• dns
  • filter
  • kids
  • Technology

Poor man's web content filter

Having kids in the computer age presents a lot of challenges that parents didn't have to deal with years ago. Among them is the fact that hard core pornography is just a couple of clicks away. Depending on your operating system of choice there are zillions of programs you can buy to "filter web content", but a parent has to shell out for the program, get it installed, then configure it, and it only works for the computer on which it was installed. There is a simpler way to block content, which will work for all computers on your "network" (all the computers in your home or business), which can be managed at a single place, and will even provide reports on what sites are being blocked which is completely free and fairly easy to set up.

To understand how this solution works, you need to understand some basic concepts. When you use a web browser to go to a chosen website, you're typing in a "friendly name" (like "google.com" or "facebook.com") which servers on the internet don't understand at all, so they need to translate that name into a set of numbers first. This translation is done using a system called DNS (domain name system). DNS is just a method whereby your computer sends out a request to whatever DNS server it is configured to use for the correct numbers needed to display the site name you typed. Most users just have their network connections set for "automatic" which makes everything "just work" and so their DNS servers are set to be their ISP's DNS servers by default. As an administrator of your own computer you can choose to change the DNS servers you are using manually. This post isn't a "How To" on changing your DNS settings, so I'll just say that the OpenDNS site has some pretty good tutorials on how to make that simple change.

Depending on the size of your network, you may already have a hardware firewall which offers content filtering. Hardware firewalls are expensive, and most home users rely on some kind of software solution instead. A DNS based solution can offer a sort of redundancy or double check on requests for "bad" sites that are making it through or around a firewall, but its a particularly good solution for home users who are currently using nothing or have only a software blocking solution in place. With the popularity of smart phones and gaming consoles with internet access, a DNS solution is particularly handy since it allows you to control what gets returned to all the devices on your network from a central point.

A solution I recommend is to use OpenDNS servers instead of your ISP's servers and then to set up a free account on OpenDNS.com and configure your account to use the free OpenDNS content filtering system to block specific sites or whole categories of sites. OpenDNS is not "open source", rather it is open in the sense that anyone can use their DNS servers; OpenDNS is a company and wants to make money. Some money is made by re-directing queries for non-existent domain names to (hopefully) relevant sites (provided by Yahoo!) of OpenDNS customers. They launched content filtering in 2007 aiming at business, educational, and parents. Sites are blocked by category and the lists of sites are maintained by the users. As a registered user you can suggest that a site be placed into one of the content filtering categories and vote on other user's suggestions. You can even maintain a an "override list" for sites that would otherwise be blocked because you have chosen to block a given category or permitted because you haven't chosen a category.

Important points to note

OpenDNS servers: