Provide different IPs for ISP networks running NAT with no access control

Comments

8 comments

  • Avatar
    mattwilson9090

    So basically you're asking for a set of DNS server addresses that do nothing but recursive DNS, but has absolutely no other OpenDNS features? Why not just use the DNS servers your ISP provides, since it would be doing the same thing at that point anyway?

    0
    Comment actions Permalink
  • Avatar
    dan

    Many ISPs, such as the one I've recently switched to, have terrible DNS,

    It depends whether OpenDNS want to provide DNS to us all.  I had to switch to Google DNS, I'd have preferred to stay with OpenDNS.   But yes, there are alternatives.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    OpenDNS can always be used without configuring an account, but if your ISP is NAT'ing your such that you shared your public IP address with other users you always run the risk of someone else configuring filtering settings. Even if not shared you also run the risk that way of "inheriting" OpenDNS settings for someone that had previously been using your public IP address but not updating their account.

    If you want to continue using OpenDNS, especially for filtering there are paid accounts that reduce or remove the need for IP address registration, or you can use something like a Netgear router with LPC.

    If you want to use a free DNS service with an ISP that is sharing public addresses with multiple customers you'll need to use something other than OpenDNS.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    The solution for using OpenDNS with a shared IP address is this:

    First of all, you cannot use some additional features of OpenDNS (configuring blocking by category or by individual domain names, stats and logs), but you still get the general default protection against phishing domains and some malware domains.

    You configure the normal OpenDNS resolver addresses on your side which can be 208.67.222.222, 208.67.220.220, 208.67.222.220, 208.67.220.222.
    You do not (and cannot) use the dashboard configuration items.

    If you want some basic (non-configurable) adult site and proxy/anonymizer prevention, use the FamilyShield addresses: 208.67.222.123, 208,67,220,123.

    Either way, report the shared IP address (range) to OpenDNS, and OpenDNS will ensure that these cannot be registered with any OpenDNS network, so that nobody is able to hi-jack this shared IP address for individual settings, thereby forcing others to use these settings.

    0
    Comment actions Permalink
  • Avatar
    Alexander Harrison

    We do block out known NATted ISP IP addresses to prevent runaway filtering. Can you please provide the IP range your ISP NATs so we can check into these IPs?

    0
    Comment actions Permalink
  • Avatar
    dan

    I don't see a way to private message you

    It's in support ticket #151033 , Alexander.

    If you can't access that. I'll post it

    Thanks

    0
    Comment actions Permalink
  • Avatar
    Alexander Harrison

    I've copied myself on case 151033 and will be able to see any reply you make to that case and will be notified upon your reply. 

    0
    Comment actions Permalink
  • Avatar
    dan

    Awesome, thanks!

    0
    Comment actions Permalink

Please sign in to leave a comment.