Solved

Two DNS Servers - OpenDNs

Posted on 2012-03-24
2
623 Views
Last Modified: 2012-03-29
Hi,

We have 5 computers in our office  and 1 server with AD.
All five computers are part of the domain.

Here is the situation.

We want to be able to block 3 of those computers using openDNS
then the other 2 computers we want to give them full access to any website.

We were thinking about setting up the AD server with openDNS
and setup a static DNS on the 3 workstations to point to the AD

Since we don't have another server. We were thinking about using our router as a DNS server fOr the other 2 wOrkstations, but then the server would not be able to communicate with those 2 computers and GP and other things would not work anymore.

What would we need to the setup on the router and the server, so everything can work properly?
0
Comment
Question by:Kaptain1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
arnold earned 250 total points
ID: 37763191
You could configure static allocation using IP reservation such that the three you do not want to access the internet, you would not set the default gateway.

Without a default gateway the three workstation can only access resources on the LAN and be accessed by resources on the LAN.
You could also use a GPO startup script that will use netsh to remove the default gateway.

Though I am unfamiliar with mDNS, but likely to impose restrictions, the three workstation will have to have a specific set of IP such that they can be denied query rights to anything other than the AD domain which mdns will forward to the AD DNS or have a copy if it is setup as a slave to the DNS zone on the AD server.
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 250 total points
ID: 37768409
There is only one right way to do this.  You have to use the Firewall to control where users can go.  What you are incorrectly calling a "router" is really a firewall.  What you can or cannot do with it depends on the device's abilities itself,...it will either do what you want,...or it won't.  This also implies that you will not be able to use DHCP on the LAN because in order for the access rules to work the workstations must always have the same IP#. That has to be done by either using DHCP Reservations or by just not using DHCP in the first place.

DNS
Machines on the LAN can only use the AD/DNS for their DNS.  They must never ever use anything else.    Do not allow users to be local Admins on their workstations and they will not be able to alter their TCP/IP specs from what you set.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question