- 694
- Votes
It would be great to be able to configure OpenDNS to block *all* websites (except OpenDNS itself and related sites) except for those specifically entered on the network's OpenDNS whitelist.
46 Comments
46 Comments
Who voted for this idea
- severud
- camintmier
- Alejandro Casidsid
- ab-imports
- Chris
- dauphin
- srieman
- rafaelharari
- filter
- foxtyke
- ataub2qf
- tricky
- os2mac
- war59312
- finkregh
- jshier
- Scott
- willwill
- jasonward
- evil-dragon
- schale01
- Randy
- Eric Gillette
- john.welter
- K
- mkearl
- tetak
- jon335
- Paul
- mtdanielson
- Alex
- Michael
- hroo772
- airboss
- adbrem
- fmoses
- Ulrich
- t3hub3rk1tten
- tjg50311
- ddean
- epiccitizen
- morriswireless
- bluenova
- alphageek
- lordfunkey
- dest
- brentj84062
- Johan
- bonomel
- pauljcg
Comments
you can only whitelist 25 sites right now...so that is a problem.
i already have more than 25 sites that i want to whitelist right now, but i cant.
You could do that easily from your firewall. I've seen Linksys and D-Link routers that would do that, and I'm assuming Netgear would, too. If you are a commercial entity, a SonicWall TZ series firewall could do this easily for you.
written by quarterlife 329 days ago
Rating: 0
| Rate Comment:
Leibtek, most router firmwares are terrible.
Switch over to DD-WRT or Tomato and you'll get a whitelist.
written by cafecorali 600 days ago
Rating: 2
| Rate Comment:
This request is like the golden rule for a firewall. Block everything and add rules of what you want to allow only.
It would be preferable to have a "Whitelist categories" similar to blacklist categories. Then lists like government, education, Educational Institutions, health, etc, could be in both categories and could be selected separately depending on the organization.
Then a simple check to "block all others" would be great to implement. That way OpenDNS would actually receive more hits on their advertising pages because more people woud likely hit the blocked sites, and get the OpenDNS page with the OpenDNS advertising.
I've already signed up for several of the advertised products because they seem to be relevant - how cool is that?
I work for a consulting company and I have multiple client companies setup to use OpenDNS and each one's needs are different from schools to governments to manufacturing to businesses.
Increasing the number of manually added whitelisted sites, blacklisted sites, and giving us the option to upload multiple site names at a time would be very helpful.
-j
I really like this idea. I think it can still be freely implemented considering there would still be the restriction of a maximum of 25 whitelisted domains, which would be incentive for people to upgrade.
Great Idea!!!
I currently have a customer that allows specific websites only access to all machines using the iBoss.
http://www.myiboss.com/iBossHomePC-hardware-1.html
This would be a great feature to implement with Open DNS.
Looking forward to the implementation of this idea.
Just a little note here, if you do the above suggested workaround, where you block all categories and use the whitelist, you need to whitelist block.opendns.com to allow the blocked page warning, otherwise it'll just time out.
And I agree that the 25 site whitelist is a great strategy.
As a multi site admin an "ALLOW ONLY" list is a perfect solution.
Block all domains except whatever I whitelist. if you had the option of allowing users to "request" that the site be added to the whitelist that would also be great.
As for paying for the service. No problem, the savings in employee productivity and my time in trying out figure out where they are going would more than make up for it.
I have every category blocked, but users still find small sites to waste their time on.
"As a multi site admin an "ALLOW ONLY" list is a perfect solution. "
Can I have your job please? I'm only a hobbyist, but I can at least configure a firewall.
"I have every category blocked, but users still find small sites to waste their time on."
You are not using OpenDNS for its intended usage. Learn2Firewall. KTHXBAI.
written by radiantpower 492 days ago
Rating: 2
| Rate Comment:
Jayv2010, I feel your pain! The security mantra of "only what's needed" access would be a terrific advancement for openDNS, and IMHO it would provide $$$ returns in productivity, less bandwidth required, etc. You hit the nail right on the head. Let's hope it happens... :)
This feature should be a pay-only feature, for lazy admins that don't know how to configure firewalls for whitelist, even though such things are point-and-click easy these days.
Lazy admins that do not want to learn should feel at least a /little/ pain for their willful ignorance.
Here's a point-and-click interface for firewalls. Simple and to the point.
http://www.linux.com/articles/113904
written by hilltop.net 451 days ago
Rating: 0
| Rate Comment:
Ok, so I have to tell my customers to go buy a bunch of new expensive firewall devices, when they are currently using $50 Linksys routers connected to their DSL lines? For only 3-5 users per location, a I don't think my customers will be able to justify enterprise-grade firewall devices, or even a PC to act as a firewall running Linux.
In my opinion, the DNS solution is more appropriate for small deployments.
written by hilltop.net 451 days ago
Rating: 3
| Rate Comment:
Hi, I agree that this is a very useful feature! And it could be implemented as another Checkbox in the [] called "Uncategorized". The whole problem is that some sites have not yet been categorized, so they slip through. For example, I get a lot of spam viruses: "You have a greeting card, click here to read it." and they use lots of different domain names to link to their virus file. It would be physically impossible to categorize all these.
Simply add another step in the progression of testing for permissibility:
if (site not listed in any category)
{
Categorize site in "uncategorized" category.
}
if (user blocked the "uncategorized" category)
{
Redirect to block warning
}
Seems like very simple addition to the current system, but then I'm no DNS expert.
Anyway, please add this if at all possible! Thank you!
This feature would be a logical off shoot of the content filter already in place. And it would make OpenDNS a complete replacement for a variety of solutions.
Finance is my main limitation. I work for an educational institution in a south pacific country where internet charges are very high. I am forced to limit their internet access to only specific domains to keep our bills down.
I just recently started using the opendns service and have found it very useful except it doesnt offer this feature of block ALL and allow WHITELIST. This will then allow much finer grade control.
I was running smoothwall and a squid/squidguard content control. However, I switched to opendns because I could remote control and monitor it and its just easier to use. I don't mind paying a little bit for opendns services, it would still be cheaper then our internet bills.
written by pdekker1971 355 days ago
Rating: 2
| Rate Comment:
I Would just like the feature to block all untagged domains and allow whitelist + allowed tagged categories
I would love this feature as well. I could setup a firewall to do it, but my current wireless router doesn't support a "allow only" concept. It would be great if we could get this provided by OpenDNS's servers and not have to worry about which router you have and it's limited capabilities.
Whitelists are the only way to really stop the ever-ballooning rubbish bin we call the Internet (adult sites, malicious sites, etc.) There is no way that OpenDNS, OpenDNS users, or St. Bernard can keep up the tagging and blocking. At any given moment, even with the most conservative blocking, there will always be hundreds if not thousands of adult websites available for viewing. Whitelist only is a great idea.
written by jumperinthedoor 246 days ago
Rating: 1
| Rate Comment:
I agree. It takes too long for the crawling/categorizing process. A new malware hosting domain can come online and serve malware for days or weeks until it gets tagged or categorized. I would like to see a whitelist by category feature to fill this gap.
written by Marius Gologan 279 days ago
Rating: 1
| Rate Comment:
The idea is a good one, but can't be make it for reasons like resource consumption and other production reasons.
Most of you are IT personnel; you shall see the big picture here:
What about the email routing if you are using OpenDNS white list only? You shall consider using other DNS server for this.
What about IP requests?
When you receive dangerous emails with phishing, spam, virus links (http://IP_address/) your equipment will not send the request to OpenDNS to be checked against any list. It might be a solution here too, but requires heavy work and resources (time, money and manpower). Google Chrome has one of the biggest opportunities here and is not seeing it.
Don’t think if you are using OpenDNS or any other quite brilliant and simple idea, your job as IT staff is done by itself, because is very wrong. There are thousands (at least) of malicious IPs, domains and links which are activated daily. Nobody and nothing can act proactively here. You know them when they act in a dangerous way against you(r network). After this point you are clear to take defensive action.
This idea can be implemented at user-side. There exist a free plug-in for IE at http://www.parentapproval.com/ Their idea seems to be too specific for Phishing-protection, by not allowing outbound data to a website if it is not on white-list. So I found it better than creating a huge database of website; such as by ironport and opendns's own phistank.
i would certainly agree with the folks who would want the whitelist and blacklist quota increased... i hope in future updates of OpenDNS. thanks thanks... keep up the good work OpenDNS people. :)
Great Idea, i hope that it gets implemented
i want EVERY site blocked. the only white list site should be www.opendns.com just to make changes. nothing else...other than the sites that the admin adds to the white list.
also, i am willing to pay for this. i am sure many business owners are.
written by yasutaka.ito 109 days ago
Rating: 0
| Rate Comment:
Yes, add this please to the current OpenDNS functionality, out of the box.
It is a good idea, except you can already do this through group policy.
User configuration > Internet explorer maintenance > Connection
written by geeksonwheels 56 days ago
Rating: 0
| Rate Comment:
This is feature is exactly what several of my clients are looking for, and they wouldn't mind paying a small subscription for it either. Please impliment a "Block All" option!
I am presently deploying Untangle firewalls to accomplish this (untanlge.com), although OpenDNS would make this much easier and cheaper to deliver to clients.
written by rasmith721 46 days ago
Rating: 0
| Rate Comment:
Should be a great feature for blocking all but a couple sites at small retail stores. I think the pay for service should allow more than 25 sites and have a standardized way to automate the upload of the whitelist from an application. Then our POS system can maintain the list similar to maintaining the DynDNS IP address.
This is currently available on Deluxe and Enterprise plans. See http://www.opendns.com/start/ for more information.
Sign in to comment or register here.
We're focused on adding more free services, like Domain Tagging.
An "allow only" option would be a for-pay service...not a focus at this point. Our new content filtering options (look at Category Blocking in your Dashboard) deliver much of what you want already.