Internet filtering

OpenDNS screenshot121.36 KB

The OPLIN Board has negotiated a contract with OpenDNS to set up a statewide Internet content filtering system that will be available to all public libraries. OPLIN is charged by the Ohio Legislature " help local libraries use filters to screen out obscene and illegal internet materials." For many years, OPLIN fulfilled this requirement by distributing individual grants to libraries, but the earmarked funds were never enough to provide assistance to more than about 40-50 library systems. Clearly, a "central" filtering system available to all libraries would be better.

After several unsuccessful tests over the years, OPLIN finally identified OpenDNS as a filtering solution which can effectively provide content filtering for all Ohio public libraries, while still allowing each library to have complete control over how, or if, the filter is to be used in their library system. (See the screenshot attached to this page for an idea of some of the options which libraries can control.)

If you have questions about our free, statewide filtering, please contact

Service objectives:

  • Incident Response: OPLIN staff will respond within one hour to malfunctions of the Internet filtering during regular business hours Monday through Friday from 8:00 a.m. to 5:00 p.m., excluding State of Ohio holidays. Contact us through the OPLIN Support site.
  • Incident Resolution: OPLIN staff will attempt to resolve every Internet filtering malfunction within 4 business hours of Incident Response.

More technical information:

Rather than filtering content using a proxy based or span port appliance, OpenDNS is a filtered Domain Name Server (DNS) service. You set up an account and associate IP address blocks with said account, and then you can control what types of content you want your users to see much like a traditional content filter. For any request to access a website that falls outside what you deem appropriate, OpenDNS returns the IP of one of their block servers, instead of the IP for the real web server. The block can be bypassed on a per session basis by inputing a ticket code you create in the web admin interface. This ticket creates a cookie in the user's browser, which the block server detects and proxies the user to the content. Unless a ticket code is in use, the user is never proxied, so there is no worry of interfering with IP authenticated resources. There are also quite a few other options for how you can specify which machines are held to which rules.

In addition, since OpenDNS does not have to handle the actual traffic after the initial DNS request, you do not have to worry about bottlenecks like you would with an appliance. Add to that the only thing you need to do to achieve redundancy is use the state's DNS server as your tertiary forwarder.

See our Steps for obtaining an OPLIN-paid OpenDNS Enterprise account document for more information.

Steps for obtaining an OPLIN-paid OpenDNS Enterprise account

  1. Send an email to stating that you would like to participate, along with the contact information for the person to whom we should email the account login details.
  2. The contact's account will be set to an administrator level for your library account. This user will have the ability to send out additional invitations to other staff members, and also elevate them to administrator status.

From now on, your library is in complete control of your OpenDNS account and will not need to contact OPLIN unless you need assistance.

OpenDNS first steps

Step 1: Add your first network

OpenDNS uses the term "network" to describe either a single IP address, or multiple IPs to which you can assign filtering rules. Before you can select any filters you have to create a network.

  1. Login to OpenDNS (
  2. Click "Dashboard"
  3. Click "Settings"
  4. Enter your outbound IP into the boxes provided. We recommend to only do a single IP, rather than your entire network block. This way you can easily have different rule sets for different IPs. A quick way to find out what IP you're currently using is with a website like
  5. Select the library account from the "Organization" drop down
  6. Click "Add this network"
  7. OpenDNS will send you an email in which you'll need to click on a link while coming from the IP you're registering.

Step 2: Set rules for your new network

Now that you've created a network you can modify its settings.

  1. Login to OpenDNS (
  2. Click "Dashboard"
  3. Click "Settings"
  4. Select your newly added IP from the large drop down box in the middle/top of the screen

You'll be presented with the settings page for that network. All the options are presented in a traditional web form layout and have a lot of helpful hints on the same page. We recommend clicking around the option categories to see what's available. At this point the service still isn't live on your network, so you can't hurt anything.

Step 3: Going live

The final step is to use the OpenDNS name servers on your network. The IPs for those servers are and If you want to test out the service before making it live on the entire network, you can always change the DNS servers on just your workstation to those two IPs and verify the filtering is working as you want it to. If you're ready to make filtering live, the place to use those two IPs will vary depending on how your network is currently configured.

  • If you statically define every workstation with its DNS settings (ex. the state DNS servers at then you would need to change every workstation to use these two new IPs. You can leave the state IPs in, but they have to come after the two OpenDNS IPs.
  • If your workstations point to a local device for DNS (ex. a firewall/router/ActiveDirectory server) then the place you would use the two OpenDNS IPs would be in the forwarders settings of that device. Changing the IPs on a top level device like this will make filtering live for every workstation pointing to said device.


None yet. Ask us a question at