Protect Your Network With OpenDNS FamilyShield
There are a number of reasons why someone would want to enable content filtering on their home network. Most don't know where to start or use software that may not exactly address their need.
I personally use and recommend OpenDNS FamilyShield. It's free, it's relatively easy to use, and best of all, when installed correctly, it protects all the devices connected to your network.
To start, you'll need a little background information:
I won't go into all the detail, but let me brief you on the process: When you type a URL into your browser, www.google.com, your computer sends a request to a DNS server (typically provided by your Internet Service Provider) to translate that web address into an IP address. Your computer then retrieves the web page from that IP address to display in your browser.
FamilyShield does things slightly differently: You type a URL into your browser (for follow a link or redirect), your computer sends a request to a pre-configured DNS server (OpenDNS FamilyShield). Their server checks the domain against their database to see if it belongs to a category that is blocked. If it doesn't, then the IP address is returned and your computer retrieves the web page from the IP address to display in your browser as it does normally. If the category is blocked, then the IP address of an OpenDNS webpage displaying that the domain is blocked is returned:
Consider this: A content filter based on key words evaluates websites on the fly. Before handing of the web page to your browser it checks for keywords, porn for example. If the site has the word porn anywhere on it, it's blocked. That would include the page you are reading now. This would be a false positive and word based filters really struggle with this. Far better to use categories and rely on the contributions of millions to provide accurate categorization.
208.67.222.123
208.67.220.123
Now when each of your devices connect to your router and get their own internal IP address (DHCP and home networking is somewhat beyond the scope of this article) they will now use the DNS servers you've specified.
Now, OpenDNS has instructions on a number of routers, but most can be access by opening your browser to http://192.168.1.1 or http://192.168.0.1 depending on brand.
Login with your router's password. If you've never done so, chances are its set to the default (a really bad idea) and you can find it with a quick google search on your router model.
Once in, look for a menu for DHCP Server Setting, set the DNS Server IP addresses to 208.67.222.123 and 208.67.220.123. Click save and as each of your devices renew their IP information (you can accelerate this process by restarting most devices). That's it. Your computers, laptops, gaming systems, wifi connected phones, ipods, etc. are now all protected with FamilyShield as long as they are connected to your network.
Set your ipv6 DNS Servers to ::1 and :: respectively. These are your localhost (loopback) and unspecified ipv6 addresses. They will cause ipv6 DNS inquiries to fail, allowing DNS inquiries to resolve over ipv4. You could also just disable ipv6, but that is a little more complicated. Neither is a great solution, but it will work as a stopgap till OpenDNS is ipv6 compatible.
I personally use FamilyShield DNS addresses at my router and set my ipv6 DNS servers to ::1 and :: manually at each computer. Most mobile devices don't appear to support ipv6 just yet.
*Text for the categories comes directly from OpenDNS. Specific categories blocked by FamilyShield were provided in a service ticket I opened with OpenDNS.
I personally use and recommend OpenDNS FamilyShield. It's free, it's relatively easy to use, and best of all, when installed correctly, it protects all the devices connected to your network.
To start, you'll need a little background information:
DNS
DNS stands for Domain Name System - think of it as a phonebook for the internet. People understand web site addresses or URLs such as www.google.com. Computers understand IP addresses such as 74.125.224.33. DNS translates web site addresses (www.google.com) into IP addresses (74.125.224.33).I won't go into all the detail, but let me brief you on the process: When you type a URL into your browser, www.google.com, your computer sends a request to a DNS server (typically provided by your Internet Service Provider) to translate that web address into an IP address. Your computer then retrieves the web page from that IP address to display in your browser.
FamilyShield does things slightly differently: You type a URL into your browser (for follow a link or redirect), your computer sends a request to a pre-configured DNS server (OpenDNS FamilyShield). Their server checks the domain against their database to see if it belongs to a category that is blocked. If it doesn't, then the IP address is returned and your computer retrieves the web page from the IP address to display in your browser as it does normally. If the category is blocked, then the IP address of an OpenDNS webpage displaying that the domain is blocked is returned:
Blocked Categories
The pre-configured DNS servers at OpenDNS for FamilyShield block the following categories by default:- Pornography
- Anything relating to pornography, including mild depiction, soft pornography or hard-core pornography.
- Sexuality
- Sites that provide information, images or implications of bondage, sadism, masochism, fetish, beating, body piercing or self-mutilation. This category is not intended for LGBT related sites that do not fall under the aforementioned criteria.
- Tasteless
- Sites that contain information on such subjects as mutilation, torture, horror, or the grotesque. Includes Pro-Anorexia and Pro-Suicide related sites.
- Proxy/Anonymizer
- Sites providing proxy bypass information or services. Also, sites that allow the user to surf the net anonymously, including sites that allow the user to send anonymous emails.
- Phishing/Malware
- Phishing category is provided by PhishTank
- Malware category is provided by a select group of OpenDNS users*
Consider this: A content filter based on key words evaluates websites on the fly. Before handing of the web page to your browser it checks for keywords, porn for example. If the site has the word porn anywhere on it, it's blocked. That would include the page you are reading now. This would be a false positive and word based filters really struggle with this. Far better to use categories and rely on the contributions of millions to provide accurate categorization.
Setting up FamilyShield
If you have more than one device sharing an internet connection in your home, chances are, you are using a router. The best option in this case is to set the DNS server addresses in your router to FamilyShield:208.67.222.123
208.67.220.123
Now when each of your devices connect to your router and get their own internal IP address (DHCP and home networking is somewhat beyond the scope of this article) they will now use the DNS servers you've specified.
Now, OpenDNS has instructions on a number of routers, but most can be access by opening your browser to http://192.168.1.1 or http://192.168.0.1 depending on brand.
Login with your router's password. If you've never done so, chances are its set to the default (a really bad idea) and you can find it with a quick google search on your router model.
Once in, look for a menu for DHCP Server Setting, set the DNS Server IP addresses to 208.67.222.123 and 208.67.220.123. Click save and as each of your devices renew their IP information (you can accelerate this process by restarting most devices). That's it. Your computers, laptops, gaming systems, wifi connected phones, ipods, etc. are now all protected with FamilyShield as long as they are connected to your network.
IPV6
A word of caution: FamilyShield and the rest of OpenDNS' services are only ipv4 compatible as of the writing of this article. The internet has run out of ipv4 addresses and ipv6 is here. Your ISP may have already adopted ipv6. If so, there is a stopgap till OpenDNS catches up:Set your ipv6 DNS Servers to ::1 and :: respectively. These are your localhost (loopback) and unspecified ipv6 addresses. They will cause ipv6 DNS inquiries to fail, allowing DNS inquiries to resolve over ipv4. You could also just disable ipv6, but that is a little more complicated. Neither is a great solution, but it will work as a stopgap till OpenDNS is ipv6 compatible.
I personally use FamilyShield DNS addresses at my router and set my ipv6 DNS servers to ::1 and :: manually at each computer. Most mobile devices don't appear to support ipv6 just yet.
*Text for the categories comes directly from OpenDNS. Specific categories blocked by FamilyShield were provided in a service ticket I opened with OpenDNS.
Comments