Manually Add DNS Entries
To add the ability for the user to manually enter a DNS entry in OpenDNS for their own use (like what is done in a hosts file on a computer to add a manual DNS entry). this would allow user specific DNS resolution for each user.
Some use case scenarios:
1- Some ISPs have their own websites (like portals to check usage) that have their addresses mapped through their own DNS servers and resolve to an ISP specific IP address. When changing the default ISP DNS server to OpenDNS, those sites are no longer accessible except through their IP addresses.
2- When using a home server behind a NAT firewall/router, it would be useful for the user to manually add an entry for the private IP of the server so they access it with with the same name they use from outside the house but connect to it via its private IP address, which makes data transfers much faster, instead of going through the public IP and the NAT. (eg. ownCloud server).
3- Creating an easy to remember domain for an IP that is used much but not registered on public/dynamic DNS. (eg. router.com would direct to 192.168.1.1, or printer would redirect to 192.168.1.50)
-
OpenDNS is a recursive DNS service, and entering something into a recursive DNS service which is not covered by an authoritative DNS service will never happen. It would break any internet standards, internet user expectations, safety and security. Such a feature would be a paradise for criminals too...
To resolve your own network world, you have three options:
- Run an own (mixed recursive and authoritative) DNS server where you can add fake and real zones as you want.
- Register the domain/zone you want to add entries for, and manage its DNS records yourself on its authoritative nameservers.
- And as you said, the local hosts file is another option, easily and almost available.
Regarding your use case scenarios:
- As quick and simple solution a hosts file entry is indicated, or an own DNS server. The second option from above isn't possible.
- This is technically impossible anyway. Private IP addresses are not routable over the public internet. Instead you have to configure port forwarding on the router, and then you can access your network with your public IP address which again can be associated with any available hostname.
- Pretty clear that this can be used from within your LAN only, never from outside. This is a case for my option 2, registering the domain if not already taken. (Clearly, router.com has been taken already.) Therefore you can register any other available domain, and use subdomains from it for your purpose. Assigning private IP addresses to public hostnames can be done, although not recommended due to possible DNS rebinding and other attacks. Options 1 + 3 are valid too for this scenario, especially for a hostname "printer" which cannot be publicly registered. But all has to happen on the authoritative side of DNS.
-
Thanks for your reply. the word recursive closed the door completely :)
As for my use cases, I just want to comment:
1- I just found that my ISP's portal can be found through other DNS's (it's portals.mada.jo, it resolves to 172.16.192.45 which is clearly only accessible through the ISP's link, but I was able to resolve it on another ISP's DNS, and even on http://www.dnsqueries.com).. So I think there this can be solved through OpenDNS for my case at least. Should I open a ticket?
2- I already have that setup at home, where I have a dynamic DNS name resolving to my public IP, which forwards ports to the server's priv. IP.. but when I'm @ home, I set the wireless router's ip as the primary DNS server and I set my public domain in it so it resolves the same dynamic DNS name to the private IP when am at home giving me better speeds..
3- I agree I only intend to use it from the LAN...
-
"it resolves to 172.16.192.45 which is clearly only accessible through the ISP's link, but I was able to resolve it on another ISP's DNS"
Sure, as I said above, hostnames can resolve to private IP addresses. But name resolution is not the issue. Traffic cannot be routed over the public internet. What would be the use of name resolution if you can't establish connections? A ticket would not help here either.
"I set the wireless router's ip as the primary DNS server and I set my public domain in it so it resolves the same dynamic DNS name to the private IP when am at home giving me better speeds.."
Yes, sure, for LAN connectivity only. Nothing for OpenDNS. OpenDNS is not a dynamic DNS hosting provider or such.
-
OpenDNS provides content filtering, yet it does not filter search results from Google. The Google images returned can be quite explicit even though OpenDNS would filter the sites which Google is displaying images from.
Google's answer to this is to add a DNS entry to force Google to use its safe search feature.
If you cannot or will not allow us to make custom DNS entries for our network on OpenDNS, please add a feature to the GUI that will force Google searches to the safe search site.
-
"Google's answer to this is to add a DNS entry"
Correct. This is something you do only with an authoritative DNS (hosting) service, never with a recursive DNS service like OpenDNS. You're on the wrong page.
See also https://support.opendns.com/hc/en-us/articles/227986807
"If you cannot or will not"
Your message will hardly be seen by OpenDNS staff, but only by us other users in this community forum. If you want to talk to staff, you "Submit a request", see the link above.
Please sign in to leave a comment.
Comments
5 comments