Can you block all search engines but still allow access to drive.google.com?
I do not want my children to have access to any search engines. Therefore, I have them blocked on my home network via OpenDNS. My son, however, needs to access drive.google.com for school. I can't figure out any way to allow him to access this service without also making Google search accessible. It seems like it's either all or none as far as domains go. Is there something I'm missing?
-
You are somehow right. Google does not really separate things by different domain names. However, I have tried with Google Drive to see what domains are looked up, and it may work if you added the following to your "never block" list:
drive.google.com
clients1.google.com (clients.l.google.com)
accounts.google.com (accounts.l.google.com)
ssl.gstatic.com
accounts.youtube.com
accounts-cctld.l.google.com
googleusercontent.com
docs.google.com
apis.google.com (plus.l.google.com)The ones in brackets are the real names for the aliases which may or may not be added. Try without them first.
-
I've been trying to figure this problem out for some time without success. I just attempted rotblitz' suggestion, and still cannot access google drive when using OpenDNS on specific devices. Using a Windows 7 computer, I am able to access google drive. However, on WinXP machines I cannot get to google drive. I use Chrome on all devices. I clear caches and cookies, restart, and do anything else I can think of to try and get a good baseline for why this happens. In WinXP Chrome will cross out the "https" in the omnibox, and then give me the typical warning about this not being the site I was looking for.
Any additional suggestions?
-
"Using a Windows 7 computer, I am able to access google drive. However, on WinXP machines I cannot get to google drive."
Oops, all of this doesn't sound good. One of your computers may be configured to circumvent OpenDNS. Check their DNS and network settings. E.g. your Win7 machine may use IPv6 connectivity, hereby circumventing OpenDNS, whereas your WinXP machine may use IPv4 only, as usual by default for XP. Or your Win7 machine may have non-OpenDNS resolvers configured, without or in addition of using OpenDNS.
"Any additional suggestions?"
Yes, if you use content filtering, disable IPv6 connectivity. This does not work properly yet. Then you will be unable to access Google Drive on Win7 too, at this point. At least you get now consistent results across machines. A good starting point to sort out the rest...
Further, you'll need to install a DNS query sniffer like http://www.nirsoft.net/utils/dns_query_sniffer.html to see what Google Drive related domains are looked up, but return an OpenDNS address 67.215.65.* (may be different in your area) due to blocking. Then you must whitelist also these domain names.
-
rotblitz, thank you for the speedy feedback. I do need to rectify one bit of info. I have two routers, one for the kids, and one for the parents. The kiddie router utilizes OpenDNS. When testing I connect to their router to see if things are still being filtered, or to troubleshoot such things as denied access to Google Drive. I did the IPv6 for the Win7 machine and didn't see a change in access. Conversely, I added IPv6 to the WinXP machine to see if I could get around my issue. No success their either.
I have run DNSquerysniffer on both XP and Win7 machines to catalog the DNS host names, and to white list those that returned the OpenDNS address you indicated. There appeared to be 2 or 3 that I had not yet whitelisted, and so I added them to the whitelist. Currently with Win7 machine sees no change in access and the XP machine takes for-ev-er to resolve, but never gets to Google Drive, and just hangs. The whitelisted domains still resolve to the 67.215.65.* - not sure if that matters, but thought I would share.
I have the following whitelisted (except for ubi.com and netflix.com, everything else is purposed in the hope of getting to google drive):
NEVER BLOCK:0.drive.google.com accounts-cctld.l.google.com accounts.google.com accounts.youtube.com apis.google.com clients1.google.com docs.google.com drive.google.com googleusercontent.com gstatic.com netflix.com plus.google.com ssl.gstatic.com talk.google.com talkx.l.google.com ubi.com us.ubi.com -
HA! Victory! I use this Netgear POS for the other router. After going through the OpenDNS website to configure this router and whitelist all the above domains it now works. Conflicting policies between my router and my OpenDNS policy. I also apologize for the heinous typos in my previous post. I made myself cringe.
-
Some entries are redundant. E.g. drive.google.com covers this and all subdomains like 0.drive.google.com, and ubi.com covers this and all subdomains like us.ubi.com.
Also not sure what "Netgear POS" is. Did you mean LPC (Live Parental Control)? This has a different dashboard at netgear.opendns.com and should not be mixed with the normal dashboard.opendns.com. Best is to use pure Netgear with LPC and create bypass accounts for it, and totally get rid of the "normal" OpenDNS network by deleting it, so that your IP address is no longer registered at OpenDNS..
-
You can do this by blocking the Search Engines category to block google.com as well as other search engines, and then allow:
drive.google.com
accounts.google.com
l.google.com
docs.google.com
clients1.google.comYou can also accomplish this by adding www.google.com to the block list (not google.com, it must have the www.!) and allowing the above domains.
Instructions for adding domains to domain lists are available from https://support.opendns.com/entries/34435010-Getting-Started-Blocking-Allowing-Specific-Domains-with-Whitelist-Blacklist.
-
Follow the guidance in rotblitz last post above, " i.e. you look what domains are needed to load and operate Google Calendar and add those to your whitelist. What else?"
What you are asking for is a specific combination of things, wanting to block the search engine category but still selectively allow some google services on an iPhone, which more than likely uses different domains than if you were accessing them via a website and as such none of the users who follow this forum may be need that exact combination of things. It's likely that you'll need to spend some time looking in your logs and stats in order to figure out what additional domains you'll need to whitelist.
-
No, this would not be a valid and viable option. Google and the likes change their DNS configuration so much often that OpenDNS would not be able to keep up with Google's changes, and you came then back again to complain that your "gmail button" doesn't work as expected. :(
Therefore it's easier to let you complain because of the non-existent button.And you missed the point: Google hosts their search engine and their mail service on the same domains, or at least both services share many domain names, and therefore it is not easily possible to separate the services by domain names. But this is the only thing a DNS service like OpenDNS could cope with. If Google hosted their services on different specific domains, there wouldn't be a problem at all. So your way to go is to refer to Google, requesting to separate their services to specific domains.
-
I found what appears to be a definitive answer for getting Google docs to work. I will try it tonight and see if my daughter's Chromebook can access her school stuff and will report back if I can find this thread again.
https://support.google.com/chrome/a/answer/6334001?hl=en&ref_topic=3504941
Please sign in to leave a comment.
Comments
15 comments