Solved

Two DNS Servers - OpenDNs

Posted on 2012-03-24
2
613 Views
Last Modified: 2012-03-29
Hi,

We have 5 computers in our office  and 1 server with AD.
All five computers are part of the domain.

Here is the situation.

We want to be able to block 3 of those computers using openDNS
then the other 2 computers we want to give them full access to any website.

We were thinking about setting up the AD server with openDNS
and setup a static DNS on the 3 workstations to point to the AD

Since we don't have another server. We were thinking about using our router as a DNS server fOr the other 2 wOrkstations, but then the server would not be able to communicate with those 2 computers and GP and other things would not work anymore.

What would we need to the setup on the router and the server, so everything can work properly?
0
Comment
Question by:Kaptain1
2 Comments
 
LVL 77

Accepted Solution

by:
arnold earned 250 total points
ID: 37763191
You could configure static allocation using IP reservation such that the three you do not want to access the internet, you would not set the default gateway.

Without a default gateway the three workstation can only access resources on the LAN and be accessed by resources on the LAN.
You could also use a GPO startup script that will use netsh to remove the default gateway.

Though I am unfamiliar with mDNS, but likely to impose restrictions, the three workstation will have to have a specific set of IP such that they can be denied query rights to anything other than the AD domain which mdns will forward to the AD DNS or have a copy if it is setup as a slave to the DNS zone on the AD server.
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 250 total points
ID: 37768409
There is only one right way to do this.  You have to use the Firewall to control where users can go.  What you are incorrectly calling a "router" is really a firewall.  What you can or cannot do with it depends on the device's abilities itself,...it will either do what you want,...or it won't.  This also implies that you will not be able to use DHCP on the LAN because in order for the access rules to work the workstations must always have the same IP#. That has to be done by either using DHCP Reservations or by just not using DHCP in the first place.

DNS
Machines on the LAN can only use the AD/DNS for their DNS.  They must never ever use anything else.    Do not allow users to be local Admins on their workstations and they will not be able to alter their TCP/IP specs from what you set.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now