VPNs AND TOR

Follow

georgebown

August 20, 2017 07:37

would it be possible to have a category added that would make it easier to block VPN providers and Tor download sites.

0

• 

  rotblitz August 20, 2017 10:57 (Edited August 20, 2017 21:34)

  These fall under the existing Proxy/Anonymizer category. Missing domains in that category? 
  Here you go: https://community.opendns.com/domaintagging/submit/

  -1

  Comment actions Permalink
• 

  slspinner December 03, 2017 20:32

  There are just too many VPN providers. I use OpenDNS to try and limit my childrens access to some content but even with this category checked they just find another VPN provider to tunnel their way through. I think those of us wishing to exercise some parental control have lost.

  0

  Comment actions Permalink
• 

  rotblitz December 04, 2017 06:50

  Then you must participate more in the community tagging system instead of waiting for others to do it for you.  https://community.opendns.com/domaintagging/submit/

  0

  Comment actions Permalink
• 

  slspinner December 04, 2017 12:57

  That's missing the point. OpenDNS is a valuable tool but tagging the websites only goes so far. DNS servers can be bypassed by some of the tools that our teenagers use. For example a simple browser extension allows access to filtered sites by using a URL link. I was just posting this to make it clear that OpenDNS or other filtering services can be relatively easily bypassed.

  0

  Comment actions Permalink
• 

  rotblitz December 04, 2017 17:39

  You're missing the point too.  OpenDNS is not "a valuable tool" but foremost a recursive DNS service.  Beyond that most important function it can also be configured to return different IP addresses for certain domains or categories of domains and to collect your network's DNS activity to present it in logs and stats.  That's it, and that's all!

  And now:  It is solely your responsibility to ensure that your DNS traffic goes only to OpenDNS' DNS service.  OpenDNS has no way to control what you do with your DNS traffic.  They cannot do anything for you if you don't send your DNS traffic to them.

  Especially, the case of "DNS servers can be bypassed by some of the tools" falls under your responsibility, because exactly this means that you don't send your DNS traffic to OpenDNS, but to another DNS service.  Therefore agreed "that OpenDNS or other (DNS based) filtering services can be relatively easily bypassed" if you don't take measures to redirect all DNS traffic to the DNS service of your choice.

  A first measure would be to not provide your kids with Administrator rights on the devices they use, but just with regular user rights which prevents them from installing things like VPNs and prevents them from re-configuring their network settings.  Another measure would be to block all port 53 (DNS) pass-through on the router, but just allow the router's IP address as DNS resolver address, ideally propagated by your DHCP server (on the router).  There are more measures I could think of, like blocking IP address ranges, ports and protocols on the router which are known for circumvention methods, and even more.  I use all of them in my networks, with full success.  So no, I did not lose control over anything in my network, whether parental or otherwise.

  0

  Comment actions Permalink

Please sign in to leave a comment.