Home > Support > General Questions > What to expect with SentryDNS PRO
SentryDNS PRO is a comprehensive content filtering solution in that it addresses all avenues to Internet objectionable content.  To get the same level of content control you would need to run a server based solution like Smooth Wall, or do it yourself with DansGuardianThese solutions are not trivial to implement, or support.

Unlike the a for mentioned solutions SentryDNS PRO is fast, easy to setup, simple to operate, requires little to no ongoing maintenance, and yet provides a high level of Internet content protection. 
If you are a home or business, and want or need to take control over Internet content SentryDNS PRO is pound for pound the best solution on the market. 

We have worked hard to make SentryDNS PRO a seamless experience, and will continue to do so. 

That being said, we are adding a layer of fairly complex security to your Internet which will introduce a few issues you didn't have before, and these may or may not affect you. 

  1. Using Google
  2. Minor inconveniences:

That's about it.  If the above issues / inconveniences are something you can live with then SentryDNS PRO will serve you well. 





Please call 1-888-737-3018 for assistance.



















































Google services

In 2011 Google implemented an HTTPS policy on all their searches.  Reasons vary, but according to Google it was to protect your searches from prying eyes.  What it really does is prevent any advertiser but Google from seeing and monetizing your searches.  Also, this move by Google broke every Web content filtering solution on the planet.  After the change the only way to filter Google content, i.e. to enforce a kid safe Internet, was / is through SSL Interception, or their NoSSL solution.  We use the latter.

Therefore when using SentryDNS PRO Google search will work like it always did, but without HTTPS encryption.  This NoSSL solution affects Google searches only, all other Google sites and services will still be HTTPS. 

The following Google sites are problematic with SentryDNS PRO unless one of the listed solutions is implemented:

  • Google Drive
  • Google Calendar
  • Google Play
  • Google Talk
  • Google Wallet

One of the following solutions will make all issues with Google and SentryDNS PRO disappear:



Please call 888-727-3018 if you have any questions or concerns.


-Return-





















Google displays 'SSL Search is off'

No worries, just dismiss. Google.com is the same, only SSL has been disabled.



-Return-




Getting a captcha while using Google

Sometimes you are asked to enter a few character to continue using Google. 





We believe this happens because Google has detected an unusually large amount of search queries in a short amount of time from a single IP (SentryDNS server(s)) and may look like the work of a software program which triggers the CAPTCHA. 

NOTE:  We are working on getting our servers whitelisted with Google.

If you ever get one of these CAPTCHAs, you simply need to verify yourself by entering the characters to continue searching.



-Return-


























Options for large organizations:

All of our solutions involve deploying our Web Proxy Autodiscovery Protocol (WPAD) and there a few ways this can be done.  It's up to you to decide which one suits your needs, but essentially on Windows you want to set this registry entry:
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    • "AutoConfigURL"="http://wpad.surftightdns.com:8000/wpad.dat"

Deploy via Active Directory Group Policy

Deploy via DHCP


Deploy via log-in script

Additional Info:


Please call 888-727-3018 if you have any questions or concerns.




-Return-




Browsers:

Google Chrome and Mozilla's FireFox web browsers have Google.com set as the default search engine.  In addition they try to enforce Google's HTTPS which will not work with SentryDNS PRO.

If you want to use Google as the default search engine install one of our browser add-ons, and then Google will work fine.


-Return-




YouTube linked videos.

SentryDNS PRO turns YouTube's Safety to On, and keeps it on at all times.  YouTube safety mode cannot be disabled.

For the most part YouTube works great, but in some situations a web page will show a window with the following:



An example can be seen here, and www.minecraft.net.  The first page links to a YouTube video that will fail to load.  

SentryDNS has not blocked this video, and it can be seen here
The issue is when the video was embedded they used HTTPS://www.youtube.com instead of HTTP://www.youtube.com.  HTTPS prevents filtering, and this will not fly with SentryDNS PRO.

The solution(s):
  1. Go to YouTube and search for video directly
  2. View page source, and copy the YouTube video URL (it will be easy to find, just do a search for "youtube" and past it into your web browser - taking out the S in HTTPS:



-Return-

























































DHCP – Configuration for Proxy Auto discovery

(on a Microsoft DHCP server)

  1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
  2. In the console tree, right-click the applicable DHCP server, click Set Predefined Options, and then click Add.
  3. In Name, type WPAD.
  4. In Code, type 252.
  5. In Data type, select String, and then click OK.
  6. In String, type http://wpad.surftightdns.com:8000/wpad.dat
  7. Right-click Server options, and then click Configure options.
  8. Confirm that Option 252 is selected.

Note that this configuration requires you or your user to configure your browser to “Automatically Detect Settings”.  For Internet Explorer this can be automatically configured for all the users in an Active Directory domain via a Group Policy.  The same policy will be used by Google Chrome, which uses the Windows Internet Connection configuration.  Other browsers such as Opera, and Mozilla will have to be manually configured.


-Return-




Active Directory Group Policy

The Group Policy settings will apply to Internet Explorer, Chrome, and Safari. Third party tools may be required for Firefox to adopt these Group Policy settings.

  1. Open the Group Policy Object Editor.
  2. Expand the User Configuration > Windows Settings > Internet Explorer Maintenance tree.
  3. Open Connection and select Automatic Browser Configuration.
  4. Check Enable Automatic Configuration.
  5. Enter http://wpad.surftightdns.com:8000/wpad.dat in the Auto-proxy URL text box, click OK.



-Return-




Log-in script

  1. Export a .reg file and pull it from a network share:
    1. Open Regedit, and browse to HKEY Current User > Software > Microsoft > Windows > CurrentVersion > Internet Settings
      • Edit AutoConfigURL = http://wpad.surftightdns.com:8000/wpad.dat
    2. With edited AutoConfigURL highlighted (see example) go to File > Export
    3. Edit the .reg you just exported.  Keep the entire Internet Settings section, and delete the rest (see example)
    4. Put the .reg on a network share that Everyone has at least READ access to
    5. Add this line to your log-in script:  
      • %systemroot%\regedit.exe /s \\<your-server-name>\<your-hidden-share-name>\<your-registry-filename>.reg


-Return-





How to manually configure WPAD

Solution (5 min)

On each system experiencing this issue, do the following:

Apple OS X

  1. Open System Preferences
  2. Network
  3. Choose your active connection (it will be green)
  4. Choose Advanced
    • Choose Proxies
    • Check Automatic Proxy Configuration
    • Enter the following into the URL field: http://wpad.surftightdns.com:8000/wpad.dat

Microsoft Windows:

  1. Open Internet Explorer
  2. Tools
  3. Internet Options
  4. Connections
  5. Lan Settings
    • Check - Use automatic configuration script
      • Uncheck Automatically Detect Settings
    • Enter this URL: http://wpad.surftightdns.com:8000/wpad.dat

Apple iPhone / iPad

  1. Open Settings
  2. Wi-Fi
  3. Choose the blue arrow next to your Gatekeeper Wi-Fi network
    • Scroll to bottom and Choose Auto
    • Enter this URL: http://wpad.surftightdns.com:8000/wpad.dat

Android:

  1. Open Settings
  2. Wireless and Network
  3. Wi-Fi Settings
  4. Choose your Gatekeeper Wi-Fi

Google Chrome:  Chrome pulls the WPAD settings from the underlying Operating Systems.  Please see Apple OS X or Windows (above).

Firefox on Apple OSX:

  1. Firefox
  2. Preferences
  3. Network
  4. Settings
  5. Select --> Use System Proxy Settings:

Firefox on Windows:

  1. Tools
  2. Options
  3. Advanced
  4. Network
  5. Settings
  6. Select --> Use system proxy settings:

Opera (Windows)

  1. Open Opera.
  2. Click the Opera button.
  3. Click Settings > Preferencessection.
  4. Click Advanced, select Network, and click Proxy Servers.
  5. Select Use automatic proxy configuration.
  6. Enter the URL for the PAC file in the text box, click OK.

-Return to Top-




Google Talk Windows client will not connect

Please install the SentryDNS Agent to resolve.


-Return to Top-
































Registry



-Return-





Edit .reg file






-Return-




How to prevent DNS bypass with firewall rules.

To prevent DNS bypass you'll need to create at least two outbound firewall rules.  One for each of your DNS servers, and one to block everything else.  The final rule in the chain will be the block all.

So for this example we have a single internal DNS server that all the clients use.  We are going to prevent any IP but those of the DNS servers to submit DNS queries to the Internet.

RULE-1
PROTOCOL: UDP
PORT: 53
SOURCE:  [Internal DNS Server IP]
DESTINATION:  ANY IP / PORT 53
ACTION: ALLOW

NOTE:  Create a rule like this for each DNS server on your LAN.

RULE-2
PROTOCOL: UDP
PORT: 53
SOURCE:  ANY IP
DESTINATION:  ANY IP / PORT 53
ACTION: DENY

NOTE:  Place this rule after the allow rules.




- Return-