are necessary to support them. I alone can't do that, but thanks to OpenDNS and the OpenDNS community, the data already exists. I don't want my family to only see a few hand-picked websites. I want them to have access to the vast majority of sites on the Internet. What I don't want them to have access to is rogue sites that are frequently used for phishing attacks. I also don't want them finding new and creative porn sites that pop up weekly and have yet to be included in filters.
I work at a federal agency with over 5,000 workstations and our IT Security team considers our "Unidentified Sites" filter to be absolutely essential to our Internet security. Yes, probably once a day I run into a site I can't immediately access. It isn't a huge deal. If I really need access I request that it be reviewed and it is available within 24 hours.
This isn't some bizarre, foolish, request. It is available as a standard feature in at least two different enterprise-class firewalls that have been used here at my office to manage IT security. Having the OPTION to add it to my filter preferences would greatly increase the utility of the OpenDNS service.
-
Wow, @mattwilson9090 completely misses the point. First, the core of what I want is to specify what happens to sites not on any list -- in my case, I want to block them. I'm OK with that being non-default behavior I have to request. According to @picardfamily, the VIP Home service does NOT do this, and the individual domain whitelisting is not a substitute. It's true I haven't looked into Umbrella of any kind, so I'll do that now. Just to repeat, here's what I want: Accept/Block each of the ~60 categories as I see fit (already supported), block all sites not categorized (only "accept" is supported), then individually accept/block a few sites to fix categorization mistakes/slowness (already supported). A moment's thought will show that this "new feature" doesn't complicate categorization at all, which would be a problem for OpenDNS. Thanks.
-
I can't see how this could hurt. If I'm smart enough to check off the "block uncategorized sites" and one of the kids whines at me that all these sites are blocked, I'll simply uncheck it, attempt to categorize it, or tell them to go pound sand. I won't cancel OpenDNS because it takes one more positive step towards giving me control. The arguments against this option are silly. Whitelist argument is even sillier, I use OpenDNS because it's categorization makes it useful. Whitelist is not an option for this use case.
-
I'm new to OpenDNS and I like it so far, but from what I have seen till now this is the big missing stuff ! This must be off course something the user can enable / disable and the error message must be clear (even better would be the option to have a link in the error message to the possibility to propose the site in a category). It fully depends why you are using categories and how critical the web access is for you but if it is to protect your children or to simply protect your pc from security threats, blocking the uncategorized is a must. Moreover the more people would block the uncategorized, the more the community will submit proposals for categorization of new sites. I only see advantages of having it: simple to implement @OpenDNS; it remains a choice for the user, and finally it will motivate the community to participate more in categorisation
-
I'm new to OpenDNS as well and like this idea. As stated previously, it should be an option with it turned off as default. The admin page could easily have the option to submit a suggested category, submit for tagging AND add to the admins personal white list. All fun stuff a computer could easily handle.
-
I too like the sound of this idea. By now most "main" sites would have a category and its those that don't I would be interested in seeing who is trying to access it and for what. If its OK then can always add it to the whitelist.
I would have thought OpenDNS would be able to generate some stats on sites with no category and if the idea was adopted make those stats available via the dashboard so at an account level you can see how many sites are visited prior to switching. This would enable an informed decision about your web usage and what settings are most appropriate.
-
Simply put, without the option to block all uncategorised sites OpenDNS cannot be used as a reliable filter. I would not allow my kids to used sucha filter as it is very unreliable, there are many unsavory sites that have not yet been categorised.
Additionally an option to block all and allow white list only would be greatly appreciated.
-
This topic has been discussed ad nauseum so I'm not going to try to repeat anything. Basically if you don't like the feature set the FREE service offers you can always use another FREE service.
However, one thing I will repeat that has also been stated ad nauseum. There is already an option to block all and white list only the domain that you want to allow. It's contained within the OpenDNS VIP pay product. At least then when you claim that OpenDNS "broke the internet" you'll be paying for some of the support time you'll be eating up because blocking that many domains en masse is going to seriously restrict your ability to access anything on the internet.
-
@mattwilson9090: it has been discussed ad nauseaum, but you still miss the point: the request is not to go for a per domain whitelist-only mode which is indeed available in the VIP and Umbrella Prosumer options (and which, to my point of view is useless) but for a per category whitelist-only mode, which does not exist, except probably in the Umbrella for business. It is therefore not a question of free or not, but to request a feature which doesn't exist at all. I would personally understand that we have to pay to use it and would be happy to go for VIP account if it was there.
-
Yes, I agree with @toufou73, We are just asking for a feature that does not exist and for it to be an option for those of us that would like to use it. I have VIP and using just the whitelist is not a good solution, because you would have to list every site that you want to allow. Where as using the category feature it is easier. I have been using OpenDNS for over 10 years and this is the one piece that it lacks.
-
@mattwilson9090: Please don't make harsh comments when you don't know what you are talking about. As I've said before, I know exactly how restrictive this would be since I deal with it daily at work. Like I've said before, I work in a Federal agency with over 4,000 users and we utilize a firewall with this feature. Once or twice a day I'll click on an obscure domain (say the personal domain of the blog of a friend) and I'll get a notification that says (quoted from the actual error page):
Based on your corporate access policies, access to this web site ( http://www.t*****s.net/ ) has been blocked because the web category "Uncategorized URLs" is not allowed.
If you believe this page has been misclassified, use the Site Review Request link to report this misclassification. Request CategorizationIt is a slight pain but I am willing to live with it. This feature is implemented in many business level firewalls. I have been a VIP customer in the past and I am willing to pay for the feature now.
-
I've been an IT security professional in the financial industry for 20 years. This is now considered a best-practice setting for security in business and home users would benefit as well. Its shocking how really un-impactful this change is to most users. Every now and then we have to categorize someone's Orthodontist's website, but that's the biggest pitfall we've seen. I would really like to see this as an option that users can select if they want. I would use it at home today if available to me.
-
Blocking uncategorized or newly created domains is a best practice used by most governments and large companies; granted, this is usually performed at the web proxy and not directly through DNS. OpenDNS Umbrella supports the NoTag/CatNone/NoCat/UnCat process through the Investigate API. https://enforcement-api.readme.io/docs/domain-acceptance-process -- "Is the status of the domain uncategorized? A domain is considered uncategorized when the OpenDNS Investigate API returns a score of 0. If a domain is uncategorized, it is added to the OpenDNS customer’s block list."
While this 33 month old suggestion is not extreme, I understand the concern of many that it may not work as expected because the way that OpenDNS categorizes web pages using us humans: https://community.opendns.com/domaintagging/ This is very different from many other proxy providers like BlueCoat/K9 & WebSense who use racks of computers to auto-categorize everything they see and change categories very rapidly. With only 3.2M / 10.4M submitted tags decided, there are probably 100M additional domains tagged automatically within Umbrella or stuck in the untagged bucket.
I believe offering Uncategorized as a bucket for individual users to use when customizing their individual category whitelist should be an option, and while it may not work for some people, I believe my family will be happy with the 3.2M+ domains already categorized. The current method of redirecting to http://block.opendns.com works well & my family often contacts me because of those blocks. The existing page could be updated to include information on the risks of new & uncategorized sites along with a link to the community domain tagging page. The side benefit is that the community of taggers may grow.
-
OpenDNS has access to all registered domains.
OpenDNS can automaticaly tag new domains as Uncategorised/New.
OpenDNS could run a word search on some top-level pages of new domain to provide an initial categorisation for review.
OpenDNS could look to see if a login is required and tag domain as a portal.
OpenDNS could look at links on pages to other domains that are already tagged to provide an initial categorisation for review.
Please sign in to leave a comment.
Comments
117 comments