Solved

Two DNS Servers - OpenDNs

Posted on 2012-03-24
2
619 Views
Last Modified: 2012-03-29
Hi,

We have 5 computers in our office  and 1 server with AD.
All five computers are part of the domain.

Here is the situation.

We want to be able to block 3 of those computers using openDNS
then the other 2 computers we want to give them full access to any website.

We were thinking about setting up the AD server with openDNS
and setup a static DNS on the 3 workstations to point to the AD

Since we don't have another server. We were thinking about using our router as a DNS server fOr the other 2 wOrkstations, but then the server would not be able to communicate with those 2 computers and GP and other things would not work anymore.

What would we need to the setup on the router and the server, so everything can work properly?
0
Comment
Question by:Kaptain1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 78

Accepted Solution

by:
arnold earned 250 total points
ID: 37763191
You could configure static allocation using IP reservation such that the three you do not want to access the internet, you would not set the default gateway.

Without a default gateway the three workstation can only access resources on the LAN and be accessed by resources on the LAN.
You could also use a GPO startup script that will use netsh to remove the default gateway.

Though I am unfamiliar with mDNS, but likely to impose restrictions, the three workstation will have to have a specific set of IP such that they can be denied query rights to anything other than the AD domain which mdns will forward to the AD DNS or have a copy if it is setup as a slave to the DNS zone on the AD server.
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 250 total points
ID: 37768409
There is only one right way to do this.  You have to use the Firewall to control where users can go.  What you are incorrectly calling a "router" is really a firewall.  What you can or cannot do with it depends on the device's abilities itself,...it will either do what you want,...or it won't.  This also implies that you will not be able to use DHCP on the LAN because in order for the access rules to work the workstations must always have the same IP#. That has to be done by either using DHCP Reservations or by just not using DHCP in the first place.

DNS
Machines on the LAN can only use the AD/DNS for their DNS.  They must never ever use anything else.    Do not allow users to be local Admins on their workstations and they will not be able to alter their TCP/IP specs from what you set.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question