Currently we filter internet content using OpenDNS, our internal Windows DC/DNS servers point to the router's DNS, which then points to the OpenDNS servers. This works well to block all computer's on the network equally.
New issue. We now need to separate what computers can go to what sites. So facebook is blocked for everyone right now, but I need to open it up to the 3 community computers now.
The 3 community computers will be on an untrusted network seperate from the company computers so they can have their own DNS server, from their own router. The issue is though they still must connect to the internet using the same IP address. So OpenDNS sees the same IP and blocks them the same way. We are looking into getting a second IP, but it's not likely an option without going up to the next major level with our ISP which we don't want to do.
My thought is this. Can I setup a DNS server on the untrusted network, and then depending on the request that comes in, have it send it to either OpenDNS or our ISP's DNS?
Example www.facebook.com and www.youtube.com are both on the OpenDNS blacklist.
So if they go to www.youtube.com, the local DNS server goes to the ISP's DNS to get the IP and thus the client gets the right IP and can go to the site. This would be manually entered for each allowed site thus creating a white list.
Then if they go to www.facebook.com, since the local DNS server does not find an entry, it sends the request to OpenDNS, which then sees the site is on the blacklist, and thus sends the it's blocked webpage.
The local DNS server can be either Bind on Linux or MS DNS on Window 2008. If this can be done, can you give some direction as well as I've never setup a DNS such as this before.
Thanks
