Anyone who has experience with the Internet knows how easily it is to stumble across inappropriate Internet content. As a father of two, I am extremely cautious about my children’s online activities and utilize parental controls on everything I can. Whether you are a business owner trying to reduce what your employees can access online, a parent trying to protect your children from the dangers of the Internet, or a significant other helping a spouse battle a pornography addiction, you may have found it difficult or confusing on how to accomplish this. I’m going to show you the best way to block inappropriate content and best of all, it’s free.
While Internet pornography is clearly the most prevalent inappropriate content that most people are trying to block, there are other harmful matter that should receive equal attention. For example, racism, hate, intellectual property theft (piracy), and cyberbullying also top the list. There are many companies offering free and paid versions of software designed to filter Internet searches, report on Internet activity, and block certain websites. Ten years ago, this kind of solution worked well because most people didn’t have many computers in their home and certainly didn’t have WiFi capable devices surfing the Internet like what is available now. The biggest obstacle now with software applications that just install on a single computer is that if a user accesses the Internet from another device (e.g., Tablet, Laptop, Netbook, Smart Phone, MP3 player), the software application will not catch any of this activity.
As a law enforcement officer, I dealt with plenty of cases of children getting into areas online they had no business being in and sometimes the results were devastating. I also handled cases involving people addicted to pornography and were easily able to bypass software programs on their computer designed to report their Internet history. The way to stop any device on your network from accessing inappropriate material is to control the entire network, not just one computer. This will make anyone trying to access something inappropriate on your network to have to go somewhere else to get it.
The solution is to control the DNS of your network. DNS (or Domain Name System) is what translates every website and web-based service from a Universal Resource Locator (URL) to an Internet Protocol (IP) Address. Basically what this means is when you type https://www.joshmoulin.com/ DNS translates that URL (joshmoulin.com) to the IP address of the server this website is hosted on. This way, you don’t have to remember the IP address of this site, but you can use a name instead. The DNS system is much like a phonebook of the Internet, when you type a domain name it can look it up and send you to the correct location.
The benefit of controlling DNS on your network is you can set your home router to use a certain DNS server and anyone on your network is going to be forced to go through this service; enter OpenDNS. If someone thinks that an Internet monitoring program is installed on the home PC and they try to use their iPad to surf something inappropriate, OpenDNS is going to catch it, log it, and stop it immediately. OpenDNS routes your DNS queries through their servers and compares what you’re looking for with their advanced filtering system. If you are requesting something that matches a known pornographic site for example, regardless of what device you are using to access the Internet on your home network, it will block the request and give you an error screen instead. Just a reminder though, this works only for YOUR network. If someone uses a cellular data device (like an air card or cellular phone that isn’t connected to your WiFi network) there is no way to control what they are surfing with OpenDNS.
OpenDNS has many more benefits than just blocking bad websites, but that is the focus of this article. I’ll show you how to set up OpenDNS as well as ensuring your home network is configured correctly. I implemented it at my home and it took me about 10 minutes or so.
Step 1 – Visit OpenDNS and create a free account. They have accounts for business and for home, but we’ll focus on the home configuration for now. Click on the get started button as shown in the screenshot below:
Step 2 – Select the OpenDNS Home solution (it is free).
Step 3 – Enter the necessary information to create your account. Just remember that the password you use will allow access to usage reports, turning off the service, and changing what websites are or are not permitted. You should make this password complex and one that no one would guess or be able to find written down somewhere.
Step 4 – Log in with your new account to OpenDNS. OpenDNS will detect what the IP address is of your home network. One thing to consider is that your home IP address is most likely dynamic, meaning that it can change. OpenDNS won’t work if it doesn’t know your current IP address, so it is recommended you download and install their OpenDNS Updater tool. This tool just runs in the background of your computer and reports your IP address back to OpenDNS occasionally. This ensures the service will always work and you don’t have to worry about it.
Step 5 – Now that you have an OpenDNS account and have the Updater installed, the next step is to configure your network to route through the OpenDNS servers. If you have only one computer in your home, you can manually change the network interface card configuration and put in the DNS addresses. Most people though have a home wireless router and by updating your home router, all computers in the network will route through OpenDNS instead of the DNS servers provided by your Internet Service Provider (ISP). If you need help changing the DNS settings on a Mac, click here. If you need help with Windows, click here. I will show you how I changed the DNS settings on my Linksys wireless router just as an example and most other routers will be very similar.
Login to your wireless router through the web interface and find the section that allows you to change the static DNS servers IP addresses. OpenDNS currently uses the IP addresses of 22.214.171.124 and 126.96.36.199. These are the IP addresses to put into either your single device (if not using a router) or your wireless router. A screenshot below shows how I set it up on my home router:
Step 6 – Make sure you can still get out to the Internet once you make the DNS changes. It may take a minute or two for everything to synchronize, and sometimes it requires a restart of the router, cable modem, computer, or all of the above. It shouldn’t…but sometimes it does. It is time to personalize your OpenDNS settings. You will have the ability to select broad categories to block and also block or unblock specific websites (known as whitelisting and blacklisting). There are some times that OpenDNS may rate a website as inappropriate and block it, but you think it is acceptable. I’ll show you how to override the default settings of OpenDNS and whitelist a specific website.
There are a few categories that can be applied across the board, or you can customize what you are looking for. Below shows how I have it setup on my network:
I started with the “high” category and then made a few changes. After making any changes it takes about three minutes for them to get propagated to the servers.
Step 7 – Customize! Now that you have the important stuff done, you can customize OpenDNS. I recommend clicking the “Security” tab and ensure you are protecting your network against Malware and Botnets, Phishing and suspicious responses. You can also click on “Customization” and create the messages that your users will see once they try to go to a website that has been blocked by OpenDNS. You can play with this by intentionally trying to go to a website that you believe should be blocked and seeing what the response is. Once someone gets a response, it is automatically logged in OpenDNS (we’ll get to that later) and there is nothing they can go about it unless they know the password to the OpenDNS account.
Step 8 – Custom Whitelisting/Blacklisting allows you to disregard the broad settings and default allow or deny certain websites. In the screenshot below you can see that I made a whitelist to always allow www.google.com. I didn’t actually have to always allow this site, but just put it in there as an example. In fact I have found OpenDNS to be so good that I haven’t needed to customize it. If you later want to remove these entries, just click the box in front of the entry and then click the delete button:
Step 9 – After a day or so, log back into your OpenDNS account and check out the statistics. You can find a ton of data here, but most likely you’re first interest is going to be blocked domains, meaning websites that people tried to go to, but OpenDNS blocked them. You can search for custom time periods and even download the data as a report. These reports could be sent to another person for accountability such as a friend, family member, counselor, or church pastor by the administrator of the OpenDNS account.
There are so many more features and functions available with the free OpenDNS, however what is detailed in this article should give you enough information to protect your family from unwanted Internet content. After using OpenDNS for a while, I encourage you to check out some of the additional settings and customization and really get the most out of the product.
HI Josh, very interested in your article. I live in the UK and my provider’s router (Linksys) only supports parental protection for specific websites so a nightmare to maintain. My question to you is, can I apply the same in the UK or are there regional elements to consider. I am not a computer wiz.
Hi Alex, you’re very welcome! This post is a bit dated, but yes, you can absolutely use OpenDNS in the UK. All you need to do is sign up for a free account, make the rules for your family on the category of websites you will allow, and then change the DNS settings of your wireless router to the IP addresses for OpenDNS. It should take about 15 minutes and you should be all set. Good luck!
Control the entire network is the way to go because my issue in the past is that new web sites come out every day and I can’t block one at a time, not even by categories.
I agree. Whitelisting is the most secure even though it requires the most amount of administration.
I agree. Whitelisting is the most secure even though it requires the most amount of administration.
Thanks for this very helpful article. I am not a computer savvy individual but would like to protect myself and my daughter by following your recommendations. Whom can I trust for doing this for me?
Grateful, you are very welcome, I’m glad it was helpful. Much of what I have laid out could be done without being a computer wiz. If you’re uncomfortable doing this you might be able to contact a local computer repair to see if they will come to your house and set things up for you. If you walk through this step-by-step and get the user’s manual online for your wireless router, you could get this setup in about 20 minutes.