Can you block all search engines but still allow access to drive.google.com?

Comments

15 comments

  • Avatar
    rotblitz

    You are somehow right. Google does not really separate things by different domain names. However, I have tried with Google Drive to see what domains are looked up, and it may work if you added the following to your "never block" list:

    drive.google.com
    clients1.google.com     (clients.l.google.com)
    accounts.google.com   (accounts.l.google.com)
    ssl.gstatic.com
    accounts.youtube.com
    accounts-cctld.l.google.com
    googleusercontent.com
    docs.google.com
    apis.google.com      (plus.l.google.com)

    The ones in brackets are the real names for  the aliases which may or may not be added.  Try without them first.

  • Avatar
    talonius

    I've been trying to figure this problem out for some time without success.  I just attempted rotblitz' suggestion, and still cannot access google drive when using OpenDNS on specific devices.  Using a Windows 7 computer, I am able to access google drive.  However, on WinXP machines I cannot get to google drive.  I use  Chrome on all devices.  I clear caches and cookies, restart, and do anything else I can think of to try and get a good baseline for why this happens.  In WinXP Chrome will cross out the "https" in the omnibox, and then give me the typical warning about this not being the site I was looking for.

    Any additional suggestions?

  • Avatar
    rotblitz

    "Using a Windows 7 computer, I am able to access google drive.  However, on WinXP machines I cannot get to google drive."

    Oops, all of this doesn't sound good. One of your computers may be configured to circumvent OpenDNS. Check their DNS and network settings. E.g. your Win7 machine may use IPv6 connectivity, hereby circumventing OpenDNS, whereas your WinXP machine may use IPv4 only, as usual by default for XP. Or your Win7 machine may have non-OpenDNS resolvers configured, without or in addition of using OpenDNS.

    "Any additional suggestions?"

    Yes, if you use content filtering, disable IPv6 connectivity. This does not work properly yet. Then you will be unable to access Google Drive on Win7 too, at this point. At least you get now consistent results across machines. A good starting point to sort out the rest...

    Further, you'll need to install a DNS query sniffer like http://www.nirsoft.net/utils/dns_query_sniffer.html to see what Google Drive related domains are looked up, but return an OpenDNS address 67.215.65.* (may be different in your area) due to blocking. Then you must whitelist also these domain names.

  • Avatar
    talonius

    rotblitz, thank you for the speedy feedback.  I do need to rectify one bit of info.  I have two routers, one for the kids, and one for the parents.  The kiddie router utilizes OpenDNS.  When testing I connect to their router to see if things are still being filtered, or to troubleshoot such things as denied access to Google Drive.  I did the IPv6 for the Win7 machine and didn't see a change in access.  Conversely, I added IPv6 to the WinXP machine to see if I could get around my issue.  No success their either.

    I have run DNSquerysniffer on both XP and Win7 machines to catalog the DNS host names, and to white list those that returned the OpenDNS address you indicated.  There appeared to be 2 or 3 that I had not yet whitelisted, and so I added them to the whitelist.  Currently with Win7 machine sees no change in access and the XP machine takes for-ev-er to resolve, but never gets to Google Drive, and just hangs.  The whitelisted domains still resolve to the 67.215.65.* - not sure if that matters, but thought I would share.

    I have the following whitelisted (except for ubi.com and netflix.com, everything else is purposed in the hope of getting to google drive):

    NEVER BLOCK:
    0.drive.google.com
    accounts-cctld.l.google.com
    accounts.google.com
    accounts.youtube.com
    apis.google.com
    clients1.google.com
    docs.google.com
    drive.google.com
    googleusercontent.com
    gstatic.com
    netflix.com
    plus.google.com
    ssl.gstatic.com
    talk.google.com
    talkx.l.google.com
    ubi.com
    us.ubi.com
  • Avatar
    talonius

    HA! Victory!  I use this Netgear POS for the other router.  After going through the OpenDNS website to configure this router and whitelist all the above domains it now works.  Conflicting policies between my router and my OpenDNS policy.  I also apologize for the heinous typos in my previous post.  I made myself cringe.

  • Avatar
    rotblitz

    Some entries are redundant. E.g. drive.google.com covers this and all subdomains like 0.drive.google.com, and ubi.com covers this and all subdomains like us.ubi.com.

    Also not sure what "Netgear POS" is. Did you mean LPC (Live Parental Control)? This has a different dashboard at netgear.opendns.com and should not be mixed with the normal dashboard.opendns.com. Best is to use pure Netgear with LPC and create bypass accounts for it, and totally get rid of the "normal" OpenDNS network by deleting it, so that your IP address is no longer registered at OpenDNS..

  • Avatar
    talonius

    Um... POS was a derogatory term.  I apologize for that.  I did use LPC to add the whitelisted domains.  And that solved the problem.  Thanks for the help and the recommendations.

  • Avatar
    ecaschool

    Hi. I have followed this post to see what I can do. I need to close google search engine but enable just calendar. Any suggestions?

  • Avatar
    rotblitz

    You do the same steps for Google calendar as others have done for Google drive above, i.e. you look what domains are needed to load and operate Google Calendar and add those to your whitelist.  What else?

  • Avatar
    Alexander Harrison

    You can do this by blocking the Search Engines category to block google.com as well as other search engines, and then allow:

    drive.google.com
    accounts.google.com
    l.google.com
    docs.google.com
    clients1.google.com

    You can also accomplish this by adding www.google.com to the block list (not google.com, it must have the www.!) and allowing the above domains.

    Instructions for adding domains to domain lists are available from https://support.opendns.com/entries/34435010-Getting-Started-Blocking-Allowing-Specific-Domains-with-Whitelist-Blacklist.

  • Avatar
    nwdns15

    Does anyone know how to also get the Google Calendar app to work on the iPhone, with all the OpenDNS settings listed above?  I can get everything to work except that, when my phone calendar is working off my google calendar.

  • Avatar
    mattwilson9090

    Follow the guidance in rotblitz last post above, " i.e. you look what domains are needed to load and operate Google Calendar and add those to your whitelist.  What else?"

    What you are asking for is a specific combination of things, wanting to block the search engine category but still selectively allow some google services on an iPhone, which more than likely uses different domains than if you were accessing them via a website and as such none of the users who follow this forum may be need that exact combination of things. It's likely that you'll need to spend some time looking in your logs and stats in order to figure out what additional domains you'll need to whitelist.

  • Avatar
    achiang0228

    Since accessing sites like gmail or google drive are so common, can openDNS make this easier (e.g. single allow gmail button), rather than having to enter all these domains into the whitelist? 

  • Avatar
    rotblitz

    No, this would not be a valid and viable option.  Google and the likes change their DNS configuration so much often that OpenDNS would not be able to keep up with Google's changes, and you came then back again to complain that your "gmail button" doesn't work as expected. :(
    Therefore it's easier to let you complain because of the non-existent button.

    And you missed the point: Google hosts their search engine and their mail service on the same domains, or at least both services share many domain names, and therefore it is not easily possible to separate the services by domain names.  But this is the only thing a DNS service like OpenDNS could cope with.  If Google hosted their services on different specific domains, there wouldn't be a problem at all.  So your way to go is to refer to Google, requesting to separate their services to specific domains.

  • Avatar
    raffy.rigney
    I found what appears to be a definitive answer for getting Google docs to work. I will try it tonight and see if my daughter's Chromebook can access her school stuff and will report back if I can find this thread again.
    https://support.google.com/chrome/a/answer/6334001?hl=en&ref_topic=3504941

Please sign in to leave a comment.