This is the 3rd post in our series on controlling our kids access to the Internet, both when they can get on, and what they can reach when they are online. In the first post we discussed the basics of how computer networks function, using the analogy of a phone system at our Blog, She Wrote Headquarters (HQ) with the part of the receptionist being played by our router, and directory assistance representing the work of Domain Name System (DNS) servers. In this analogy, the router plays the part of a receptionist who handles all outgoing and incoming calls between our internal phone system (ext. 1, ext. 2, etc.) and the external phone system (the rest of the world). We also talked about how in the computer world, the IP addresses (the numbers the computers use to call one another, similar to phone numbers at our Blog, She Wrote HQ) are constantly changing (every couple of days or so), even for external websites.
To handle that, the Internet has the Domain Name System (DNS), where DNS servers are spread around to act as directory assistance for the world. Whenever your computer wants to browse a web site, like your favorite www.blogshewrote.org, your computer contacts the local DNS server to ask for the IP address of the Blog, She Wrote server, and the DNS server looks that up in a constantly updated directory. Without that service you would be stuck, since your computer would not know what the current number is for that server. Just like our receptionist, the DNS server sits in a powerful position, as without the DNS server, our computer could not find the websites we are trying to reach.
A company recognized how the position of the DNS server could be helpful for Internet filtering and has setup a business around that service. The service is called OpenDNS. The idea behind Open DNS is that by not giving out the IP addresses (phone numbers) of sites you don’t want anyone in your family to reach (www.evilsite.com), your devices won’t be able to reach it, no matter how hard they try. It won’t matter if it is an iOS device, a laptop, or a tablet, if the network won’t tell it how to reach it, it can’t. All of this is done by your computer network, not the device, so you don’t need to install software on the device itself.
Getting Started with OpenDNS
The service is free for families (they charge for businesses) and fairly easy to setup.
- Go to the OpenDNS website and setup an account.
- You then need to tell your network to use the OpenDNS DNS server instead of your local ISP DNS server. The DNS server information is given out to devices when they are assigned an IP address by the router. You can tell the router to give out the OpenDNS server information instead of the local one in the router settings.
- The OpenDNS site has a good set of instructions on how to do this for most major router models.
Using OpenDNS for Content Filtering
In your account options on the OpenDNS site, you have many different ways to select the filtering you want to do. Content filtering is often done using whitelists or blacklists. Blacklists are designed around the idea that you maintain a list of sites you want to block, and allow everything else. Whitelists are the opposite of that, where you block everything by default, and only allow sites that are on the approved list. Neither method is perfect at filtering. With a blacklist, you have to work hard to maintain an accurate list of bad sites with a constantly changing Internet. Any new bad sites are not on your excluded list until you learn about them and add them in. Whitelists suffer from blocking most of the world, and only letting in a small portion that is already approved. Many good sites will be blocked since you don’t know anything about them yet, and a previously good site can start posting bad content and be approved until you notice and remove it from the whitelist.
OpenDNS works under the blacklist mode, with their own internal categorization of sites. They assign websites to various filtering categories, and either block or allow on your network based on the options you select. So, you can choose to block all adult sites as well as social networking sites like Facebook, or only block adult sites. They work hard to maintain the lists as they are the basis for the filtering of the commercial service they sell to companies. You also have the option to add your own list of sites to either always block or always allow as well. That way you can customize it based on your individual needs. When someone on your network tries to reach a blocked site, they are redirected to an OpenDNS webpage telling them that it is blocked and what categories it is blocked under. That way you know why you cannot reach the webpage.
One last challenge to deal with is that the OpenDNS servers are getting many DNS requests from many different computers, so they need to know which requests are from your network to know what filtering to apply. To do that their computers needs to know the external IP address of your router (you can find it at www.whatismyip.com). The challenge is that this number can change every couple of days, so you will need to constantly update OpenDNS with the new number to keep the filtering correct. To make this easy, OpenDNS has created a small program that only needs to run on one computer in your network. It checks the external IP address of your network every now and then, and automatically updates OpenDNS with any changes that occur. It is better to choose a computer that spends most of the time at home, not a laptop that is taken to and from work or school regularly. Otherwise OpenDNS will be updated with the wrong IP address when the computer is off-site, and your filtering will go away until it returns home. On our home network, this is handled automatically by my router, but explaining that setup is beyond the scope of this post. The OpenDNS site would have some information on how to do that for those who are interested.
Have a Question? Leave a Comment!
I hope you have found this information useful as you work to guide your kids towards responsible use of the Internet. Feel free to post any questions or follow-ups in the comments and I will try to respond as best as I can.