Community discussions

 
RackKing
Member Candidate
Member Candidate
Topic Author
Posts: 285
Joined: Wed Oct 09, 2013 1:59 pm

Family network OpenDNS strategy - any ideas?

Thu Dec 10, 2015 5:33 am

Hi,

I have setup some address lists - regular vs family. I have setup rules rules to send family to open dns and regular to google.

The issue is I have to manually add "family" users. This is a PITA.

I have also setup some a Family wirelss vlan that uses OpenDNS - but the VLAN prohibits other things like - printing, Sonos, Airpaly, etc.....

Does anyone have a strategy or process of to send family (primarily wireless) hosts to OpenDNS and yet retain access to the local/regular network assets?

I am looking for a magic bullet here I think....

Thanks in advance.
 
User avatar
nickshore
Member
Member
Posts: 473
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: Family network OpenDNS strategy - any ideas?

Thu Dec 10, 2015 1:22 pm

Set OpenDNS IPs in IP -> DNS servers

Use a dstnat chain rule, protocol udp, dst port 53, with action redirect

This grabs all dns traffic and forces it via the mikrotik, then you can still use static entries for local machines

Use an address list to bypass the redirect, for unfiltered machines, you can populate this by adding the address list on static dhcp leases.

Nick
Nick Shore MTCNA MTCWE MTCRE MTCINE MTCTCE
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/brand/mikrotik
Official UK MikroTik Distributor
IRC chan: #routerboard on irc.z.je (IPv4 and IPv6)
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Family network OpenDNS strategy - any ideas?

Thu Dec 10, 2015 4:17 pm

try static DNS override to overlap/gap some of openDNS resources to you Private resources.
similarly - you can blackhole unsolicited advertisements by DNS. - write script that download host file from lowe website, parse it, import it and write as localhost override. no pesky advertisements Anymore !! same about malware(just add malware and malvertisement host file subscriptions too. you can download them manually or simply export from things like ublock("3rd-party" subscriptions can come handy sometimes ;)

Who is online

Users browsing this forum: MSN [Bot] and 88 guests