Protecting Your Family Online Using DNS Filtering

Ideally, children’s online activities should be actively supervised by an adult, but the reality is you can’t be everywhere all the time. Each household has typically at least three Internet-connected devices, and kids have tablets and smartphones in their hand for hours. Schools are transitioning to online for assignments and handing in work. So how do you keep your child from accessing content that they shouldn’t, such as pornography, hate sites, sites that provide instructions how to build a bomb, sites that tell your child how to get high off of cough medicine, etc.

There are many software solutions out there, such as Net Nanny et. al, The problem is you have to install, configure, and manage software controls on your computers, your child’s Android phone, the family tablet. While that is doable, it is time-consuming to set up and to maintain; but you will likely find you can’t cover all the connected devices. For example, a hand-held gaming system like the Nintendo DS3 is Internet connected, and your child can install software like YouTube to access content. How do you control or protect against that?

The best approach is to centralize the controls at a single point — where all the connected devices get out to the public Internet. For most people, this will be a wireless router. This router is typically set up to hand out IP addresses and configuration to all the device in the home, and among those configuration bits is a setting called Domain Name Services (DNS) address(es). Put simply, when you access a site by its Internet name, such as, something called a DNS server has to translate that Internet name into an IP address.

The simplest and easiest way to prevent devices in your home from allowing people to connect to sites with adult or questionable content is to rig DNS to not allow translating those site names to IP addresses. Back in the day, to do this you had to setup your own DNS server then figure out how to rig it to exclude sites you disallow, and then you had to continually add sites to the list. A lot of work to do and to maintain.

These days there is a free service that does all this for you, called OpenDNS, which has recently been acquired by Cisco but continues to be a free service.  You simply reconfigure your router’s DHCP service to not give out your Internet Service Provider’s DNS address(es) and instead to give out the DNS address(es) for the DNS servers from OpenDNS.

The below link will take you to the OpenDNS site where you sign up for the free service called Family Shield. You set your router to hand out the DNS addresses that the site gives you, and that is it. The DNS servers are setup to block the sites that contain porn, illegal activities, etc. For most people this is all you need to do:

The default plan will block the most blatant things you don’t want your kids to access, such as porn and illegal activities, but perhaps you want to block sites having to do with hate, bomb building, or you don’t even want your kids on social media. You can create an account, which is still free, and then fine tune the settings for your household and specify exactly what you want to be blocked.

While customizing the settings can certainly allow you to block more, the blocking is all or none. Using the categories, you can block all of social media but that would include Facebook. If you want to block most but allow a few sites within that category, you use the feature to specify individual domains to either allow or deny.

Obviously, the more domains you add manually to either include or exclude, it can become unmanageable.

There are ways to circumvent DNS protection. Using DNS blocking, it would still be possible to view any site if your child knows, or can obtain, the IP address and use that address. This isn’t terribly hard to do, but isn’t something most kids will be able to do.

Another way to circumvent would be to change the network adapter settings to put in a DNS server other than the one your router is handing out. But under windows 7 and up, in order to do this the user would need to have administrative rights to the PC, and you should not be giving your kids admin rights to the PC.  There is no valid reason your kids need admin rights. Any game or software that needs it, shouldn’t be allowed. You should be installing and updating software.

Once you give admin rights to your kids, they will be able to circumvent any controls pout into place, and be able to download and install malware and spyware.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.