OS Builder/Add OpenDNS Configuration: Difference between revisions
No edit summary |
|||
(4 intermediate revisions by 2 users not shown) | |||
Line 7: | Line 7: | ||
* Your school servers (if any) must have a common "base" to their FQDN. |
* Your school servers (if any) must have a common "base" to their FQDN. |
||
Steps |
'''Steps:''' |
||
* Create your OpenDNS account |
|||
* Configure your public DNS server |
|||
* Customize the script to your server and "base domain name" |
|||
* Create the OS image with the script |
|||
== Create your OpenDNS account == |
== Create your OpenDNS account == |
||
Line 57: | Line 52: | ||
fi |
fi |
||
If you do not have local School Servers, it is still recommended that you define a "base" domain name and configure it. This allows you to deploy School Servers later if desired. |
|||
== Create the OS image == |
== Create the OS image == |
||
Line 70: | Line 66: | ||
set -e |
set -e |
||
cat > "$ |
cat > "$INSTALL_ROOT/etc/NetworkManager/dispatcher.d/000-override-nameserver" <<'EOF' |
||
{ Here, place the content of the 001-nameserver-override script, |
{ Here, place the content of the 001-nameserver-override script, |
||
edited to have the correct configuration for your deployment. } |
edited to have the correct configuration for your deployment. } |
||
EOF |
EOF |
||
chmod 755 "$ |
chmod 755 "$INSTALL_ROOT/etc/NetworkManager/dispatcher.d/000-override-override" |
||
=Notes= |
|||
The configuration hereuses |
|||
=Alternative: Use OpenDNS "Nomad" service= |
=Alternative: Use OpenDNS "Nomad" service= |
Latest revision as of 22:40, 3 October 2011
Using OS Builder, you can install a script on the XO that will force DNS resolution through a DNS server that blocks servers with inappropriate content when users are connected via a conventional ISP outside of school. This complements a filtering solution applied on the School Server.
This has some pre-requisites:
- You must have one or two DNS servers with public IP addresses.
- Local ISPs must not block DNS traffic to other servers. In other words, they must allow connected clients to use an alternative DNS service.
- Your school servers (if any) must have a common "base" to their FQDN.
Steps:
Create your OpenDNS account
If you have not done so yet, create your OpenDNS account!
Configure your public DNS server
- Install one or more DNS servers with a public IP address. Make sure you can use that IP address for a long time -- if you later need to change the IP address of the DNS server it will be a major problem.
- Configure the DNS service (for example, BIND) to only be a "forwarder" -- serving no names of its own, only forwarding to the OpenDNS servers.
- Configure your OpenDNS account to associate the IP address of your DNS server to your account, so that any custom filtering options are applied to your traffic.
- Test that custom filtering options are working (for example, by temporarily blacklisting a given domain name for the test).
Customize script
Overview: The script gets called when Network Manager establishes a connection. It must determine whether we are in the school network (controlled by the XS) or not. If we are not in the school network, then it must force-apply the DNS server configuration, overwriting the configuration from NM (which in turn is usually obtained via DHCP).
The script must be stored at /etc/NetworkManager/dispatcher.d/000-override-nameserver
, and be executable.
#!/bin/sh # Copyright (C) 2010 One Laptop Per Child Association, Inc. # Licensed under the terms of the GNU GPL v2 or later; see COPYING for details. # Written by Martin Langhoff <martin@laptop.org> # REPLACE with the base domain for your servers basedomain="xs\.base\.domain\.tld" # REPLACE with IP addresses of your DNS servers PRIMARYDNS="208.67.222.222" SECONDARYDNS="208.67.220.220" if="$1" updown="$2" if [ "$updown" = "up" ]; then # # no confundirse con iparatodos como ISP if ! grep -q "^search [0-9]*\.$basedomain" /etc/resolv.conf; then # reemplazar resolv.conf echo "# Overwritten by 000-override-nameserver" > /etc/resolv.conf echo nameserver $PRIMARYDNS >> /etc/resolv.conf echo nameserver $SECONDARYDNS >> /etc/resolv.conf fi fi
If you do not have local School Servers, it is still recommended that you define a "base" domain name and configure it. This allows you to deploy School Servers later if desired.
Create the OS image
Use OS Builder's "custom_scripts" to install the above script into your OS image. In your olpc-os-builder configuration file, add a "custom_scripts" section, or add to the existing one...
[custom_scripts] custom_scripts1=/home/xobuilds/scripts/install-000-override-nameserver
And now create that installer script, which should look like:
#!/bin/sh set -e cat > "$INSTALL_ROOT/etc/NetworkManager/dispatcher.d/000-override-nameserver" <<'EOF' { Here, place the content of the 001-nameserver-override script, edited to have the correct configuration for your deployment. } EOF chmod 755 "$INSTALL_ROOT/etc/NetworkManager/dispatcher.d/000-override-override"
Alternative: Use OpenDNS "Nomad" service
See OpenDNS Nomad. This can potentially save you from the hassle of running your own forwarding DNS servers. Using the Nomad service requires
- prior arrangement with OpenDNS
- good local connectivity to the OpenDNS servers
- installing and configuring the client software
This alternative involves more work and will probably be significantly slower for deployments outside USA.