I've used OpenDNS a number of times in the past to restrict the sites that my kids can easily (or accidentally) visit from their computers. OpenDNS is a free Domain Name Service that you can use for your computers. It has filtering capabilities which prevent name resolution for sites that you want to have blocked. For example, if you don't want your computer to be able to surf to adult content sites, there's a check box. Then, when your browser requests 'naughtyvideos.com' web address, OpenDNS will return a harmless web site IP number that shows a page with "this site is blocked" message on it.
While OpenDNS is not completely fool proof from a security perspective, it definitely makes it more difficult to purpose-fully or accidentally visit sites that you don't think people should be visiting.
Setting up OpenDNS involves creating an account on their system (http://www.opendns.com) then setting your computer to use
their DNS server instead of whichever one was provided by your internet service provider. I went a step further and actually programmed my wireless router to use OpenDNS so that it automatically handed out that server when it issued DHCP addresses.
First, you need an OpenDNS account. It's fairly simple to set up. During the process, you need to visit the "Dashboard" area and use the "Settings" tab to choose which kinds of sites you want to block for a particular network. I chose "Moderate" filtering which blocks most pornography/adult sites as well illegal activity, adware sites, etc.
Next, you need to configure at least one computer in your network to run the "OpenDNS Updater" agent. This installs on your PC and sends periodic updates to OpenDNS to know what your public (real) IP address is. OpenDNS uses your IP address to determine what filtering settings match your account. Since most home systems us dynamic IP address from their ISP, the updater makes sure OpenDNS knows who you are even if your address changes.
Finally, I set my router to use OpenDNS so that all the random wireless devices on my network would be properly filtered. In my case, I have a Netgear wireless router that I use inside my house.
- Log into router as 'admin'
- Go to "Basic Settings"
- Set "Get Dynamically from ISP" for Internet IP Address unless you have a specific reason NOT to do so.
- For Domain Name Servers (DNS) address, set to "Use these servers" and enter the numbers that OpenDNS publishes on their site
- Primary: 208.67.222.222
- Secondary: 208.67.220.220
- Hit apply and allow your router to reboot.
Now, any device that connects to the wireless (or wired) network will automatically use OpenDNS for name resolution.
In my case, I have two routers on my network: and "outer" one that connects directly to my ISP and an "inner" network which I placed in a central location in the house so wireless works better. I configured the inner router to use OpenDNS and my outer one uses standard DNS. This allows me uncensored access to all sites from some of my computers. It also means that I needed to go around to some of my PC's in the house that were hard-wired to the outer network and specifically set them to use OpenDNS in the TCP/IP settings. OpenDNS provides some good instructions on their site for doing that.
That's it. A slightly-more-secure network that might do a slightly better job protecting my children from nefarious content out there.