Overview

Alternatively, as of https://support.google.com/websearch/answer/144686, you can enforce SafeSearch with an internal proxy server: 
If you deploy a proxy on your web traffic, it may be possible to configure your proxy to append &safe=strict to all search requests sent to Google. This parameter enables strict SafeSearch for all searches, regardless of the setting on the Google Preferences page. 
This technique will not work on searches done using SSL Search.

And what is if one doesn't have a local DNS server or proxy server, or this is not configurable? 

You can use this SafeSearch Virtual IP address (VIP) in your local hosts file, found on nearly every device.  Add entries like this: 

216.239.38.120  www.google.com  www.google.co.uk  www.google.ca 
216.239.38.120  www.google.fr  www.google.it  www.google.es  www.google.nl

(This 216.239.38.120 is (currently) the IP address of forcesafesearch.google.com.)

Any idea of how this can be done on a DD-WRT router? I thought maybe using DNSMasq but I set that up and it didn't appear to work. If anyone has successfully done that, please help with screenshots. Thanks.

Ok, thanks. Adding this to "Additional DNSMasq Options" appears to have worked:

address=/www.google.com/216.239.38.120

I will add all of the other google domains too (www.google.de, www.google.ca, etc.). The only problem will be if/when the IP address of forecsafesearch.google.com changes.

This is driving me crazy.  I am jumping through hoops to get this set up and every path leads to a dead end.

Google's advice is unhelpful in the extreme "Set the DNS entry for www.google.com to be a CNAME for forcesafesearch.google.com."  where do I find this mythical DNS CNAME setting?

I have a local dns with forwarding to opendns - synology DNS doesn't allow me to define cnames to external domain. I have no other vehicle to act as a DNS server.

My apple airport extreme wi-fi router has a dns cache, and you'd think it would let me configure the CNAME there, but no.

I have tried the proxy route - but I can't find how to force all wi-fi clients to use the proxy

I can't override the localhost file for all the phones & iPads etc on my network.

So, please, how am I supposed to do this so that all wi-fi clients are prevented from accessing unsafe google search?

"where do I find this mythical DNS CNAME setting?"

As almost - in the related user documentation (manuals, guides).

"I have a local dns with forwarding to opendns - synology DNS doesn't allow me to define cnames to external domain."

Doesn't it?  A simple web search for "Synology DNS" got me to a different insight!

https://www.synology.com/en-global/knowledgebase/tutorials/584

Make the Google domains private domains (for your network), and configure the CNAME as explained in that guide.

Thanks for the update.  I had seen this but I didn't know I could override the google domain in this way, that isn't obvious from the instructions.  However, it still doesn't solve my problem because I need to apply it for every single google domain (.com, .co.uk, .fr, .de, .ie etc) which is impractical.   Furthermore I don't know what to enter for all the other details 

I still maintain that it is ludicrous that I (a naive IT user) need to get into all this.  It is doubly ludicrous that I need to create a home DNS to make my existing so-called secure DNS work more securely, and I am expected to understand that this makes obvious sense.

You may think it is ludicrous, but there is no other option available. It can only be done on a DNS server or proxy server that you control, or some sort of service that specifically offers that kind of functionality. It cannot be done by a recursive DNS service.

A far easier method has been pointed out to you, namely use OpenDNS to block the Search Engine category, and then whitelist whichever search engine provides the degree of censorship you are looking for. It also has the benefit of blocking all other search engines that return content that you find objectionable.

"I need to apply it for every single google domain (.com, .co.uk, .fr, .de, .ie etc) which is impractical"

...but possible.  Complain with Synology if you're unhappy with what they offer.

I'm using OpenDNS.  How do I create a CNAME record for www.google.com.  I'm surprised no one's asked this.  I can see where to do it in my router, but I'm bypassing my router for DNS so I can use OpenDNS.  I could put an entry in the HOSTS file on my Windows computers, but that doesn't help me with my problem device: an iPod touch.  I would have to jailbreak the device and I doubt the owner would go along with it.

I found a work-around for my situation.  After digging in my router, I found my router itself was getting DNS settings from DHCP.  I changed it to use static DNS servers, pointed to OpenDNS.  For the DNS settings the router hands out to clients, I switched it from OpenDNS to the address of the router (I had to cheat and put the same address in both boxes, since it insisted on have two DNS servers).

Many people have demanded (not asked) for some variation of creating a CNAME via OpenDNS, or for OpenDNS to do it for them. It has been the subject of many threads here, and many back and forth posts. The response has always been something that amounts to "OpenDNS is a recursive DNS service, not an authoritative DNS service, and only an authoritative DNS can do this. You can however do it on a DNS server of your own that you control". There have been many posts containing instructions or links on exactly how to do this for ones self. It's even discussed in this thread you posted to.

What you did is one way to configure you the router, and it would allow you to use your router (probably using DNSMasq to provide your own CNAME for google). I prefer not to do that unless I have a specific need because many consumer routers are just too underpowered to handle DNS services without slowing down all internet traffic

Hi, I create this batch file (only for windows user) that adds to all google domains the string 216.239.38.120

This is a very simple batch file, I'm not a programmer. If you have some ideas to improve it, or if you find some issues, please share into this forum.

I try it on my pc and it works. Please try it and tell me if it works...

To run the batch file right click on the batch file and "Run as administrator"

This is the code:

@echo off
findstr "216.239.38.120 www.google.com" C:\Windows\System32\drivers\etc\hosts
if %errorlevel%==0 (
goto end
)
@echo #forcesafesearch>> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com>> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ad >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ae >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.af >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.ag >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.ai >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.al >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.am >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.ao >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.ar >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.as >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.at >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.au >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.az >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ba >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.bd >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.be >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.bf >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.bg >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.bh >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.bi >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.bj >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.bn >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.bo >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.br >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.bs >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.bt >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.bw >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.by >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.bz >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ca >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.cd >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.cf >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.cg >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ch >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ci >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.ck >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.cl >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.cm >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.cn >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.co >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.cr >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.cu >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.cv >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.cy >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.cz >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.de >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.dj >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.dk >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.dm >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.do >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.dz >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.ec >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ee >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.eg >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.es >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.et >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.fi >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.fj >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.fm >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.fr >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ga >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ge >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.gg >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.gh >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.gi >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.gl >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.gm >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.gp >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.gr >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.gt >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.gy >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.hk >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.hn >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.hr >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ht >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.hu >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.id >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ie >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.il >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.im >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.in >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.iq >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.is >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.it >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.je >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.jm >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.jo >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.jp >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.ke >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.kh >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ki >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.kg >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.kr >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.kw >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.kz >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.la >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.lb >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.li >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.lk >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.ls >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.lt >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.lu >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.lv >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.ly >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.ma >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.md >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.me >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.mg >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.mk >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ml >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.mm >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.mn >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ms >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.mt >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.mu >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.mv >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.mw >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.mx >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.my >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.mz >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.na >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.nf >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.ng >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.ni >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ne >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.nl >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.no >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.np >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.nr >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.nu >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.nz >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.om >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.pa >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.pe >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.pg >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.ph >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.pk >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.pl >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.pn >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.pr >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ps >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.pt >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.py >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.qa >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ro >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ru >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.rw >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.sa >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.sb >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.sc >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.se >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.sg >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.sh >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.si >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.sk >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.sl >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.sn >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.so >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.sm >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.sr >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.st >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.sv >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.td >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.tg >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.th >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.tj >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.tk >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.tl >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.tm >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.tn >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.to >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.tr >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.tt >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.tw >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.tz >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.ua >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.ug >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.uk >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.uy >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.uz >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.vc >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.ve >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.vg >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.vi >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.com.vn >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.vu >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.ws >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.rs >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.za >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.zm >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.co.zw >> C:\Windows\System32\drivers\etc\hosts
@echo 216.239.38.120 www.google.cat>> C:\Windows\System32\drivers\etc\hosts
@echo #end of forcesafesearch>> C:\Windows\System32\drivers\etc\hosts

Hi, I create this batch file (only for windows user) that adds to all google domains the string 216.239.38.120

This is a very simple batch file, I'm not a programmer. If you have some ideas to improve it, or if you find some issues, please share into this forum.

I try it on my pc and it works. Please try it and tell me if it works...

To run the batch file right click on the batch file and "Run as administrator"

This is the file sorry

"unzipped"

@gene3

I use Tomato by Shibby firmware on my E2000 router and this works great, thank you..

I have added this to the Dnsamsq setting..

address=/www.google.com/216.239.38.120
address=/www.google.co.uk/216.239.38.120
address=/www.wwwlgoogle.ca/216.239.38.120
address=/www.google.fr/216.239.38.120
address=/www.google.it/216.239.38.120
address=/www.google.es/216.239.38.120
address=/www.google.nl/216.239.38.120

but, is there a way to block this if the users search using bing or any other search engine?

It doesn't seem to work if using any other search engine, and it's obvious why.. just wanted to know if there's a way to do this without having to set up a dns server.

Oh.. I added

address=/www.bing.com/216.239.38.120 and it forces the user to use google.com as it redirects them to google.. hmm.. interesting... I guess this is a simple way around it.. haha.

Because you redirect Bing to a Google IP address, you will indeed get a response from Google (with SafeSearch), not from Bing.  This is normal and not surprising.

If you still want to use Bing, this is relatively easy.  You simply add explicit.bing.net to your "always block" list unless you already have blocked one of the Adult Themes, Nudity, Pornography categories.  Bing host such content under this specific domain.
http://arstechnica.com/information-technology/2009/06/bing-moves-al...

Other search engines may have related but different specific tools to filter content.

cool.. I will try that.. but, I use Family Shield, so I don't have the option to block specific domains right?

why do I need the automatic IP updater when using 208.67.222.222 - 208.67.220.220 - but not if I use 208.67.222.123 - 208.67.220.123?

If you use the FamilyShield addresses, then explicit.bing.net is already blocked anyway.

You can use also the dashboard (and an updater) with the FamilyShield addresses for other categories and single domains not covered by FamilyShield alone.  However, you cannot whitelist domains which are blocked by FamilyShield.

You need the updater when you use the dashboard to keep your IP address information updated at OpenDNS, so that OpenDNS can associate your DNS lookups with your individual settings.

oh ok.. 

I am using Family Shield, but I am able to pull nude pics in bing image searches, even if I have explicit.bing.net 
even if I add it to the blocked sites in my router... images.search.yahoo.com works great.. it blocks all images from yahoo which means users will have to use another search engine.. what I am looking for is to be able to block ANY image search on the most common search engines and redirect them to google... I have not been able to find this for bing yet.. I have tried blocking www.bing.com/images, but it still pulls the images. - I have also cleared cache/cookies and flushed dns in CMD..but nothing seems to do the trick yet.

I see.  It seems Bing has started to embed images as data within the web page, same as Google before.  These images are then no longer hosted on explicit.bing.net, but on e.g. www.bing.com.  Therefore they also have a Safe Search feature which you can use in addition.

You cannot do this with OpenDNS alone, because a DNS service can block on domain name basis only, not based on keywords, images, web pages or any other objects.  Regarding www.bing.com, you can block it as a whole or not at all.

"what I am looking for is to be able to block ANY image search on the most common search engines and redirect them to google"

This is what you described above:

"Oh.. I added address=/www.bing.com/216.239.38.120 and it forces the user to use google.com as it redirects them to google"

All of these solutions hinge on the idea of identifying every possible search engine out there, all of the domains they use, and keeping those lists updated, especially as new search engines are created, or as existing ones add new domains. Adding it at the router level via DNSMasq or a DNS server is going to be more effective than modifying hosts files that may not be available on all devices, but it still requires a lot of ongoing effort.

Why not just block the search engine category, and whitelist the domains for only those search engines you want to allow? This could be supplemented with the method for forcing Google's safeseach, or the other methods that other search engines have available to them.

This is exacty what I am trying to do.. but for example, I haven't found the way to just block the searc engine for bing... it's either all or nothing. - Can you tell me or point me in the right direction? - My wife likes bing for somethings, so I would rather just block the searc feature without blocking the entire domain.

thanks.

OH.. I got what you're saying..

Thing is I use Family Shield which does not have the option of whitelist... 

**the should have an "Edit" otion for these posts...

If you want to stay with Family Shield then you would need to set up a dashboard account and start blacklisting those domains you don't. If you want to use a search engine but only block some of it's content you'll need to research to see if a specific engine has something like Google's safesearch and figure out how to apply it for your entire network. I suspect that for most search engines there really isn't a way to do that. Since it appears that even blocking explcit.bing.net allows through traffic you don't want you'll have to check with bing to see if there are any other options, or just block bing entirely.

Of course if you are going to the extent of adding additional blacklist items to FamilyShield you should consider using regular OpenDNS Home where you also have the option to whitelist domains. That way you could block the search engine category and then whitelist only google or whatever search engine you want to allow.

I am now back to using the OpenDNS home and have blocked Search Engines, but www.bing.com is still pulling up for me.. well, what I mean is that, image searches show up as blanks, but if I hover the mouse over them or click on the empty block, then the picture becomes visible.

What do you mean that www.bing.com is still pulling up for you?

I just checked and bing.com is classified in the search engine category. Unless you have whitelisted something, www.bing.com and all other subdomains of bing.com will be blocked.

When you hover your mouse over those blanks or blocks are you reading the URL that they point to? I just doubechecked on bing, and all of the search results, and pictures associated with them, point somewhere else, such as espn.com or huffingtonpost.com. If you don't have those domains or categories they belong to blocked there is nothing that OpenDNS can do about it since that is content that does not require a DNS lookup just to display a link.

Again, if you want to use a specific search engine, you are stuck with whatever content that search engine provides. If it provides links then those links are going to appear since that is content and OpenDNS does not filter content. The only way it will filter is if you click on a link, and the domain it leads to is blocked via your OpenDNS setttings.

If you don't like the results that bing or any other search engine provides then you need to make sure it is blocked either by individual blacklisting or blocking the search engine category. Some search engines provide functionality similar to Google's safesearch, but you'll need to research it for that particular search engine, and it's highly unlikely that you'll be able to take advantage of them via OpenDNS since those mechanisms are likely to work in a way that a recursive DNS provider can address.

In my custom settings I have checked.. Adware,Proxy/Anonymizer, Nudity, Pornography and Search Engines..

then on the Never block:

as you can see.. I have whitelisted www.bing.com, so nude pics can be seen in image searches.. another issue I am having is with Youtube.. it won't open properly for me even though I also have it in the whitelist.. I have cleared the cache and flushed dns in CMD...but youtube won't open. - I wonder why is Youtue being filtered when it should be a "Social Networking" category which I am not blocking at all.

That is to be expected with bing since that is the content returned when you do a search on there. If blacklisting explicit.bing.net doesn't do it you'll need to do some research on bing itself to see what functionality they have that is comparable to Google's safesearch. There is nothing else that OpenDNS can do for you since you have whitelisted it.

As for Youtube, there have been multiple threads on here with people having problems with youtube. The problem is, to display videos youtube uses a lot of different domains, some of which aren't obvious and probably at least one of them is in a category you have blocked.. You should search for those specific threads and follow the advice in them. I watch youtube on a semi-regular basis and have the Adware and Proxy/Anonymizer categories in common with you, so it's not any of those categories that are you blocking you. Something in your blacklist could also be interfering with youtube.

For future reference, since you have google.com, youtube.com and snapchat.com in your whitelist, there is no need to add any of their subdomains, such as mail.google.com, www.google.com, www.youtube.com and www.snapchat.comsince the main domain already covers the subdomains. If nothing else it will shorten your whitelist and make it easier to manage.

Also, chrome-signin probably isn't a valid domain, so probably isn't doing anything for you.

The reason I had to add mail.google.com is because gmail was being blocked..so after I added mail.google.com then i was able to access it... Anyway, thanks so much for your time and patience with me :)

I just went back to using Family Shiled DNS and set my router how I had it.. I am suing Shibby Tomato which has lots of features.. the way I have it now seems to be the best for what I want.. all the search engines I don't want are either blocked or redirected to google...and I have no issues with Youtube or any other site like snapchat which was also being blocked.. So, until I find another solutions, this will suffice for now..thanks again Matt..

sorry.. did not mean "suing" SHbby Tomato.. I meant "using".. ..they really need to allow us to edit these posts..haha.

"I just went back to using Family Shiled DNS and set my router how I had it.."

And you have deleted your network at  https://dashboard.opendns.com/settings/ ?  Else you will still use your individual settings in addition!

"another issue I am having is with Youtube.. it won't open properly for me even though I also have it in the whitelist.."

Youtube is Google and therefore uses a lot of Google owned domains, and therefore it is still blocked, at least major parts hosted on Google's domains.
Again, you cannot block or allow "sites" with OpenDNS, just domain names.

"The reason I had to add mail.google.com is because gmail was being blocked."

In conjunction with your Youtube issue it looks like you added google.com quite late, before www.youtube.com and after mail.google.com, because google.com covers mail.google.com and also many (but not all) Google owned domains used by Youtube.

I had setup google safe search on my router that has Tomato as I stated previously here..it was working fine until today.. now, I get the gray bar at the top of the browser that says SafeSearch is forced on my network..but I can still search for pornographic words..before it would block the searches.. I have not made any changes.. Not sure why it stopped working all of a sudden...any ideas?

OpenDNS being a DNS service it does not care about content on a website, including searches, it only cares about domains.

If you are able to get to the google search page then OpenDNS is doing what it's supposed to, i.e. doing DNS lookups and blocking or allowing designated categories or domains. Any changes in searches done by Google would be changes at Google itself, rather than OpenDNS.

I understand that.. I am referring to the subject of this thread which is Eforcing SafeSearch on the network. - It was working fine for a few months until today.. what I mean is for example, if I open google.com and type "boobs".. nothing will be generated because SafeSearch is forced on the network via the router and would filter such words. - but now, starting today, I  have to type "big boobs" in order for the SafeSearch to kick in... it seems now it requires 2 words instead of one. - Im thinking maybe they changed their filtering?

SafeSearch is already enforced on your network, as you've already said (which is a function of how you've configured your router, not a function of OpenDNS). If Google changed their filtering on how their SafeSearch works you need to take it up with Google, not OpenDNS. OpenDNS has absolutely nothing to do with SafeSearch other than providing the information that Google provides in order to set it up.

Ok.. I came here because this is an OpenDns thread titled "How to: Enforcing Google SafeSearch" -

I never said SafeSearch is part of OpenDns.. I simply came back here wanting some help because there is a THREAD about it here... I have also posted my question at google, but the did not respond, so I figured maybe someone here could be of help.

Hi Alexander..

One thing i noticed is the SafeSearch is not as strict as it used to be... for example, if I search for the word "porn" in images, I get reults, but not so explicit vs searching with SafeSearch OFF. Maybe Google changed their filtering? - I have also noticed that the option to select Strict or Moderate is not avaliable, you can only turn SafeSearch ON or OFF.

I do not have a DNS Server or local proxy server. So I was having the same difficulty others have been having in enforcing google safe search. 

But I found a solution:

I am using Open-mesh wireless for the network. I created a file: custom.sh with the following code:

#!/bin/sh
# enforce google safesearch
echo "www.google.com 216.239.38.120 " > /etc/hosts

# restart the dns server to apply the settings
/etc/init.d/dnsmasq restart

I saved that file to onedrive, and got a link that I then put into the network setup box for custom.sh files.

Now, all users on the network are using Google Safesearch. (Granted, I did not use all of the google country specific url's)

Hope this helps others out there

"Hope this helps others out there"

No, it doesn't but causes damage.  Please do not post such rubbish going further.  :(

" echo "www.google.com 216.239.38.120 " > /etc/hosts "

This looks pretty inaccurate.  You purge the whole content of your hosts file with this wrong entry.  Same you could simply delete the hosts file with the same effect.

It should look like this:

   echo "216.239.38.120  www.google.com" >> /etc/hosts

@rotblitz...

where in the router can I input the host file? and where do I input " echo "216.239.38.120  www.google.com" >> /etc/hosts"?

I am not entirely sure if the way I have mine setup is the correct way, all I know is that SafeSearch is working, not as strict as before (but that is Google's rules) but it's working.. all my wireless clients are getting the message saying "Your network has turned on SafeSearch to filter explicit content." - and it's working, but I would like to know if what I  did was correct...thanks.

The method that secefbc shared seems to be specific for a specific piece of hardware or service. Without knowing what router you are using there's no way to know whether you could use it or not. Unless someone here has specifically used the same hardware as you you'd probably need to take the "solution" to a support forum for that router or firmware and ask how to implement it there.

We don't know how you set things up, so we have no way of knowing either if your setup is correct. However, the fact that you are getting that message is an indicator that whatever you did is working.

@magdiel1975

Didn't you recognize that my message was in response to secefbc, not to you?  To answer your questions nevertheless:

"where in the router can I input the host file?"

You cannot "input the host file", the hosts file should be there already.  But no idea if your "Tomato by Shibby firmware on my E2000 router" has a hosts file at all.
This is what I found: http://ubuntuforums.org/archive/index.php/t-1414245.html
In case it is UNIX based, then it will be most likely in /etc/hosts has outlined by secefbc too.

"and where do I input " echo "216.239.38.120  www.google.com" >> /etc/hosts"?"

This would be on the terminal window of the router then if it has one accessible at all.  You had to open it via telnet or SSH.

"I am not entirely sure if the way I have mine setup is the correct way"

You said you configured it on your DNSmasq settings.  So that should be fine.  If you want to prove it on the end user devices, then you enter:

   nslookup www.google.com.

...which should return 216.239.38.120

"Didn't you recognize that my message was in response to secefbc, not to you?"

Sorry, I don't really know where that is coming from.. I was just asking you a question and did not mean to intrude in the response you gave to someone else.

My point is that, SafeSearch is woking as I have stated before..my main issue is that I cannot add all of Google's addresses because my router does not have enough memory. So, I am trying to figure out how to be able to add more addresses. I apogoligize for my thick skull, it's just I am trying to learn and I know I can frustrate others with my questions.. But, thanks to those of you for kindly responding to my nonsense.

"I cannot add all of Google's addresses because my router does not have enough memory."

Then go for the hosts file solution if your router has a hosts file.  You can also apply this solution on most end user devices.

Thanks Rotblitz...

I was able to add the host scrip to the router and was able to include all google's domains. - Now, I am working on a different horse, which is how to block https as my router can only block http, but that's for another forum..thanks again.

Okay people I have figured it out,

Three easy steps.

First use opendns to block all the stuff you would want to stay outta your CPU. Nudity, Sex, etc. etc. but most important SEARCH ENGINES. Why because they connect you to this content, its not 1996 where you have to memorize every domain name, these search engines function to take you to these places. BUT enabling only google.com, forcesafesearch.google.com and gmail drive etc. etc. will make the interwebs usable.

Next you use your OWN HOME OR NETWORK router to DNSMASQ for your network and redirect addresses in DNSMASQ which is only enabled on DD WRT (under services) and other power user routers.

MANUALLY ADD: TO THE DNSMASQ

address=/www.google.co.uk/216.239.38.120
address=/www.google.ca/216.239.38.120
address=/www.google.fr/216.239.38.120
address=/www.google.it/216.239.38.120

TO THE SAFE SEARCH ON GOOLE which is 216.239.38.120 your router must have the option for you to configure DNSMASQ with these rules. In combination with Opendns THIS IS THE BEST ITS EVER GOING TO GET, and it works very very well, so far. Until google changes its safe search.

In conclusion block all the things you wish with OpenDNS (search engines is must) than use DNSMASQ to redirect to the search engine google you have enabled but only under the condition it runs safe search on the network. DONE. 

Don't forget to clear your DNS cache (windows history kinda) on the command line of WINDOWS. Open cmd, type ipconfig/flush dns. SEARCH dns cache flush on google if you don't know how to do this. Clear all your browser stuff as it work won't until this is done.

@ooomm

Is better if you add a script to Init like this...look at the image.. I could not add the code here because it didn't let me so I look a snap shot of it.

This way, you don't have to add anything to dnsmasq and you include all of Google's domains..you way only forces safe search to 4 domains.

Note that on the photo I uploaded only a portion of the domains show.. not sure why I am not able to add all of the domains in this comment..but just look for them and add all to the list.

here you go..

tlds="com ae af ag off.ai am ar as at au, etc.. just add the rest here "

mkdir -m 777 -p /tmp/etc/dnsmasq/hosts

{

for tld in $tlds

do

echo "216.239.38.120 www.google.$tld"

done

} > /tmp/etc/dnsmasq/hosts/safesearh.hosts

THINGS YOU'LL NEED TO KNOW TO DO THIS:

1. Use opendns to block all search engines except the enable safe search ones

2. How to install DD WRT and other custom power user router software, use youtube and you should be able to figure it out. Remember DNSMASQ is a feature of routing software it needs to be ENABLED. Do some research on this as this is the key part to redirecting to safe search on google. Using the command line in the DNSMASQ will redirect to the google you would like to use. 

The main part ENABLING DNSMASQ then redirected located under services in DD WRT and this is added in the box (command line) that says Additional DNSMasq Options

address=/www.google.co.uk/216.239.38.120
address=/www.google.ca/216.239.38.120
address=/www.google.fr/216.239.38.120
address=/www.google.it/216.239.38.120
address=/www.google.es/216.239.38.120
address=/www.google.nl/216.239.38.120
address=/www.google.com/216.239.38.120
address=/www.google.rs/216.239.38.120

3. Basic command line skills on windows to clear CPU dns cache 

ITS ALL FREE 

OKAY so the command line is the same on DD WRT? I just input that with the google variation and it should cover everything correct MAG75?

someone should really make this a program BTW hint hint nudge nudge...

Yup..

Once you add the script to Init.. remove whatever you have on dnsmasq and reboot the router... you'll be good to go.. then use OpenDNs to block all search engines and whitelist: (never block)

google.com

youtube.com

googleapis.com

ytimg.com

and you are done.

This is my version for DDWRT firmware I hope people get linked to this. Run on Start Up command with this code. Using magdiel1975 method which is the best on the web I have found. I have modified it to work on DDWRT which has slightly different directories. Mod if needed.

I have tried many times before to use DDWRT firmware on different routers, but I have noticed that it cuts my internet speed in half.. every time..different routers and different ddwrt versions.. so I always end up going back to Shibby Tomato and I really like it.

I would like to give you another tip.. I came accross an issue with Avast Secure DNS.. anyone who has Avast Secure DNS enabled on their computer will bypass your router settings which will cause OpenDns to NOT work. - This was driving me crazy because I could not find a way to block Avast DNS from doing that.. The folks here at OpenDNs have a thread that talks about that, but the only suggestion the OP has is to disable the feature.. Well, that does not help because if the user is someone that is visiting your house, you will not be messing with their computer and changing things..or at least shouldn't lol..

Well, I found a way to do this and is to block port 443 but ONLY UDP.. here is the iptable

iptables -I FORWARD -p udp --dport 443 -j REJECT

pop that in the firewall and reboot the router.. Avast DNS is blocked and the beauty of it is it won't affect HTTPS :)

oh and by the way.. if you create a guest account and don't want them to even be able to pull the Router's ui (settings page..you know 192.168.1.1)

pop this in the firewall and reboot....

iptables -I INPUT -i br1 -m state --state NEW -j DROP
iptables -I INPUT -i br1 -p udp -m multiport --dports 53,67 -j ACCEPT

happy times!

FYI: There's a new breed of of router that deal with the incognito loophole! They appear to implement something like option 3 described in this link: (https://support.google.com/websearch/answer/186669?hl=en) or perhaps append &safe=active at the router, and make it real easy. I found three: 1) Kibosh (www.kibosh.net) 2) Blocksi Router (http://www.blocksi.net/parental-control.php) and 3) pcWRT (http://www.pcwrt.com/).

Please, please, please consider distributing this information. It is appalling that 90% of parents are so completely unaware of what access kids have through incognito browsing.

Likewise, it's disturbing how unaware the general adult population is about 3g/4g smartphone access to porn is by minors. An outstanding solution for 3g/4g smartphones is 'comvigo'. It filters and blocks incognito without restricting many other features unnecessarily like funamo and other apps do.

First I'm a Mom - not a computer wiz - but I think Google might have finally answered with a Safe Search Lock for Network Administrators here:  https://support.google.com/websearch/answer/186669?hl=en

I Googled forcesafesearch.google.com IP and found this Google support page.  All I had to do was click on Search Settings; Turn On; Lock Safe Search.  Then Sign into Google with username and password.  Click "Lock Safe Search" again.  Got message "Safe Search is locked across all Google domains."

Tested it and it works!  :-)

First I'm a Mom - not a computer wiz - but I think Google might have finally answered with a Safe Search Lock for Network Administrators here:  https://support.google.com/websearch/answer/186669?hl=en

I Googled forcesafesearch.google.com IP and found this Google support page.  All I had to do was click on Search Settings; Turn On; Lock Safe Search.  Then Sign into Google with username and password.  Click "Lock Safe Search" again.  Got message "Safe Search is locked across all Google domains."

Tested Google Images and it worked!  Finally!!  :-)

The method you describe only forces safesearch for computers, browsers, and profiles that are signed into a Google account where this has been turned on. It has to be done in advance for each combination of computer, browser, and profile. It in no way is capable of automatically forcing everything on the network that access Google to use SafeSearch, especially newly introduced devices that IT does not control. In order to bypass this method all that someone has to do is sign out of Google or use a browser that has not been pre configured. Basically it's useful for someone who doesn't accidentally visit something they don't want to see, but it can't force someone not to go somewhere they want to go.

The second option is a little better, but again can be sidestepped by logging out of google or using a different browser.

Basically these two options are useless if someone wants to get around SafeSearch.

The third option is the same discussed in the first post in this thread, and is the only way you can force anything on the network to use SafeSearch where the user does not want to use it. Basically nothing new here.

Thanks Matt!  So are you saying to add:  216.239.38.120  to my router's Static DNS 3 spot?

If so, then that's easy!  :-)

And I think I blocked Bing and Yahoo on the Open DNS "manage individual domains" area.  I really wish all these great suggestions were put on one page!  It took me many hours to find this thread.  The other threads I was directed to, ended a long time ago. 

"So are you saying to add:  216.239.38.120  to my router's Static DNS 3 spot?"

Oh no!  Don't even think about that!  This is not a DNS resolver address, but the IP address of forcesafesearch.google.com.

No, that's not at all what I was saying.

In the first place, if you were to add a non-OpenDNS address to your DNS configuration you would make OpenDNS since at least some of your queries would be going to a different service. In the second place you'd make your own DNS lookups unreliable since that address isn't even a DNS server.

The point of my post was that you completely misunderstood the posting that you linked to. Following the steps that you said you followed it is impossible to force everyone on your network to use Google SafeSearch, only those who proactively take steps to do the same things will be affected by it. It would be trivial for anyone to ignore or sidestep those settings.

The only way to force Google SafeSearch on every user, device, and browser on your own network is to follow Option 3 in that article. That's what I was saying.

Ok guys - thanks.  I've decided to only do the Family Shield with general Google Safe Search.  I am not a Computer Technician.  My hats go off to those of you who are.  But I'm not spending more time on this.  My son's iPhone has Restrictions.  We have Sprint with Parental Controls.  And I've installed Open DNS Family Shield on the Router for his gaming systems.  I have probably done more than most parents.  Now the rest is up to him to decide if he wants to mess up his life by getting addicted to porn - or not. 

In the end, isn't that we all have decide anyway.  Thanks again.  :-)

Family Shield is a good addition, and definitely far more than most parents do. Just be aware that you still won't have the ability to force anyone or any device to use Google SafeSearch, and even if you do configure it on a computer it can easily be bypassed.

I had a similar goal as described above where I wanted to use OpenDNS to restrict content, porn, etc. but keep search engines available to my kids as they are valuable and educational tools for developing minds once you can get rid of the dangers.  I also had the problem of being able to pull up nude images via Google image search even after blocking content on Google web.  I found kidzsearch.com is a forced Google Safesearch.  You can block all search engines as described earlier and whitelist kidszearch.com.  You just have to tell your family to use that site for searches.  If anyone discovers how to redirect search engines to this clean site (or the equivalent result) post it here.  it would be great if the Manage Individual Domains area on the OpenDNS Web Content Filtering page had a third option called 'Redirect' or something similar in addition to the 'Always Block' and 'Never Block' values.

The problem here is that kidszearch.com does not exist.  However, there are kidssearch.com and kidzsearch.com.  Not sure which one you meant.

"If anyone discovers how to redirect search engines to this clean site (or the equivalent result) post it here."

This is common knowledge.  You do this kind of redirection with running an own DNS server.  Some routers may support this DNS server feature too.

In case of kidssearch.com also a line like the following in the local hosts files would help:

   173.254.52.108  www.google.com

This trick does not help with kidzsearch.com, because these use virtual hosting, sharing the IP address.

"it would be great if the Manage Individual Domains area on the OpenDNS Web Content Filtering page had a third option called 'Redirect' or something similar"

This is something OpenDNS definitely will not do, because it would open lots of security holes, exactly counterproductive to what OpenDNS is doing.

Thanks for the info.  Yes, I meant kidzsearch.com--a search site which provides Google safesearch results which are taken a step further from what I have been able to tell so far.  I spelled it correctly the first time I used it in the post and incorrectly the second time.  Unfortunately, no editing after post.  Looks like the method I am currently using then is the best for what we are looking for since a personal DNS server will not redirect to kidzsearch.com according to your response.  It's hard to believe parents have to go to such extremes to protect their kids from idiots these days.

"...since a personal DNS server will not redirect to kidzsearch.com according to your response."

You must have misunderstood what I wrote.  I said: "You do this kind of redirection with running an own DNS server."
A personal DNS server is indeed the solution for what you want to achieve.

So, I have been trying to forcesafesearch in conjunction with using opendns. I use an asus router with merlin firmware. I have set it up to use opendns for dns filtering. In addition, I added an entry to the dnsmasq to add a cname to point www.google.com to forcesafesearch.google.com and of course added an entry to the hosts to identify the address of the forcesafesearch.google.com address. These two things seem to work independently, but if I set both, the dns filtering via opendns seems to prevent me from setting a local cname for www.google.com to point it to forcesafesearch.google.com. I thought I should be able to do both of these things. Got the idea from here: https://support.opendns.com/entries/57304954-How-to-Enforcing-Google-SafeSearch

Advice / thoughts appreciated. FYI, I posted a similar question on snbforums, just saying for transparency...

"and of course added an entry to the hosts to identify the address of the forcesafesearch.google.com address."

Why would you do this at all?  The CNAME solution is the one advised by Google.  The hosts file tweak is a workaround only for those who do not have an internal DNS server.

"the dns filtering via opendns seems to prevent me from setting a local cname for www.google.com to point it to forcesafesearch.google.com."

Why do you think that DNS filtering prevents you from configuring a CNAME locally?  Any evidence for that?

"Got the idea from here"

Yes, you're referencing the current thread number 57304954.  Didn' see?

"Why would you do this at all?"

Because I do not have an internal DNS server..that's why.

1) Is it possible to add a dnsmasq optin like address=/www.google.*/216.239.38.120?

2) In https://help.bingads.microsoft.com/apex/index/18/en-US/10003 I am trying address=/bing.com/strict.bing.com

3) In https://support.google.com/youtube/answer/6214622?hl=en I am trying address=/youtube.com/restrict.youtube.com

@n8atkinson Where do you want these options added? If you want OpenDNS to add them for you, it is not the kind of thing that they do as they are essentially a recursive DNS service with additional recursive related features and options added to that. They are not an authoritative DNS or dnsmasq service provider which seems to be what you are trying to work with. For dnsmasq functionality you should consult a dnsmasq site, or a support forum for your own router and/or router firmware (since the firmware may be 3rd party and not what your router manufacturer provides).

Hi, I was referring to some of the previous posts where address=/www.google.com/216.239.38.120 is added to a router's dnsmasq in dd-wrt (which I use) instead of using cname.

Update, after using checking with ping I am trying address=/www.youtube.com/216.239.38.120 and address=/www.bing.com/204.79.197.220 but they don't seem to work.

Then you need to visit the DD-WRT support forum. This forum can tell you what you need to accomplish, but since it's not a support forum for those 3rd party tools, it can't very well also teach you how to use those tools.

If the specific IP addresses don't work for you you'll need to visit the updated Google pages where this all came from since this is their solution that OpenDNS is passing along.

I'm also pasting the note from the top of this page that discusses this "This solution is provided 'as is' and is an implementation that has been provided by Google. OpenDNS is unable to support this solution directly as it does not involve any OpenDNS software."