Print

Print


Craig.   OpenDNS just changed their website, and while I cannot find where
it says anything about " limitation on the number daily dns queriers" on the
website.  It would not surprise me if it was one of those details you don't
know until you call.    Which would really suck because OpenDNS makes a
great backup content filter.

Paul where did you get that detail from?



*Bjorn Behrendt*
[log in to unmask]
AskBj.net ~ Professional development webinars
(802) 772-0003
Google Apps For Education Certified Trainer
IT Coordinator for Mount St. Jospeh Academy



On Thu, Aug 4, 2011 at 4:03 PM, Craig Lyndes @ wcvt.com <[log in to unmask]>wrote:

> Paul,
>
> I'm puzzled.  I've been using the free version at 2 schools for a while
> now.  Other than having more than 50 white/black list URLs and keeping the
> statistics for more than 2 weeks, I didn't know there was any difference
> between the enterprise and the free.
>
> I find that having the adults and students have to use the same filters
> makes everyone more aware of the decisions to block and what people are
> being kept away from. Eat your own dog food.
>
> OpenDNS is effective as a safety net to keep kids from accidentally
> stumbling on inappropriate web sites.
>
> Craig Lyndes
>
> > I talked with OpenDNS today and got a guestimate of what it would cost
> to implement it in our district.
> >
> > "Thanks for the time just now.  Below is our cost for 1 school and for 7.
> >  In addition to the annual prices below – we do offer 10% off on 2 year
> > term
> > and 20% off on a 3 year.  Also a demo link for you to watch:
> > http://www.opendns.com/support/videos/enterprise
> >
> > *1 School:  $2500/year*
> > *7 Schools:  $4300/year*"
> >
> > Bjorn is right, one of the key problems (for me) would be reporting.  I
> need
> > the ability to follow a trail of destruction.
> >
> > Sounds like they offer it free for home users, but it had a limitation
> on the number daily dns queriers that could take place.
> >
> > Paul Wood
> > P. 802-382-1720
> > [log in to unmask]
> > Systems Administrator, ACSU
> >
> > ♻ Please consider the environment before printing this email. ♻
> WARNING: This message may contain information that is confidential
> and/or protected under the Family Education Rights and Privacy Act or
> other lawfully recognized privilege. If you receive this message in
> error or through inappropriate means, please reply to this message to
> notify the Sender that the message was received by you in error, and
> then permanently delete this message from all storage media, without
> forwarding or retaining
> > a copy.
> >
> >
> >
> > On Thu, Aug 4, 2011 at 9:05 AM, Bjorn Behrendt
> > <[log in to unmask]>wrote:
> >
> >> Opendns is free and exreamly easy to set up because it is a cloud based
> solution.  Basically you point your external DNS forwarders to opendns
> instead of comcast (no servers needed).  Every device then gets
> filtered.
> >> The downfall is that being an external it has no way to provide
> reporting at
> >> the computer level or set up different policies for teachers and
> students.
> >> They have a paid version that might do this but I never looked into it.
> >>
> >> At MSJ we have lightspeedsystems because it does both antivirus and
> contentfiltering and soon it will be my firwall/router.
> >>
> >> Even with lightspeedsystems I do have open DNS also running but it is
> only
> >> set up to block the really bad stuff.
> >>
> >> Sue if you need help let me know.  (802) 770-0003
> >>
> >> Bjorn Behrendt (from Android)
> >> On Aug 4, 2011 8:54 AM, "Paul Wood" <[log in to unmask]> wrote:
> >> > Are you using it as a filter? I don't know, I haven't used this
> method before.
> >> >
> >> > I assume you're talking about (http://www.opendns.com/school).
> Ideally
> >> this
> >> > would provide the best method, because you wouldn't then need to proxy
> >> SSL.
> >> >
> >> > If you do travel down this road, I'd like to know if it worked well.
> >> >
> >> > I don't remember if it was this listserv, but I recall seeing a
> recent discussion on OpenDNS being used as a filter.
> >> >
> >> > “He who breaks a thing to find out what it is, has left the path of
> >> wisdom.”
> >> >
> >> >
> >> > Paul Wood
> >> > P. 802-382-1720
> >> > [log in to unmask]
> >> > Systems Administrator, ACSU
> >> >
> >> > ♻ Please consider the environment before printing this email. ♻
> WARNING: This message may contain information that is confidential
> >> and/or
> >> > protected under the Family Education Rights and Privacy Act or other
> lawfully recognized privilege. If you receive this message in error
> or through inappropriate means, please reply to this message to
> notify
> >> the
> >> > Sender that the message was received by you in error, and then
> >> permanently
> >> > delete this message from all storage media, without forwarding or
> >> retaining
> >> > a copy.
> >> >
> >> >
> >> >
> >> > On Wed, Aug 3, 2011 at 9:37 AM, Susan Briere <[log in to unmask]>
> >> wrote:
> >> >
> >> >> Thanks for the reply, Paul. What do you think of OpenDNS as an
> >> option?
> >> >>
> >> >> Susan
> >> >>
> >> >>
> >> >> On Tue, Aug 2, 2011 at 2:48 PM, Paul Wood <
> [log in to unmask]
> >> >wrote:
> >> >>
> >> >>> You can't, not unless you man in the middle it. In this case there
> will actually be two ssl sessions going on. One between the proxy
> >> server
> >> >>> and say gmail and the other between the client and the proxy server.
> >> >>>
> >> >>> If you used a self signed certificate it would prompt the user, but
> >> you
> >> >>> could get a cert from GoDaddy.
> >> >>>
> >> >>>
> >> >>> Paul Wood
> >> >>> P. 802-382-1720
> >> >>> [log in to unmask]
> >> >>> Systems Administrator, ACSU
> >> >>>
> >> >>> ♻ Please consider the environment before printing this email. ♻
> WARNING: This message may contain information that is confidential
> >> and/or
> >> >>> protected under the Family Education Rights and Privacy Act or
> other lawfully recognized privilege. If you receive this message in
> error
> >> or
> >> >>> through inappropriate means, please reply to this message to notify
> >> the
> >> >>> Sender that the message was received by you in error, and then
> >> permanently
> >> >>> delete this message from all storage media, without forwarding or
> >> retaining
> >> >>> a copy.
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>> On Tue, Aug 2, 2011 at 2:24 PM, Susan Briere <[log in to unmask]>
> >> wrote:
> >> >>>
> >> >>>> Currently have a CentOS 5.2 server running DansGuardian. The server
> >> has
> >> >>>> one network interface. Added a rule to IPTables to redirect all
> >> Port
> >> 80
> >> >>>> traffic to 8080 and Dans' passes it on to Squid and it works great.
> >> Not sure
> >> >>>> how to handle SSL traffic on port 443, though. It's getting
> >> dropped. I
> >> >>>> understand that I can't redirect port 443 as it could technically
> >> act
> >> as a
> >> >>>> man-in-the-middle, which would not be kosher. Are there any
> >> reasonably
> >> >>>> straight-forward solutions that would allow the SSL traffic to
> >> proceed?
> >> >>>>
> >> >>>> I know there are more involved solutions, as well as more
> expensive solutions, but this is what we have for now. Hoping for
> a sweet workaround...
> >> >>>>
> >> >>>> Thanks much, Susan Briere
> >> >>>> Technical Support, RNESU
> >> >>>>
> >> >>>
> >> >>>
> >> >>
> >>
> >
>