Comments

5 comments

  • Avatar
    rotblitz (Edited )

    These fall under the existing Proxy/Anonymizer category. Missing domains in that category? 
    Here you go: https://community.opendns.com/domaintagging/submit/

  • Avatar
    slspinner

    There are just too many VPN providers. I use OpenDNS to try and limit my childrens access to some content but even with this category checked they just find another VPN provider to tunnel their way through. I think those of us wishing to exercise some parental control have lost.

  • Avatar
    rotblitz

    Then you must participate more in the community tagging system instead of waiting for others to do it for you.  https://community.opendns.com/domaintagging/submit/

  • Avatar
    slspinner

    That's missing the point. OpenDNS is a valuable tool but tagging the websites only goes so far. DNS servers can be bypassed by some of the tools that our teenagers use. For example a simple browser extension allows access to filtered sites by using a URL link. I was just posting this to make it clear that OpenDNS or other filtering services can be relatively easily bypassed.

  • Avatar
    rotblitz

    You're missing the point too.  OpenDNS is not "a valuable tool" but foremost a recursive DNS service.  Beyond that most important function it can also be configured to return different IP addresses for certain domains or categories of domains and to collect your network's DNS activity to present it in logs and stats.  That's it, and that's all!

    And now:  It is solely your responsibility to ensure that your DNS traffic goes only to OpenDNS' DNS service.  OpenDNS has no way to control what you do with your DNS traffic.  They cannot do anything for you if you don't send your DNS traffic to them.

    Especially, the case of "DNS servers can be bypassed by some of the tools" falls under your responsibility, because exactly this means that you don't send your DNS traffic to OpenDNS, but to another DNS service.  Therefore agreed "that OpenDNS or other (DNS based) filtering services can be relatively easily bypassed" if you don't take measures to redirect all DNS traffic to the DNS service of your choice.

    A first measure would be to not provide your kids with Administrator rights on the devices they use, but just with regular user rights which prevents them from installing things like VPNs and prevents them from re-configuring their network settings.  Another measure would be to block all port 53 (DNS) pass-through on the router, but just allow the router's IP address as DNS resolver address, ideally propagated by your DHCP server (on the router).  There are more measures I could think of, like blocking IP address ranges, ports and protocols on the router which are known for circumvention methods, and even more.  I use all of them in my networks, with full success.  So no, I did not lose control over anything in my network, whether parental or otherwise.

Please sign in to leave a comment.