OpenWRT/Gargoyle plugin for dynamic IP nets

Completed

Comments

7 comments

  • Avatar
    Brian Hartvigsen

    There are already appropriate packages available for this.  See http://wiki.openwrt.org/doc/howto/ddns.client .  You would need an Update Only password which can be issued by support on request.

    An example configuration you may want would be as follows:

    config service "opendns"
    option enabled "1"
    option interface "wan"

    option service_name "opendns.com"
    option domain "NETWORK_LABEL"
    option username "USERNAME_OR_EMAIL"
    option password "UPDATE_ONLY_PASSWORD

    option force_interval "24"
    option force_unit "hours"
    option check_interval "5"
    option check_unit "minutes"
    option retry_interval "60"
    option retry_unit "seconds"

    option ip_source "web"
    option ip_url "http://myip.dnsomatic.com/"

    option update_url "http://[USERNAME]:[PASSWORD]@updates.opendns.com/nic/update?hostname=[DOMAIN]"
  • Avatar
    hsaof

    I already use a DDNS client on my OpenWRT router for another DDNS. Could you please explain what is expected for [DOMAIN] as I subscribed for the Family Shield service and thus do not got a domain name. Or do I get one?

  • Avatar
    mattwilson9090

    Family Shield is a non configurable product. Once you configure your router to use the Family Shield DNS server addresses 208.67.222.123 and 208.67.220.123 it just works, there is no need to provide IP address updates or a network name since you can't control what Family Shield blocks or not.

    If you want more control over what OpenDNS blocks then you would use the regular DNS server addresses of 208.67.220.220 and 208.67.222.222 in conjunction with the OpenDNS account you create. When you create that account that's when you'd assign the NETWORK_LABEL. Assuming you have a dynamic IP address from your ISP that's also when you'd set things up to update OpenDNS with your IP address.

    Note, OpenDNS is not a dynamic DNS provider, they are a recursive DNS service that adds significant security and filtering options. If you were intending to use OpenDNS for dynamic DNS you'll need to continue using the service you are using now or another service.

  • Avatar
    hsaof

    Just for clarification: I set up my router to point DNS requests to the Family Shield server IP. Tested settings (with well-known sites) and it seems it works fine. Now I created an account linked out from the family shield description. I assume this account belongs to the 'personal' or 'enhanced DNS' configuration for private use? is that correct? I got access to a dashboard where I am asked to add a network and filtering rules. But none of these settings belong to the family shield?

     

    P.S.: maybe worth mentioning it for OpenWRT newbies: the config above belongs to the ddns-scripts package of OpenWRT. Just to guide what you need to install on the router

  • Avatar
    Alexander Harrison

    To clarify here, there are two sets of OpenDNS resolvers - the standard (208.67.220.220 and 208.67.222.222) which filters only Phishing by default and FamilyShield (208.67.220.123 and 208.67.222.123) which filters Tasteless, Proxy/Anonymizer, Sexuality, Pornography, and Typo Squatting for all users. The dashboard for an OpenDNS account can modify filtering settings; however, FamilyShield resolvers cannot have the default set of filters turned off even if they are not checked in the Dashboard. 

    Customizations on the Dashboard would allow for customized filtering and also for network stats, and this is what would require an up to date IP registration. The domain all.dnsomatic.com can be used if a domain is required. 

  • Avatar
    mattwilson9090

    So just to clarify, Family Shield can be modified using an OpenDNS account and the dashboard (along with the Family Shield set of resolvers) but you can only *add* to the basic set of filters, you can't modify or reduce that set of filters.

    Continuing this further, if you're using "customized" Family Shield this way, and change to the standard resolvers, you'd be left with whatever you had customized, but would lose the blocking for the categories that Family Shield blocks unless you had manually added them as well.

    Is there any advantage to using "customized" Family Shield this way, or is it better and easier to use the standard resolvers along with the dashboard to apply customizations? Myself, I'd use standard, but that's partly because I've been using OpenDNS for so long, well before Family Shield was released, that using the standard methods is second nature to me.

  • Avatar
    rotblitz

    "So just to clarify, Family Shield can be modified using an OpenDNS account and the dashboard (along with the Family Shield set of resolvers)..."

    No, the other way around: OpenDNS account and the dashboard can be modified using the FamilyShield addresses

    "...but you can only *add* to the basic set of filters, you can't modify or reduce that set of filters."

    Yes.

    "Continuing this further, if you're using "customized" Family Shield this way, and change to the standard resolvers, you'd be left with whatever you had customized, but would lose the blocking for the categories that Family Shield blocks unless you had manually added them as well."

    Yes.

    "Is there any advantage to using "customized" Family Shield this way"

    This depends.  If it is essential for you that the categories above (Tasteless, Proxy/Anonymizer, Sexuality, Pornography, and Typo Squatting) are blocked all the time even when your IP address information isn't registered with OpenDNS for a short time for whatever reason, then this is the way to go.

Please sign in to leave a comment.