Friday, April 24, 2009

Using OpenDNS with Windows Home Server

2987251461_42cd5d626c_o[1]

 

 

I recently started using OpenDNS on my networks, because I like to track DNS stats, and prevent bad sites from resolving.  OpenDNS has cataloged over 5 million sites into buckets, and you can either block a specific site, like limeware.com, or block a group of sites, like “P2P file sharing” sites.  I also love that you can add and customize multiple networks, so I can have my grandfather’s network more locked down than my site.

Once I made this adjustment on my network, I noticed that my Home Server stopped responding to the home server client when I wanted to connect to the server.  It showed the error:

This computer cannot connect to your home server. Check your network connection and make sure your home server is powered on. If your home server has recently restarted, try again in a few minutes.

The problem is that the router is passing every name resolution to the DNS servers.  With normal DNS servers, they ignore single hosts such as “SERVER”.  With Open DNS, they go ahead and slap the ISPs domain name on it and resolve it for you (e.g. SERVER.comcast.net), and of course your console wouldn’t connect to that.

You can simply work around this issue by making your internal LAN a “VPN” network.  The OpenDNS community asked the question, which pointed me OpenDNS KB Article.  The steps are simple:

  1. On your client computer, run ipconfig /all, and copy down the domain name
  2. Sign in to your Open DNS account.
  3. Add a network, if you haven't already.
  4. Go to the Settings tab.
  5. Click Advanced Settings.
  6. Click Manage under Manage VPN Exceptions in the Domain Typos section.
  7. Add your internal domain(s) to this list, which was copied down in the first step
  8. Wait 3 minutes (worst case) and all should be well.

That’s all there is to it.  Home Server starts acting like a Home Server again.


4 comments:

Bill ... again said...

Another great and helpful post, Sean!! I, too, have recently discovered OpenDNS, and after building a Windows 7 RC laptop, couldn't get to http://connect. Because of your post, I'm now in!

Two questions:
One: Do I need to setup my SBS2008 IP settings this way as well?

Two: WRT OpenDNS: where do you set those DNS servers? I've got my router (Endian Firewall) pointing to the OpenDNS server IPs; then I have my SBS2008 static IP settings pointing to the router for DNS, and have my clients pointing to my SBS server for DNS. Is that correct?

Sean Daniel said...

Hey Bill,

If you have a dynamic IP on the WAN side, you'll need to install their service so they know you're you!

What I would do is set up your clients to talk to SBS DNS (this is by default if you use our DHCP server), and then change the DNS Forwarders in the SBS DNS server to OpenDNS.

No need to touch the router at all with SBS.

Bill ... again said...

Thanks Sean! This was part of a bigger problem I was having with DHCP / DNS. The Fix My Network Wizard truly DID fix my network (imagine that!), and then after setting the DNS Forwarders in SBS to OpenDNS (and spending hours researching why I should use root hints instead...only to find that really it's ok to use forwarders!) my clients started working again via DHCP.

Whew!

Of course, 15 minutes later when they stopped working *again* I managed to find the one port in my switch that was going wonky and unplugged it. :-)

Thanks again for the great information!

Sean Daniel said...

That's what Fix My Network wizard is designed for. I wrote you back but your spam filter told me I couldn't email you.

oh well.