Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Two DNS Servers - OpenDNs

Posted on 2012-03-24
2
Medium Priority
?
625 Views
Last Modified: 2012-03-29
Hi,

We have 5 computers in our office  and 1 server with AD.
All five computers are part of the domain.

Here is the situation.

We want to be able to block 3 of those computers using openDNS
then the other 2 computers we want to give them full access to any website.

We were thinking about setting up the AD server with openDNS
and setup a static DNS on the 3 workstations to point to the AD

Since we don't have another server. We were thinking about using our router as a DNS server fOr the other 2 wOrkstations, but then the server would not be able to communicate with those 2 computers and GP and other things would not work anymore.

What would we need to the setup on the router and the server, so everything can work properly?
0
Comment
Question by:Kaptain1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
arnold earned 1000 total points
ID: 37763191
You could configure static allocation using IP reservation such that the three you do not want to access the internet, you would not set the default gateway.

Without a default gateway the three workstation can only access resources on the LAN and be accessed by resources on the LAN.
You could also use a GPO startup script that will use netsh to remove the default gateway.

Though I am unfamiliar with mDNS, but likely to impose restrictions, the three workstation will have to have a specific set of IP such that they can be denied query rights to anything other than the AD domain which mdns will forward to the AD DNS or have a copy if it is setup as a slave to the DNS zone on the AD server.
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 1000 total points
ID: 37768409
There is only one right way to do this.  You have to use the Firewall to control where users can go.  What you are incorrectly calling a "router" is really a firewall.  What you can or cannot do with it depends on the device's abilities itself,...it will either do what you want,...or it won't.  This also implies that you will not be able to use DHCP on the LAN because in order for the access rules to work the workstations must always have the same IP#. That has to be done by either using DHCP Reservations or by just not using DHCP in the first place.

DNS
Machines on the LAN can only use the AD/DNS for their DNS.  They must never ever use anything else.    Do not allow users to be local Admins on their workstations and they will not be able to alter their TCP/IP specs from what you set.
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question