Use OpenDNS for Free to Increase Network Security and Block Adult Content On Your Home Network

OpenDNS – Improve security and block adult content

Use OpenDNS for Free to Increase Network Security and Block Adult Content On Your Home Network

Are you looking for a free and effective way to improve the security of your home network? How about protecting your family from adult content such as pornography, and mature themed websites such as gambling and alcohol? OpenDNS, and other Domain Name System (DNS) services like it, can do this – for free.

Blocking adult content is often referred to as a porn blocker. There are popular pay options, but these free options probably work just as well, with some caveats.

Here’s a quick overview on OpenDNS, and specifically their free for personal use cyber-security options. What it does and how to use it. We’ll also review some competitors and alternatives.

What is OpenDNS?

OpenDNS Is a Domain Name System (DNS) service provider. It’s the service that your computer uses to convert friendly server and domain names into IP addresses. But OpenDNS also provides phishing protection, as well as content filtering. They categorize and block known threats – such as phishing sites, sites hosting malware, etc.

How does it work? When you click on a link in your email or web browser the friendly name of the server has to be resolved to an IP address. This is done via the Domain Name System, or DNS. If the DNS server you use is “smart”, it can recognize requests for known malicious and adult sites and return a “safe” host instead that will result in a warning message instead of a malicious site.

It’s free, although there are also paid options (Home VIP) that bring additional capabilities.

How to use OpenDNS

To block malicious content, configure your PC or router to use the following DNS servers:

  • 208.67.222.222
  • 208.67.220.220
  • 208.67.222.220

Once complete, navigate to this test site. It should be blocked:
http://www.internetbadguys.com/

It’s best to set the DNS servers on your router, rather than your PC, because by setting it at the router, you are protecting all devices on the network in one step.See here for instructions on how to do this for popular router models.

What About Smart Phones?
Please note this WILL NOT protect your smartphone while using a cellular connection. In iOS (iPhone and iPad) you cannot set the DNS servers for a cellular connection.

The OpenDNS’s Family Shield servers also block adult content. If you are interested in this option, use these DNS servers. This is a “set it and forget it option”, no need for an account, or customizing settings.

  • 208.67.222.123
  • 208.67.220.123

If you sign up for an OpenDNS account, you can have very fine grain control over what is blocked and some stats tracking.

Do I need to sign up for an account?

The OpenDNS pages will walk you through setting up an account. This is optional, but will give you access to the Dashboard where you can setup stats tracking, manage the categories of filtering applied, and see a history of URLs accessed. This requires providing your external IP address, and ensuring it stays up to date (most home IPs are dynamic – meaning they can change regularly and unexpectedly).

In the Dashboard, do the following:

  1. Add A Network
  2. Manage the Network Settings, including the filtering options
  3. Download the OpenDNS updater program to make sure your dynamic address stays updated
  4. Check the Dashboard later for stats and make changes as needed

Use OpenDNS for Free to Increase Network Security and Block Adult Content On Your Home Network - Filter settings for Adult Content

Seting up an OpenDNS Account is Optional
Setting up the account is completely optional. The DNS servers work without this step being completed.

How effective is this?

OpenDNS relies on having a list of known bad guys. Sites are categorized into broad groups. And as you may suspect, there are millions of websites on the Internet, with more being added every hour.

  • Brand new domains and sites may not be blocked. They won’t be blocked until they are categorized.
  • It’s also possible it will throw a false positive every once in awhile and block a legitimate site.
  • It also can’t protect against bare IP addresses (for example, some malware might use a raw IP address as an endpoint to access content). DNS is obviously not required to communicate with a raw IP address.
  • When you first update the DNS, keep in mind that your computer may have previous DNS entries cached locally – this means blocking WILL NOT work, until those cached entries are cleared. On Windows, from cmd.exe, run ipconfig /flushdns command to do this.

Also, these protections can be circumvented relatively easily. If someone has administrative access on the router, or the PC they can simply change the DNS server to be an option that doesn’t block content – such as Google’s 8.8.8.8 and 8.8.4.4 servers. This requires a minimal amount of technical skill.

It’s also important to realize that if configured on the router, the DNS servers are specific to the network. For example, at home your laptop may use the router’s DNS options, but if you take the laptop elsewhere, you’re going to be using the DNS servers provided by the local network.

The YouTube Problem

Sites like YouTube can be problematic. Why? Because they have such a broad range of content. There’s everything from educational videos to news to very adult themed content (and language) – all under one domain – youtube.com. If you want to block objectionable content on YouTube, you will have to block access to the site (and others like it, such as Vimeo) entirely.

YouTube is not going to be categorized as Adult Content, because that’s only a fraction of the total videos. It’s going to be categorized as Video Sharing.

The High Web Content Filtering option in OpenDNS will block all Video Sharing sites. As discussed, you’ll need to setup an account to manage this option.

Why Not Use OpenDNS?

There’s really no downside, use it to block malicious/phishing sites at the very least.

It’s free and using these servers has no impact on performance, why wouldn’t you use this extra layer of security?

Cyber-security should be applied in layers – with defense in depth being a best practice. Consider using OpenDNS as a cheap, effective layer in your home cyber-security defense.

Can I use this for my business?

The options outlined above are for personal, non-commercial use, not business use. It is against the terms of service to use OpenDNS for business. Because OpenDNS is now owned by Cisco, every business related link is an up-sell to Cisco Umbrella service, which is far more than just DNS filtering, and probably considerable expense.

Norton ConnectSafe

There are other free services that do the same thing. But these don’t offer the same fine grain control that OpenDNS does (when you add an account).

Norton ConnectSafe is very similar to OpenDNS. It’s free and can block malicious/phishing sites, adult content, or adult content and “other” content such as gambling sites, alcohol, etc.

For blocking malicious content:

  • 199.85.126.10
  • 199.85.127.10

For malicious content and blocking adult content (pornography):

  • 199.85.126.20
  • 199.85.127.20

For all categories – malicious sites, adult content, and other sites such as gambling and alcohol:

  • 199.85.126.30
  • 199.85.127.30

Comodo Secure DNS

Similarly, Comodo Secure DNS is another free service. It only blocks security threats. Use these DNS servers:

  • 8.26.56.26
  • 8.20.247.20