Allow use of blacklists in whitelist only mode

Comments

4 comments

  • Avatar
    rotblitz

    If you're a home user, you had to go for OpenDNS VIP, else you had to chose from one of the business versions.

    OpenDNS certainly will not give away paid options for free.

    0
    Comment actions Permalink
  • Avatar
    munrom

    Rotblitz, I don't know why you think I'm not a paying customer. I'm the administrator for a College network and we are a paying customer. You can not use a blacklist of domains when you have a policy in whitelist mode. This means I can not have a whitelist policy that allows Google Mail that also blocks the embedded chat feature as the URL to do so is a subdomain,

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I don't know why you think I'm not a paying customer."

    Did I say this?  I can't see where I did, and I really didn't think about anything in this context.  And you didn't mention what service this is for.
    Honestly, I thought you're requesting a whitelist-only mode possibly for the free service.

    And yes, if you have whitelist-only mode enabled, your blacklist doesn't take effect.  I understand now what you mean, and it makes sense.

    Temporary workarounds would include (given that you run an institutional network):

    1. Either add this line to the local hosts file (maybe as AD policy):   0.0.0.0  chatenabled.mail.google.com
    2. Or configure your local DNS server with chatenabled.mail.google.com as a local domain, pointing it to Nirvana or to hit-block.opendns.com
    3. Or configure your proxy server (which you may operate) to block chatenabled.mail.google.com
    4. Or introduce an AD policy for the browsers being used to block chatenabled.mail.google.com
    0
    Comment actions Permalink
  • Avatar
    Alexander Harrison

    There is unfortunately no way to blacklist a subdomain of a domain that is whitelisted. For example, if mail.google.com is whitelisted, this whitelists *.mail.google.com and this will automatically include chatenabled.mail.google.com. Whitelist only can be considered a blacklist entry for every single domain that exists is implied, and the whitelist overrides the domains added to it. 

    There is no way to whitelist *.mail.google.com with the entry mail.google.com and also block chatenabled.mail.google.com with OpenDNS at this time. 

    0
    Comment actions Permalink

Please sign in to leave a comment.