Additional OpenDNS intergration
-
I would love to see further integration with OpenDNS.
There is a need for a Dynamic DNS service with them to keep the network (Dynamic IP) updated when using their Family Shield or Home services.
-
OpenDNS is in the list of dynamic DNS services already. What exactly is it that is needed extra, or does not work?
-
The two free products at the below link…
https://www.opendns.com/home-internet-security/
I think the current OpenDNS is for Dynamic DNS only, not for these specifically.
I believe there is an API for it.
Thanks
Ragen -
Like what? Configure it via their website and set up the firewall to force OpenDNS DNS servers to be used (DHCP server, firewall rules, NAT + forwarder, or whatever…)
-
The OpenDNS Family Shield product uses 2 different DNS server addresses that automagically do not translate "bad" names of sites that are in the "bad things for families" categories. If you want this "standard" behavior then just use those DNS servers in pfSense (and have users on your LAN using pfSense as their DNS server). If you want to stop people on the LAN from manually setting their DNS server on their client system, then put block rules on LAN to stop packets going out to other DNS servers.
The OpenDNS Home product means you have to create an account, then update your IP address for the account as it changes. You should already be able to do that with a pfSense Dynamic DNS entry for OpenDNS.
Note: Side-issue - these days ISPs have a load of home users hidden behind a single public IP address. If more than 1 of those is using OpenDNS Home, then there will be multiple people trying to set their OpenDNS account to the same public IP. If all the people concerned happened to use the same filtering options, that could work. But if they use different filtering options, then there is no way for OpenDNS Home to know which user the request comes from, and so it cannot know which filtering to apply.
-
The OpenDNS Home product means you have to create an account, then update your IP address for the account as it changes. You should already be able to do that with a pfSense Dynamic DNS entry for OpenDNS.
Setting my DHCP server up for my family is the easy part. I was thinking there may need to be more integration for the IP address to be updated automatically specifically for the home product.
Thanks for y'alls input!
-
The credentials for the account I created for OpenDNS Home is working in the OpenDNS Dynamic IP Service.
Sweet!
Additional integration isn't necessary. :)
-
Can PFBlockerNG DNSBL be used in conjunction with OpenDNS? I realize this may be a little redundant as OpenDNS does much of what PFBlocker does but I like the multiple layers of protection and additional customization of PFBlocker.
I used the guide below to get OpenDNS setup and it indicates that DNS Resolver must be disabled. And if I understand correctly the DNS Resolver is required for PFBlocker to work.
https://forum.pfsense.org/index.php?topic=112288.0
DNS Resolver & Forwarder
Once you completed the above process, you need to disable DNS Resolver and enable DNS Forwarder.
(I am not sure if DNS Resolver can be configured with OpenDNS, I tried to configure it but no luck. With DNS Forwarder, everything work well. Maybe someone can help out to explaining it WHY)
To do this, you need to go to Services > DNS Resolver > Enable: (Unchecked)
After that, Go to Services > DNS Forwarder > Enable: Checked
Interfaces: All
Click SaveAny help appreciated!
-
Can PFBlockerNG DNSBL be used in conjunction with OpenDNS? I realize this may be a little redundant as OpenDNS does much of what PFBlocker does but I like the multiple layers of protection and additional customization of PFBlocker.
I used the guide below to get OpenDNS setup and it indicates that DNS Resolver must be disabled. And if I understand correctly the DNS Resolver is required for PFBlocker to work.
https://forum.pfsense.org/index.php?topic=112288.0
DNS Resolver & Forwarder
Once you completed the above process, you need to disable DNS Resolver and enable DNS Forwarder.
(I am not sure if DNS Resolver can be configured with OpenDNS, I tried to configure it but no luck. With DNS Forwarder, everything work well. Maybe someone can help out to explaining it WHY)
To do this, you need to go to Services > DNS Resolver > Enable: (Unchecked)
After that, Go to Services > DNS Forwarder > Enable: Checked
Interfaces: All
Click SaveAny help appreciated!
The DNS Resolver (Unbound) can be enabled in Resolver or Forwarder mode. Don't confuse that with the DNS Forwarder (DNSMasq).
So you can check the DNS forwarder option in the Resolver. And add the OpenDNS servers to the pfSense General tab settings to utilize both DNSBL and OpenDNS.
