Tell a Friend
Hall of Fame
Submit a new idea
Poll DNS log files to find source IP of a blocked request
781 days ago
I would like to have the ability to poll the DNS log files for a Blocked Request to see what the original requesting source IP address was. This would make it easier to track to the user that originated the request.
Who voted for this idea
779 days ago -
Are you asking for the non-routable IP address that is behind the NAT router or firewall? That kind of information is not passed to an external DNS server such as OpenDNS. When NAT receives the outbound DNS request, it sends it on to the DNS server, and makes an entry in it's internal database so that when the DNS request is returned it sends it on to the original requester.
In order to receive the internal IP address you'd need to have some sort of client running that sends the internal IP address and/or computer name of the originally requesting computer. It would also have to replace the original DNS client in order to keep the standard DNS request paired with the additional internal address information.
Further complicating this is the situation where there might also be an internal DNS server, such as you'd see with a Windows Active Directory server. The computer sends it's DNS request to the internal DNS server, and if that address isn't in it's own request, forwards it externally, in this case to OpenDNS. In that case, assuming this request was somehow implemented, the IP address that OpenDNS would receive would be the IP address of the internal server, not the computer making the request.
There are ways to get the information you're looking for, ie which computer attempted to connect to a particular location, but most of them rely on internal hardware or software. To have OpenDNS do it for you would require something that works differently from the standardized implementations we have for DNS and NAT.
779 days ago
You can assign a dynamic public IP to any computer behind your NAT router in most cases. Mattwilson9090's point about internal DNS still stands, but all you have to do if you use only external is:
1. Assign a dynamic public IP address to the computer you wish to monitor using OpenDNS
2. Setup a new network on OpenDNS, from the computer you just set up. Give the new network the settings you desire
3. Setup a dynamic IP address updater on the computer. If you want to monitor suspicious activity, set it up to run hidden
4. Setup that computer's DNS addresses for 22.214.171.124 and 126.96.36.199
Sign in to comment
Add category to blocked domains stats
View stats by Category blocked
A stat-free DNS for extra privacy
Track and report blocked sites loaded, not just DNS queries
Automatic upload IP adress
Category for Dynamic Host Names
MX Record Whitelist
Stats for categories and domains
Custom DNS Records
DNSCrypt for Tablets
Website Malware Detection and ...
Create template for filters
We like stickers!
DNSCrypt for Android
Configuration / Get Started