Time based filtering

Comments

16 comments

  • Avatar
    rotblitz

    "Add a feature to the user's account, free and paid, to be able to set their time zone."

    This feature exists.  https://dashboard.opendns.com/myaccount/timezone

    "Then give an option to apply specified filter rules / custom rules for a given time period / days of the week."

    This feature exists with Netgear routers and OpenDNS' LPC.  https://support.opendns.com/entries/21804554-Frequently-Asked-Questions-

    See also https://support.opendns.com/forums/21211727-Idea-Bank/entries/search?utf8=%E2%9C%93&query=time+based&for_search=1&commit=Search
    And https://support.opendns.com/forums/21211727-Idea-Bank/entries/search?utf8=%E2%9C%93&query=schedule&for_search=1&commit=Search

    As you can see from many ideas around this, it is "not planned", so requesting it again does not make sense.

    0
    Comment actions Permalink
  • Avatar
    gh47

    I support the PCs at a community centre.  There is a Youth Club every Thursday evening and we would like to protect the kids from the nasties on the net.

    The rest of the time the PCs are used by adults and protection is not needed and could even cause problems sometimes.

    A timed protection facility would be very useful to us.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    As rotblitz explained more than 6 months ago this feature already exists with Netgear routers that have OpenDNS LPC on them.

    It doesn't appear that you've read any of the threads that he linked to, but time based filtering cannot be provided by an internet based DNS service due to the way the technology works. That is something that needs to happen at the local hardware level, such as with the above mentioned Netgear routers.

    0
    Comment actions Permalink
  • Avatar
    slincke

    Add me to the long list of folks that would like a way to schedule site or category access filtering by time of day.  I see the tireless responses that OpenDNS has apparently partnered exclusively with Netgear to offer its scheduling solution, but lots of folks are manually changing the OpenDNS filter levels successfully (but exhaustingly) and dealing with the DNS cache issue and don't want a new router and all the hassles that entails.  I for one would upgrade to OpenDNS premium service @ $20/yr if that was required to get this feature.  I'd pay more if the client DNS updater would check periodically and automatically flush the cache on the local device when it saw the settings had changed.  I think I saw that this is has been the number 1 idea in the Idea Bank for years - don't let the caching issue stop your from delivering what your customers are begging for.  Thanks.

    1
    Comment actions Permalink
  • Avatar
    mattwilson9090

    I'm not going to address the rest of this post since all of it has been talked to death, and OpenDNS has made it clear that for various reasons (including technical reasons of how DNS, DNS caches and browser caches all work) that they are not going to provide this feature other than with hardware. It's possible that they could add it to the pay services that use a software agent, but then that agent would have to constantly be checking and flushing all locations where data could be cached, to include not just the DNS and browser caches on the local device, but any source of caching on the local network or that the ISP might have implemented. The reason the Netgear and other routers with LPC are able to do blocking by time is that they use methods other than DNS to provide that functionality, and since they are the perimeter device can stop all traffic to and from a particular location because they control all internet traffic, not just DNS traffic.

    That said, the DNS Updater is not the appropriate place to flush the cache since the updater is only required on one device in an entire network, regardless of it's size, and would only be able to flush the cache on a single machine. So if you had a network with 2 laptops, 3 tablets, and 4 smartphones, only only one of those devices would benefit from this, assuming that any of them had the updater installed in the first place.

    0
    Comment actions Permalink
  • Avatar
    lightning_monkey
    +1
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @lightning_monkey 
    Not sure why you say "+1".  Did you vote for the idea above?  This does not make sense, because OpenDNS have partnered with Netgear to make this feature happen.  So it is already there, and OpenDNS certainly will do nothing and will not invent the wheel from anew again...

    -1
    Comment actions Permalink
  • Avatar
    timkofu

    This feature is essential. A DNS blacklist that kicks in for a specified duration would be excellent.

    Preferably, a REST API that would enable blacklisting or white-listing a domain (with all sub-domains covered of-course), then we can have all sorts of flexibility on managing access in our networks.

    1
    Comment actions Permalink
  • Avatar
    cobalt-phoenix

    This feature exists, so use it instead of requesting it.

    -1
    Comment actions Permalink
  • Avatar
    timkofu

    We are requesting it because it does *not* exist. So far all I have found is you need Netgear gear to use it. We are asking for one without vendor lock-in. It's a legitimate request.

    1
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Yes, it does exist. LPC is the time based solution that OpenDNS provides and supports.

     

    It is not a legitimate request because it is technically impossible to make DNS time based due to the caches involved. In order to make this work you would have to come up with a way for the OpenDNS servers to proactively flush all DNS caches, including those in the browser, the operating system, any DNS servers internal to the network (including on the router if there is one), the router's own DNS cache, and any caches that the ISP uses.

    If you think it is possible outline your solution that does not require installing software on all those devices for OpenDNS to control, and that does not require a total rewrite of the DNS system that the internet relies upon.

    So as cobalt-phoenix / robtlitz said, the feature exists. It is your choice not to use it and to demand another.

    -1
    Comment actions Permalink
  • Avatar
    timkofu

    Without going into the technicals, the "Web Content Filtering" section on the dashboard already enables one to enter a domain name to allow or block access to. It then requests that you wait three minutes before the change is reflected in your network.

    A REST API enabling access to just this section (adding and removing of domain names from the black and white list), then waiting three minutes to see the changes reflected on the network would be perfect. This way we can have scripts running off cron that would then block/allow domains based on our local times (without open DNS having to know the timezone, etc), and would enable arbitrary logic to be applied to the decision of blocking or allowing a domain in real time.

    But I'm on the outside looking in. If you say it's not possible, then it's not possible.

    0
    Comment actions Permalink
  • Avatar
    cobalt-phoenix

    Ah, you do need own scripts to use an API to make it work at all?  Well, 99% of the users will not be able to set up something like this, because it doesn't come from OpenDNS and needs to be created by the user.  Also, you forgot that your script needs also to perform clearing the local caches, browser cache and DNS resolver cache, to make it work as you expect it to work.  Just waiting for 3 minutes would almost do - nothing!

    And as you are at this point where you want to create a script: you don't even need an API, but you can access the dashboard with usual HTTP(S) methods to submit the forms in the way you want - already today, without anything to be delivered by OpenDNS.  The FetchStats tools is just such an example for doing it this way.  With your script you can add and remove individual domains this way, and enable/disable categories as you want.  The tools you may need to utilize in your script are cURL and/or wget.

    0
    Comment actions Permalink
  • Avatar
    timkofu

    Explain that first sentence.

    I disagree. 99% of the users have someone they know who knows someone who can code up something for them *if the API exists*. Basically you have no way of knowing people wont use use it, but you have this 2 year old thread of users who will use it asking for the feature. And there would probably be more were it not for the attacking attitude of technical support on this thread.

    Libraries do exist (Mechanize, Selenium) that would handle properly logging in and navigating the site, but that is an error prone work-around that depends on urls and the html staying exactly as it is.

    Also, this is a request by us, the users/potential customers, voicing what we want. We expect a company of OpenDNS caliber to handle such matters professionally, not with belligerent and a derisive attitude.

    0
    Comment actions Permalink
  • Avatar
    cobalt-phoenix

    "We expect a company of OpenDNS caliber to handle such matters professionally, not with belligerent and a derisive attitude."

    I should mention that I am user or client, not OpenDNS staff and not affiliated in any way with OpenDNS.  So, this "belligerent and a derisive attitude" was mine.  Thanks for the compliments...

    -1
    Comment actions Permalink
  • Avatar
    blahblahrepeat (Edited )

    Sorry to resurrect this thread, but just saying "it's implemented, buy a Netgear router" is not a helpful response to this question. Many people refuse to buy Netgear routers because they're not bad routers with poor performance and a number of security holes. Personally, I swore them off after the recent VPNFilter problems.

    Saying it's infeasible is also nonsense - there are many ways to provide this service, including providing very simple Mac/Windows/Linux clients, like OpenDNS has done for many of their services. Or a simple linux utility that could be installed on the majority of routers running dnsmasq/bind to flush the dns cache. Maybe it's not as user-friendly as a pure-cloud solution, but at least for people motivated enough to comment online, they're probably also motivated enough to install something, if that solves their problem.

    And as someone who has done a lot of what you're describing professionally wrt interacting with websites programmatically, I can very confidently say it's not a good solution. It's incredibly brittle and requires a lot of maintenance. A real API is always preferable, and it would make a lot of sense for a product like OpenDNS.

    1
    Comment actions Permalink

Please sign in to leave a comment.