Need access to a domain controller without using normal DHCP and DNS.
Hi, I have a client (School) where we have DNS running though OpenDNS to provide content filtering. Works great for that. We have all of the social media and more blocked. The problem is that I have a few users (teachers, administrators) where they need access to social media and other blocked sites. This is on a domain so DNS requests go first to the domain controller and are forwarded to the gateway.
In the past on windows 7 boxes, I was able to set the local computer on a fixed ip address and change the DNS to point to one of the outside servers like 1.1.1.1 or 8.8.8.8. I would set the hosts file to point to the server and the lmhosts file to identify the domain. (at least I think that's how it worked.)
On windows 10 pro, this doesn't seem to work. I have configured it the same way but in this configuration, it's not seeing the domain controller so it won't authenticate the username / password so access to server resources is not available. Is there a better configuration scheme that I can use to accomplish seeing the domain controller for authentication and resources as well as setting access to bypass the openDNS in the router?
Thanks in advance for the assist with this.
Regards,
Bill
In the past on windows 7 boxes, I was able to set the local computer on a fixed ip address and change the DNS to point to one of the outside servers like 1.1.1.1 or 8.8.8.8. I would set the hosts file to point to the server and the lmhosts file to identify the domain. (at least I think that's how it worked.)
On windows 10 pro, this doesn't seem to work. I have configured it the same way but in this configuration, it's not seeing the domain controller so it won't authenticate the username / password so access to server resources is not available. Is there a better configuration scheme that I can use to accomplish seeing the domain controller for authentication and resources as well as setting access to bypass the openDNS in the router?
Thanks in advance for the assist with this.
Regards,
Bill
Contact OpenDNS support, because you're not doing it right. OpenDNS fully supports AD environments.
I believe they use a virtual appliance as an internal DNS proxy. Requests for AD resources go to your domain, and internet queries go to OpenDNS. This allows tracking and filtering based on internal IP, AD username, etc.
I believe they use a virtual appliance as an internal DNS proxy. Requests for AD resources go to your domain, and internet queries go to OpenDNS. This allows tracking and filtering based on internal IP, AD username, etc.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you be more specific? What do you mean by "brute forced?"
If you need to allow select users to access sites, I would suggest you have the wrong solution in place (if they don't have a specific way to allow exceptions). I would either: set up a pair DNS servers with a DIFFERENT forwarder that provides accurate AD lookups and when accessing external sites, uses a different DNS forwarder (this likely means FOUR internal DNS servers; 2 that forward to OpenDNS for most people that blocks social media and 2 that use a different forwarding provider like Quad9) OR I'd use a router/UTM based web filter - Untangle has a great one that should integrate to Active Directory and allow selected users to bypass the filter when configured properly.