Use OpenDNS for Free to Increase Network Security and Block Adult Content On Your Home Network
Are you looking for a free and effective way to improve the security of your home network? How about protecting your family from adult content such as pornography, and mature themed websites such as gambling and alcohol? OpenDNS, and other Domain Name System (DNS) services like it, can do this – for free.
In this article, we’ll tell you exactly how to get up and running quickly.
Blocking adult content is often referred to as a porn blocker. There are popular pay options, but these free options probably work just as well, with some caveats. So let’s review what makes OpenDNS such a great option for this.
We’ll provide a quick overview on OpenDNS, and specifically their free for personal use cyber-security options. We’ll also review some competitors and alternatives.
We applaud IBM and the industry partners that are making the Quad9 service available, free of charge, to home and business users. Quad9 will block known malicious websites. However, it will not be a content filtering and blocking service. If you wish to protect your family from adult and illegal-activity websites, OpenDNS is still a better choice.
What is OpenDNS?
OpenDNS Is a Domain Name System (DNS) service provider. It’s the service that your computer uses to convert friendly server and domain names into IP addresses. But OpenDNS also provides phishing protection, as well as content filtering. This service categorizes and blocks known threats – such as phishing sites, sites hosting malware, etc.
How does it work? When you click on a link in your email or web browser the friendly name of the server has to be resolved to a numeric IP address. This is done via the Domain Name System, or DNS. If the DNS server you use is “smart”, it can recognize requests for known malicious and adult sites and return a “safe” host instead that will result in a warning message instead of a malicious site.
It’s free, although there are also paid options (Home VIP) that bring additional capabilities.
You may also be interested in reading about how to save money through cord cutting. What is that? It’s getting rid of expensive and inflexible cable TV subscriptions for more flexible Internet based streaming options and “Over The Air” (OTA) digital broadcasts. Find out more here: Cord cutting with PS Vue and Roku Streaming Stick+
How to use OpenDNS
To block malicious content, configure your PC or router to use the following DNS servers:
Once complete, navigate to this test site. It should be blocked:
It’s best to set the DNS servers on your router, rather than your PC, because by setting it at the router, you are protecting all devices on the network in one step. See here for instructions on how to do this for popular router models.
Please note this WILL NOT protect your smartphone while using a cellular connection. In iOS (iPhone and iPad) you cannot set the DNS servers for a cellular connection.
The OpenDNS’s Family Shield servers also block adult content. If you are interested in this option, use these DNS servers. This is a “set it and forget it option”, no need for an account, or customizing settings.
If you sign up for an OpenDNS account, you can have very fine grain control over what is blocked and some stats tracking.
Do I need to sign up for an account?
The OpenDNS pages will walk you through setting up an account. This is optional, but will give you access to the Dashboard where you can setup stats tracking, manage the categories of filtering applied, and see a history of URLs accessed. This requires providing your external IP address, and ensuring it stays up to date (most home IPs are dynamic – meaning they can change regularly and unexpectedly).
In the Dashboard, do the following:
- Add A Network
- Manage the Network Settings, including the filtering options
- Download the OpenDNS updater program to make sure your dynamic address stays updated
- Check the Dashboard later for stats and make changes as needed
Setting up the account is completely optional. The DNS servers work without this step being completed.
How effective is this?
OpenDNS relies on having a list of known bad guys. Sites are categorized into broad groups. And as you may suspect, there are millions of websites on the Internet, with more being added every hour.
- Brand new domains and sites may not be blocked. They won’t be blocked until they are categorized.
- It’s also possible it will throw a false positive every once in awhile and block a legitimate site.
- It also can’t protect against bare IP addresses (for example, some malware might use a raw IP address as an endpoint to access content). DNS is obviously not required to communicate with a raw IP address.
- When you first update the DNS, keep in mind that your computer may have previous DNS entries cached locally – this means blocking WILL NOT work, until those cached entries are cleared. On Windows, from cmd.exe, run ipconfig /flushdns command to do this.
Also, these protections can be circumvented relatively easily. If someone has administrative access on the router, or the PC they can simply change the DNS server to be an option that doesn’t block content – such as Google’s 184.108.40.206 and 220.127.116.11 servers. This requires a minimal amount of technical skill.
It’s also important to realize that if configured on the router, the DNS servers are specific to the network. For example, at home your laptop may use the router’s DNS options, but if you take the laptop elsewhere, you’re going to be using the DNS servers provided by the local network.
It’s important to understand that avoiding, bypassing, or otherwise circumventing the web site blocking provided by OpenDNS, Quad9, or any other similar service is trivial. This is because all the service does is block name lookups on known bad sites. To bypass, you simply point your device to a different set of name servers, such as Google’s public 18.104.22.168 name server. Most people can do this on their computer, tablet, or phone via readily available instructions on the Internet. If you want a more robust solution for blocking adult content – you should consider additional security controls.
Having said all that, OpenDNS and Quad9 are still great for blocking malicious sites – as long as your users aren’t trying to circumvent it. And it’s free – it’s an additional layer of security at a minimum of cost.
The YouTube Problem
Sites like YouTube can be problematic. Why? Because they have such a broad range of content. There’s everything from educational videos to news to very adult themed content (and language) – all under one domain – youtube.com. If you want to block objectionable content on YouTube, you will have to block access to the site (and others like it, such as Vimeo) entirely.
YouTube is not going to be categorized as Adult Content, because that’s only a fraction of the total videos. It’s going to be categorized as Video Sharing.
The High Web Content Filtering option in OpenDNS will block all Video Sharing sites. As discussed, you’ll need to setup an account to manage this option.
Why Not Use OpenDNS?
There’s really no downside, use it to block malicious/phishing sites at the very least.
It’s free and using these servers has no impact on performance, why wouldn’t you use this extra layer of security?
Cyber-security should be applied in layers – with defense in depth being a best practice. Consider using OpenDNS as a cheap, effective layer in your home cyber-security defense.
Can I use this for my business?
The options outlined above are for personal, non-commercial use, not business use. It is against the terms of service to use OpenDNS for business. Because OpenDNS is now owned by Cisco, every business related link is an up-sell to Cisco Umbrella service, which is far more than just DNS filtering, and probably considerable expense.
The Quad9 service is available for organizations to use, at no cost, but it only blocks known malicious domains (it does not filter content).
There are other free services that do the same thing. But these don’t offer the same fine grain control that OpenDNS does (when you add an account).
Some recent testing of DNS providers shows that Norton ConnectSafe does not block as many malicious sites as OpenDNS or Quad9. Therefore, we cannot recommend it.
Norton ConnectSafe is very similar to OpenDNS. It’s free and can block malicious/phishing sites, adult content, or adult content and “other” content such as gambling sites, alcohol, etc.
For blocking malicious content:
For malicious content and blocking adult content (pornography):
For all categories – malicious sites, adult content, and other sites such as gambling and alcohol:
Comodo Secure DNS
Some recent testing of DNS providers shows that Comodo Secure DNS does not block as many malicious sites as OpenDNS or Quad9. Therefore, we cannot recommend it.
Similarly, Comodo Secure DNS is another free service. It only blocks security threats. Use these DNS servers:
Quad9 Domain Name System
Quad9 is a new service, available from IBM Security and a collection of industry partners. It is free of charge for both personal and business use. This is an excellent option for improving security, but it does not contain any content filtering functions – meaning you cannot block adult and illegal activity websites, as you can in OpenDNS.
It should offer an excellent improvement in security though, and the price is right. Use this DNS Server:
NOTE: Quad9 does have a 22.214.171.124 DNS server – but this does NOT block malicious sites – it’s for testing purposes only.
From the press release:
“IBM Security, Packet Clearing House and The Global Cyber Alliance today launched a free service designed to give consumers and businesses added privacy and security protection as they access the internet. The new Quad9 Domain Name System (DNS) service helps protect users from accessing millions of malicious internet sites known to steal personal information, infect users with ransomware and malware, or conduct fraudulent activity.”
What About CloudFlare’s new 126.96.36.199 DNS Service?
CloudFlare’s new DNS service (188.8.131.52) is a DNS service that offers blazing fast performance (they claim 28% faster lookups than OpenDNS) and a privacy first guarantee – meaning they will not sell DNS lookup information to advertisers.
Having said all that, it’s not a filtering or website blocking service.
If you want private, fast DNS service check them out at https://184.108.40.206/
How do you use the 220.127.116.11 service? Simply update your DNS servers to point to: