Typically, your ISP provides DNS services. In an ideal world, this would work well, as your ISP’s DNS server ought to be geographically close to your machine and should be able to perform look ups quickly. However, there are a number of reasons why you might want to use a public DNS server instead of your ISP’s server. The two big public DNS servers are OpenDNS and Google Public DNS.
The OpenDNS nameserver IP addresses are:
You can confirm that you are using OpenDNS as your DNS resolution service by visiting http://www.opendns.com/welcome/.
Google Public DNS
The Google Public DNS nameserver IP addresses are:
So which DNS servers are faster for you?
Try out namebench. It hunts down the fastest DNS servers available for your computer to use. (For Mac OS X, Windows, and UNIX.)
Using OpenDNS to filter (whitelist/blacklist) content
If you have an account with OpenDNS, you can whitelist and blacklist IP addresses. A free account allows you to whitelist or blacklist 25 addresses; paid accounts allow more.
- Create an account at OpenDNS.
- Set up a network for your physical location (your current IP address).
- Configure your machine to use the OpenDNS servers.
- Install the client software for updating a dynamic IP in an OpenDNS network – https://support.opendns.com/entries/23282614-Where-do-I-download-an-OpenDNS-Dynamic-IP-updater-client-.
- Windows 7 – https://store.opendns.com/setup/operatingsystem/windows-7
- Ubuntu – https://store.opendns.com/setup/operatingsystem/ubuntu
- Mac OS X – https://store.opendns.com/setup/operatingsystem/apple-osx-leopard
Technically more sophisticated users may discover that manually setting the DNS servers on a computer allows that computer to circumvent the OpenDNS filtering. To prevent a machine from bypassing the OpenDNS filtering, you could configure the DNS servers directly on the router and then block all outgoing DNS requests to all DNS servers except the OpenDNS servers.
OpenDNS system status
It’s a good idea to be able to check the condition of your DNS server.
Seriously restricting internet access
What I really want to do is severely restrict internet access on a single machine on my LAN. For this machine, I want to manage a small whitelist of domains and block access to everything else. OpenDNS doesn’t seem to offer this type of functionality.