Domain blocking at certain times of the day only

Not planned

Comments

65 comments

  • Avatar
    cervezafria

    "i gave my son a linux machine locked down with an admin password"

    Well, I do know teens... you're ahead of 97% of the family users here. Most have Win machines and allow their kids full admin rights. Be sure your browser's manual proxy settings are inaccessible outside of root. or otherwise blocked by squid.... then there are virtual discs running from live cds that you have to contend with... There are lots of ways to leap that fence.

    -1
    Comment actions Permalink
  • Avatar
    sjnairn

    cervezafria, you post dated June 07, 2013 12:40 is disappointing to say the least. A legitimate request in my eyes - you allow your children xMinutes per day (a set interval eg: 19:00-19:30), to visit youtube, supervised. This would unquestionably be an excellent addition.

    1
    Comment actions Permalink
  • Avatar
    rotblitz

    "A legitimate request in my eyes"

    Sure, therefore this feature is there already.  So use it!

    If you thought OpenDNS might do it without router support, then this is indeed legitimate, but technically impossible.
    See also https://support.opendns.com/entries/21809639-Add-a-day-based-filtering-feature-

    -1
    Comment actions Permalink
  • Avatar
    maniktala

    The impression that I get from reading this whole thread is that Kristian's initial request is pointless (especially from cervezafria's comments). I think this is a great request idea (it seems there may be caching issues to work out). It seems perfectly logical that you would block streaming sites (as not to use up bandwidth) during business hours, but allow them after hours for end users working late on a project. It also seems employee friendly to allow facebook only over the lunch hour. I can go on with many ways to customize a time based filter for both the home and work environment that have practical purposes. I think OpenDNS should continue efforts to make this a feature.

    1
    Comment actions Permalink
  • Avatar
    cervezafria

    @maniktala.... There's nothing I posted here to suggest that Kristian's initial request was "pointless", so please tone down the libelous rhetoric. I do find it amusing that so many demand additional features from services such as this one, for which they are paying zero.

    You've now injected the terms "business" and "employee" ...from that I would infer that you are using OpenDNS' Umbrella service, as surely you would not use a "free" family product in a business environment. That said, your post has nothing to do with this thread, and is OT. I suggest you (re)read Brian's post. It's quite clear on topic.

    -1
    Comment actions Permalink
  • Avatar
    johnsmith99

    I get that it wouldn't work perfectly, although I don't understand why because I am able to implement domain restriction changes rather quickly and have them work on the computer most of the time, but why not just release this as a half-working beta function?? Most users are talking about blocking casual Facebook browsing, not illicit porn, so it seems like a harmless improvement that can only aid productivity even if not in full. I for one would like the option from the DNS end. It's not like DNS is foolproof content blocking anyways. Please reconsider adding this feature set. 

    1
    Comment actions Permalink
  • Avatar
    rotblitz

    Did we mention that this feature exists? So use it! Why reinvent the wheel?

    -1
    Comment actions Permalink
  • Avatar
    johnsmith99

    Can you tell me how to access this feature? I'm talking about time restrictions DNS side, not the local client, not the roaming concept? Maybe I don't know the OpenDNS dashboard well enough. If it is via a local client automating DNS side changes, where can I download this client?  

    1
    Comment actions Permalink
  • Avatar
    johnsmith99

    Thanks for helping. I did not intend to make you feel exasperated.

    1
    Comment actions Permalink
  • Avatar
    rotblitz

    See http://www.opendns.com/support/article/125

    This is what OpenDNS did to support on a per-user basis or schedule based filtering a longer while ago already.  They will not create anything else in addition.  Therefore this thread is already flagged as Not planned

    -1
    Comment actions Permalink
  • Avatar
    threehappypenguins

    I have an idea? Anybody good with programming? Why not create a forum spambot to do what many of us are doing manually? Since OpenDNS does not want to implement a time restriction feature on the OpenDNS cache because they are afraid of complaints of inconsistency to do the need for DNSflush and caching, etc, then why not have a robot to the manual job?

    I'm guessing the best way would be to make it server side so a program is not need to run on a local computer to get the job done. The robot program can be uploaded to a webhost. Accounts can be made, and the user can enter which categories they want the robot to block and at what time. As well as whitelist and blacklist exceptions that are time based as well.

    I brought up the idea here, and I am still waiting for a response: http://superuser.com/questions/691963/forum-spambot-for-changing-opendns-settings-on-a-timer

    I'm willing to learn code to do it myself if I have to (I have a little bit of experience in website building...). If anybody can point me in the right direction, that would be great!

    1
    Comment actions Permalink
  • Avatar
    tnhills

    I FOUND A SOLUTION!! LEACHBLOCK add it to your FIREFOX browser. This will let you block time leeching web sites like youtube, facebook, & ebay during specified hours.  I really like firefox which has allowed me to block ads on any page.  I used the add-on ad block plus for that.  If you dont have firefox just google it it is free and so are the programs mentioned!!!

    0
    Comment actions Permalink
  • Avatar
    tmckee0601

    I am amazed at the snide openDNS staff comments on a legitimate request that many have indicated would be useful. If it's a caching problem, so what.. let us as the end users deal with that minor problem. We have everything blocked and whitelisted Pinterest, but it still links to user pages that are hosted on questionable sites that are 80% of the time blocked. My wife wants everything unblocked during the day while kids are in school so she can use Pinterest without any glitches and the time based option seemed like a good solution, but unfortunately this seems like a dead end so I'll have to go to the router. Disappointing!

    1
    Comment actions Permalink
  • Avatar
    rotblitz

    "I am amazed at the snide openDNS staff comments on a legitimate request"

    I think you're confused.  The only staff member having commented in this thead was Brian Hartvigsen on July 03, 2013, and his comment was far from being snide.  Or do you think it was?  Or do you refer to a different thread and have entered your message mistakenly here?

    -1
    Comment actions Permalink
  • Avatar
    mistervapor

    WOW...I came across this thread while looking for a way to use OpenDNS to block my kid from accessing certain website at specific times of the day after being told the OpenDNS could do that.  It was never suggested that I would need to buy a new router to do this.  

    Since I have a little bit of IT experience, I think I could handle getting a router setup on the home network side of my FIOS router but I would bet the average parent would have no clue how to setup a second router to handle these rules.  Before some gets smirky with me and says "hey idiot, use the parent controls in you FIOS router..." that router is too easy to circumvent.

    I'm not seeking advice from anyone here, I just wanted to chime in as well as say I am surprised how snide people are when someone makes a relatively innocuous request...one I would be more than wiling to pay a monthly fee to use.  I dunno, seems like an opportunity more than an obstacle.

    Take care

    1
    Comment actions Permalink
  • Avatar
    rotblitz

    "a way to use OpenDNS to block my kid from accessing certain website at specific times of the day after being told the OpenDNS could do that."

    "After being told" - who was that?  That was simply wrong information!  Certainly not from an authorized side...

    -1
    Comment actions Permalink
  • Avatar
    davidlev

    My Actiontec modem, under advanced setup, provides service blocking (ie, instant messaging), access scheduler (time of day by IP or the whole LAN side), and website blocking (can add more sites than the 50 'always blocked' offered by OpenDNS). It does not offer content filtering by category, which is why I went with OpenDNS.  Neither my modem or OpenDNS does keyword filtering, however, so like many of you, I'm looking into other options to augment the tech I own. I'd really like to learn more about Umbrella from a human, but my support/sales email has been unanswered for a few days.

    1
    Comment actions Permalink
  • Avatar
    r2spongebob

    I agree that this would a great feature.  Maybe I would like to block MineCraft domains to stop the kids from playing games.  And limiting the number of applications I used to just one system/site.  (Like using OpenDNS)

    1
    Comment actions Permalink
  • Avatar
    stevefal

    Create a couple batch files and run them on a schedule using Task Scheduler (Windows). Use your normal DNS address(es) during unrestricted times and OpenDNS during restricted times. Flush DNS cache whenever you make the change. Something like this (not debugged):

     

    netsh interface ip set dns "Local Area Connection" static 192.168.0.200
    ipconfig /flushdn
    0
    Comment actions Permalink
  • Avatar
    proteanthread

    why not keep the weekends separate from the weekdays, for obvious reasons?

    1
    Comment actions Permalink
  • Avatar
    funksobruva

    I'm interested in this topic also, because I have a complicated home setup. Since our house appears to be built in and around granite (or lead), our wireless signal is poor. I have a wireless router and 2 APs in action to provide decent signal to 3 floors. I surely do not want to have to mess with all 3 devices when I set time-based rules for my kids (especially since the Verizon FiOS router has control panel functionality designed by, well... Verizon). I was hoping to read about OpenDNS' features that would sell me on the product. The wireless is DHCP, so I assumed I could specify devices by mac address. Anyone have ideas?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    These "time-based rules" and "specify devices by mac address" are all local things by their nature and cannot be covered by a cloud and DNS based service like OpenDNS.  So, if your router can't cover these areas, you've got the wrong router.

    At least my router (ISP supplied AVM product) supports time-based, week days and MAC address based WLAN access control and also other rules for blocking certain or all ports to the internet for certain devices at certain times and week days.  OpenDNS is another layer of access control and security protection for me, in addition to what my router allows.

    -1
    Comment actions Permalink
  • Avatar
    mattwilson9090

    If you want to apply different sets of rules to different devices on the same "network" (network here being the network defined by OpenDNS setup) you'll need to purchase on of the OpenDNS Umbrella products. The free product would apply the same set of rules to all devices on the same network that are using OpenDNS. Since MAC addresses are not routed over the internet or used in DNS you won't be able to differentiate things that way.

    The free product doesn't allow any sort of time-based rules, but I think Umbrella might. Take a closer look at that and all the other features that Umbrella provides you.

    An alternative option is a family of routers made by Netgear (I think that's the company) that uses it's own rules, and a number of other features that leverage OpenDNS for some of it's functionality. I think that device is mentioned in this thread so you should be able to find it pretty easily.

    I do hope that you're using that Verizon "router" as essentially a modem, and have provided your own router that is regulating all of your perimeter functions. Regardless of what router you are using, the AP's should only be providing WiFi functionality and should be connected (wirelessly or wired) to your router first. By making sure all of the traffic on the AP's goes through that router you should only need to manage all of your security and other settings at that one point.

    BTW, using MAC addresses to control security or access to network resources is pretty useless since it's trivial to spoof MAC addresses and choose a different one or masquerade as another device with a "good" MAC address.

    0
    Comment actions Permalink
  • Avatar
    funksobruva

    Believe me, the minute my kids can spell "mac spoofing", I'll worry.

    I've used D-links, Netgears, and now I have an Asus RT-N66U, and every single parental control panel screen has deficiencies. I had the Asus as my primary router, but I refuse to buy more devices in this endeavor (using the RT in AP mode, have another Asus device as repeater-only, plus a Ubiquiti long-range AP. Oh, and a couple switches). Therefore, I have actually turned on the SSID and am using the Verizon (newer N model).

    All I need is to be able to setup time-based rules for my kids multiple devices (xbox, laptops, iPods tablets), different rules for weekday/weekends/solitary confinement mode. In AT LEAST 30-minute increments. Batch processing (i.e., add xbox/wii/blu-ray player in a group, and label it: "Basement" to avoid having to change a time for 3 different devices on the fly).

    Is that too much to ask??? 8-)

    1
    Comment actions Permalink
  • Avatar
    rotblitz

    "Is that too much to ask?"

    No it isn't too much, but definitely the wrong place.  Didn't I say that these "are all local things by their nature and cannot be covered by a cloud and DNS based service like OpenDNS"?  You have to ask the router suppliers for such features.  Or you need to look for a proxy server software being able to handle this and run the proxy server yourself.  It's your choice.

    -1
    Comment actions Permalink
  • Avatar
    stevefal

    No , you said that "time-based rules" and "specify devices by mac address" are local things, of which only the latter is true. I don't see why you're so intent on asserting the impossibility of a solution. What's your stake in shutting down the conversation?

    OpenDNS rules are applied to selected machines through a combination of statically configured DNS addresses on the target machines and DNS server detection of originating IP address. The server could maintain a DNS address pool to provide a selection of rule groups, and the service could implement rule sets that are swapped on a user set schedule, adjusted for time zone.

    1
    Comment actions Permalink
  • Avatar
    rotblitz

    "you said that "time-based rules" and "specify devices by mac address" are local things, of which only the latter is true."

    Why are "time-based rules" not local, but to be done in the cloud?

    "OpenDNS rules are applied to selected machines through a combination of statically configured DNS addresses on the target machines and DNS server detection of originating IP address."

    The facts are that OpenDNS (or any other DNS service) sees the public IP address of your network.  Where should the remaining information come from, "statically configured DNS addresses on the target machines" and "DNS server detection of originating IP address"?  Don't say that this is OpenDNS' problem!  You have to come up with a technically feasible solution within the existing internet standards for the DNS protocol!  If you wish a tree to fly, you have to provide the solution.

    "What's your stake in shutting down the conversation?"

    Because you want the trees to fly which isn't possible.

    -1
    Comment actions Permalink
  • Avatar
    stevefal

    Before sticking your neck out too far, briefly consider the remote possibility that you're missing something.

    I suggest that anyone able to consider all the facts and wishes dispassionately continue toward a viable suggestion for OpenDNS. It is OpenDNS, of course, who will decide whether to pursue any of this.

    My proposal is straightforward. I admit that it may have flaws I haven’t considered:

    Background:

    - OpenDNS applies rule sets based on client IP address

    - OpenDNS is already imperfect for critical scenarios due to DNS caching and workarounds

    - However, OpenDNS is “good enough” for many users, as evidenced by its use

    - Some customers would like the rule sets to be scheduled, in order to avoid manual work, e.g. kids’ weekend use

    Minimal Solution:

    - for a single household with one governed subset of clients, each governed client is configured statically with OpenDNS DNS address. (This is how I use OpenDNS, not in my router)

    - OpenDNS implements a schedule, based on the user’s time zone, that switches the rule set on and off. This schedule replaces the Saturday morning, “Daddy, can you turn the Internet back on?”

    Alternate Rules Solution:

    - Instead of turning the rule set ON/OFF, OpenDNS allows switching between two rule sets, e.g. set #1: (-gaming, -social, -porn), #2: (-porn).

    Multiple Groups Solution:

    - OpenDNS supports multiple DNS addresses that can be configured into multiple household client groups, for unique rule sets and schedules, per above.

    Of course all this is subject to actual design details, engineering constraints and OpenDNS' desire to address the market need. I personally would consider paying for even the minimal solution above.

    1
    Comment actions Permalink
  • Avatar
    funksobruva

    As would I.

    0
    Comment actions Permalink
  • Avatar
    cervezafria

    @stevefal...

    1. When ODNS would cut the internet off to the kids, it would also be cutting the net off for mom & dad, and everyone else, as well as all net appliances Roku, TiVo, Apple TV...). Sounds impractical. You could just use a household timer to power off the router and get that level of granularity.
    2. As rotblitz succinctly put it, ODNS has no way of reaching your internal household IP addresses, not would you want to give that kind of access to anyone. Otherwise you might as well turn off all you firewall and hope for the best. Unless you have multiple independent modems accessing the net, all your household DNS calls are seen by ODNS as coming from a single source.
    3. This thread is well over a year old. ODNS has no skin in this game, other than to offer a board for its users to let of steam, and point out why one another are wrong. Even if you could convince everyone here of a foolproof way to implement what you are asking, it would never happen. ODNS is ODNS. You might as well go after Microsoft and Apple and the dozens of router manufacturers with your request... or build it yourself.

    Good luck.

    -1
    Comment actions Permalink

Post is closed for comments.