Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 661
  • Last Modified:

Two DNS Servers - OpenDNs

Hi,

We have 5 computers in our office  and 1 server with AD.
All five computers are part of the domain.

Here is the situation.

We want to be able to block 3 of those computers using openDNS
then the other 2 computers we want to give them full access to any website.

We were thinking about setting up the AD server with openDNS
and setup a static DNS on the 3 workstations to point to the AD

Since we don't have another server. We were thinking about using our router as a DNS server fOr the other 2 wOrkstations, but then the server would not be able to communicate with those 2 computers and GP and other things would not work anymore.

What would we need to the setup on the router and the server, so everything can work properly?
0
Kaptain1
Asked:
Kaptain1
2 Solutions
 
arnoldCommented:
You could configure static allocation using IP reservation such that the three you do not want to access the internet, you would not set the default gateway.

Without a default gateway the three workstation can only access resources on the LAN and be accessed by resources on the LAN.
You could also use a GPO startup script that will use netsh to remove the default gateway.

Though I am unfamiliar with mDNS, but likely to impose restrictions, the three workstation will have to have a specific set of IP such that they can be denied query rights to anything other than the AD domain which mdns will forward to the AD DNS or have a copy if it is setup as a slave to the DNS zone on the AD server.
0
 
pwindellCommented:
There is only one right way to do this.  You have to use the Firewall to control where users can go.  What you are incorrectly calling a "router" is really a firewall.  What you can or cannot do with it depends on the device's abilities itself,...it will either do what you want,...or it won't.  This also implies that you will not be able to use DHCP on the LAN because in order for the access rules to work the workstations must always have the same IP#. That has to be done by either using DHCP Reservations or by just not using DHCP in the first place.

DNS
Machines on the LAN can only use the AD/DNS for their DNS.  They must never ever use anything else.    Do not allow users to be local Admins on their workstations and they will not be able to alter their TCP/IP specs from what you set.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now