option to block the webpages silently

Comments

27 comments

  • Avatar
    rotblitz

    An own block page and behavior is available with Enterprise versions only.

    "Then he went on the google and search "how to get rid of opendns" and thats it!"

    LOL.  No, that's not it!
    It's your fault.  Your son seems to be administrator on this computer, else he would not be able to "get rid of OpenDNS".  If he's really admin, why do you worry about anything at all?  You already gave every control out of your hands, even if he couldn't disable the use of OpenDNS.  OpenDNS is not to compensate your faults.  You guy must fix it, not OpenDNS!  There are no alternatives if you don't do your homework first.

    "I am willing to pay for that "silent discard" service."

    There are things in the world no money can buy.  Even if you bought an Enterprise version, an admin on a computer may still be able to circumvent it.

  • Avatar
    Chris Frost

    OpenDNS VIP and Enterprise accounts offer custom block and guide pages. However, if someone is determined enough, they can figure out that you're using OpenDNS. 

    Most operating systems do allow you to change the network settings on the local computer such that they bypass the DNS settings configured on the router. With that said, there are two ways in which you can prevent users on your network from bypassing OpenDNS:

    1) Configure your users to use only Guest/Limited accounts on their computers. This way, they will not have administrative access to change the network settings on their machines.

    2) You can obtain a router with the ability to force all DNS traffic over port 53 on the router, thus requiring everyone on the network to use the DNS settings defined on the router (in this case, OpenDNS). Unfortunately, this is not something we resources to assist with determining or configuring. You may want to check your router documentation or contact the manufacturer to see if this is possible with your device.

     

  • Avatar
    howardcorp

    The suggestion is sound.  The family member would be less tempted to find a way around if they were not told what the problem was.  Of course, if the person is resolved to find a solution, you have a bigger problem.  But your service is a partial solution and the suggestion should not be soundly dismissed.

  • Avatar
    rotblitz

    Well, there's an easy solution, available off-hand on most OSes, but I don't post it here.  Using it would not be in accordance of OpenDNS'  ToS.

  • Avatar
    neville23

    Ok...I know this isn't a forum but I would like to give you advice. Great Job with the idea of remote viewing. Ok so first make sure there is a password on the admin account you can do this in the control panel in windows. (Sorry i am only helping in windows) Set the kids account as limited user only. If you can't get access to his device you should take it off him and download some password cracking software to crack it. Nice Idea with the silent block idea but it is all ready done i think... Just set no block page

  • Avatar
    eliasbats

    "Then he went on the google and search "how to get rid of opendns" and thats it!"

    "LOL.  No, that's not it!"

    Oh yes, that's it. A 13-year \-old can easily read instructions on how to resolve IP addresses from DNS names. And guess what: openDNS does NOT filter these web dns lookup sites! (I have already made a request for this).

  • Avatar
    bfudge85

    I have an 8 year old son and 2 girls at the age of 5-6. As a parent it is your responsibility to protect your child from immoral and illegal behavior. I have gone through proper steps in the aid of future issues. I am in practice mode. I want to get my knowledge and strategy before not after the battle starts.

    Below are steps that I have came up with to foster good internet manners.

    1. Sit down with your children and explain to the child that certain sites and materials are not allowed in your house hold. That breaking the rules of your internet will result in punishment.

    2. Set a limited time frame and schedule of times per day for "rest and relaxation" on the internet. Allow the child to play his\her music, video games or even read an E-Book online. Explain to the child that the schedule will be at a certain time of day for a limited amount of time. For example: your child on weekends can use the internet on Saturday and Sunday at Noon for a time limit of 2 hours. During the week while school is in session they are allowed on from after school at 7pm "per day" for an 1 hour time limit after school work is completed. When school is not in session during breaks or vacations. You can allow your child 4 hours of internet usage at a specific time on Saturday and Sunday, On the weekdays allow him 2 hours at a set time frame.  Essentially you dictate the time and the amount of time so you have complete control and can remote view his\her actions. Not only will the time frame limit the rate of possible abuse you will also encourage your teen to go outside, read a physical book or hang out with his\her friends. Important step to this schedule is to create a physical schedule and hang it on the fridge or if you have a dry erase board you could hang it in your office or work space and have the child sign in on the board and sign out on the board when they are done. if they go over the time frame each day just reduce the time frame for how many minutes they went over.

    3. Allow your child to only have access to a Modified Limited account. you can do this in the computer user group management control panel in windows. Disable the ability to modify the web browsers settings, install and uninstall of programs and even disable the ability to open windows CMD and basic control panel. If you want you can even take it the max and block the user from accessing the Registry editor where he could modify registry keys to get around certain limitations.

    4. Remote view his activity during scheduled usage. Worried about the child using the computer while you are asleep? Change his\her password for the times of punishment or while he\she is alone in the house or the parents o guardians are asleep. Teens minds do turn while their guardians are away or physically disabled. Resetting the password will give you absolute control over computer usage.

    5. Last but not least. Download and install Family Cyber Alert. It is a professional key logger and Chat logger. It will send you Emails of logs, it will Screenshot computer activity and also alert you on webpage usage. I used this to catch my fiancee cheating on me. I installed and used it on my computer. she was using my computer with my permission. I dumped her after i found out. that was back in 2009, I still use it to this day. It runs silently in the background at computer start up. can not be seen in Task Managers and is not detected as a virus.

     

    These steps above will prevent abusive usage of your internet.

  • Avatar
    moberme

    I just called the sales team and they have no plans on offering a blocked page redirect page. I don't get it.  It is not worth it to paying for the subscription.  With my kid knowing what is blocking him, he will find away around it.  Enterprise starts at $300 that is to much for a family.  I would gladly pay $40.

  • Avatar
    rotblitz

    "Enterprise starts at $300 that is to much for a family.  I would gladly pay $40."

    This is wrong.  OpenDNS Prosumer starts with $20 for one user, up to five users.

  • Avatar
    mattwilson9090

    What don't you get, that a business won't add another feature to a free service that doesn't materially affect how that free service works, but that they offer with various pay services? Do you expect them to give away all the features of all their services for free just because you don't want to pay for them?

    If your son can figure out how to get around OpenDNS without a redirect page being available, then with a redirect page he will still be able to figure out that he's being blocked, and with a few more minutes of work figure out what is doing the blocking and then you'll be in the same situation as without a redirect page.

    A redirect page will do nothing to prevent anyone on your network from getting around OpenDNS or any other DNS service you want to use. If you want a technological solution to this you need to look somewhere other than a redirect page, such as restricting your router to sending DNS traffic only to OpenDNS. That way even if they do configure a device to use a different DNS provider the traffic will never get there.

    Of course he could be use a cell phone or other mobile device with it's own cellular data connection and not even use your internet connection. If he's smart enough to bypass OpenDNS he's probably also smart enough to share that data connection with a laptop or even desktop computer, in which case a redirect page still won't be of any use to you.

  • Avatar
    moberme

    Hi Mattwilson9090

    The only way to currently block webpages silently, is with the business account.  These accounts start at $300 per year.  What I am asking OpneDNS to do is to add this feature to the existing $20 per year Home VIP. That is worth $40 per year for me.  I don't expect for it to be free.  OpenDNS has bills to pay to keep the doors open.  The missing silent blocking link redirect is the only thing keeping me from switching to the Home VIP package.

    My router is set up to send traffic to OpenDNS and I have blocked port 53.  I just don't want my kid to know what the cause for the blocked sites.  I just want it to be, the porn link is broken for no reason.  Not, here is the challenge, now go find away around OpenDNS.   

    Our Tmobile data plan does have the blocking feature and we are using that. 

    block the webpages silently

     

  • Avatar
    rotblitz

    "These accounts start at $300 per year."

    Again, this is wrong.  OpenDNS Prosumer starts with $20 for one user, up to five users for $100/year.

  • Avatar
    moberme

    "This is wrong.  OpenDNS Prosumer starts with $20 for one user, up to five users."

    Does the Prosumer account have the Block Page Redirect link option?

    I have 5 family members so that is $100?  

    The Prosumer version goes on the router or the device?

  • Avatar
    moberme

    "This is wrong.  OpenDNS Prosumer starts with $20 for one user, up to five users."

    This $300 price is what I got when I called your office to subscribe to a service that has Blocked Page Redirect Link options.  

  • Avatar
    moberme

    The Blocked Page Redirect option is really only needed for the home VIP accounts.  If your a business you fire the idiot that finds away around OpenDNS.  

  • Avatar
    rotblitz

    "when I called your office"

    You didn't call my office.  I'm a user like you.

  • Avatar
    arboactive

    Unfortunately when someone has administrative / root rights on a local device and the outer firewall is not restrictive enough in the sense that traffic can still be tunneled through other well known ports, such as 80, 443 and whatnot, DNS can always be circumvented by routing the request through a VPN or proxy service established to other IP addresses using those ports or by simply installing and using a local DNS configured as a root server (on Windows, for example, Unbound or Acrylic DNS servers could do that). You would have to know the endpoints connected to those ports or use some form of deep packet inspection (and hope it will not be stopped by end-to-end encryption) to secure against that. At this point, you're no longer talking average Joe customer premise equipment for home use, but either Enterprise class firewalls or someone who knows what they're doing on Linux boxes, for example.

    However, I do agree with the sentiment that blocked domains should just be replaced by blank pages containing nothing rather than a notice, especially when using the service for ad blocking as well. If AdFreeTime.com can do it for $1.99, why can't OpenDNS?

  • Avatar
    arboactive

    To me, blocking DNS is mostly a simple way to add an extra protective layer for those who wish to prevent accidental clicks on links in e-mails which might install malware and such.

  • Avatar
    mattwilson9090

    If all blocked pages are automatically replaced for all users by blank pages then no one has the ability to use a bypass code to allow traffic that they want that is blocked by their general settings, and it does not provide an opportunity for users without a bypass code to send a message to the administrator asking for a site to be whitelisted or settings otherwise reviewed.

    If the primary reason for posting to this thread is to ask for blocking of ads then you should be posting to one of many threads asking for that. Long story short, although OpenDNS does classify domains as ads, they do not allow blocking of that category and do not intend to do so. If you want to argue about that decision do so in one of those threads. I have no familiarity with AdFreeTime.com but if you want to stop using OpenDNS free service in favor of paying for an entirely different service that does entirely different things feel free to do so.

    If your concern is that you don't have admin rights on a device or the firewall is not restrictive enough for your tastes, having a blank page instead of a page that says why something that would otherwise be expected to work is seemingly broken (which usually leads people to start screaming, complaining that the internet is broken, and calling their support people or ISP) is not going to fix your problem. The people with the technological savvy to "hack" around OpenDNS when they see a block message will also have the technological savvy to get around it when they figure out why they are seeing a blank page instead of expected behavior. For those who don't have the savvy, instead of getting a message explaining why things aren't working as expected they are just going to start complaining, whining, and screaming to anyone they can get to listen to them.

    Rather than looking for a feature that is only obscuration rather than actual prevention or security, and only causes frustration and anger for the non-technological and is only a very minor speed bump for those who are technological you'd be better served by restricting admin access on devices and getting a firewall that is restrictive enough for your tastes. Consumer grade routers with third party firmware can be extremely powerful and block many, if not all, of the non-encrypted methods of bypassing OpenDNS.

  • Avatar
    arboactive

    @mattwilson9090: I actually agree with you, which is why those users use this entirely different service. They generally do not complain about things not working as expected, rather the opposite.. not blocking the ads causes confusing 'Your computer is slow' ads which run some code or install some rogue application in their system. That way some of the things one wishes to avoid don't get accessed or downloaded in the first place and it is much more effective than using an adblocker in a browser (saves bandwidth too, giving users a fast internet experience when connected to that particular router). I don't care about people getting 'around' OpenDNS. They are free to use whichever DNS they wish. But people using the default are shielded from accidental clicks on some ads or malware spreading sites (provided they point to hostnames and not to IP addresses of course). 

    Yes, restricting access / nog granting root access or administrative privileges is always a good idea, but some of those users are hard to educate and in some cases, you are not the one in control or the admin on those systems but merely their techsupport or the one friend to configure their router. People are usually actually starting to scream/complain whatever when they DO see a message (which looks like a message from 'Windows' for example). Blocking harmful or deceitful ads keeps their systems fast and prevents a lot problems, especially when they are BYOD type scenarios where you may not necessarily be in control of purchasing and you're just a third party person to configure some DNS. It is no replacement for real security but it's an extra layer. A car doesn't just have seatbelts. There are airbags and other measures too.

    In any case, if I am not mistaken, although I agree *entirely* with the point you are making about security, the original poster asked if it could be provided as an OPTION. Apparently it is an option in the business accounts, so apparently there is a market for it.

    For the record: I do agree with you there are better solutions and apples and oranges are being compared here. I do get your point - and I mostly agree. I do however know quite a few people asking for this, not just businesses but non-techsavvy individuals and families as well. It would make their life a lot easier, not harder.

    Inputting an IP address to configure DNS forwarders in their soho devices is something most of them can manage (well the ones who know about OpenDNS in the first place). So if things don't work as expected, they can easily replace it with Google's to see if the silent blocking is the problem. I'm talking about parents and people with a 'half'-techsavvy friend here.

    For now, yes, those acquaintances have switched to a different paid service. They would have paid OpenDNS if it was provided as an affordable option to them. And so OpenDNS is missing out on a potential stream of income. But to each their own. I am not here to argue, I was simply illustrating a real-world scenario where people have actually switched because they were missing exactly that which the original poster had asked, albeit for different reasons (protection against accidental clicks in addition to their anti-malware, firewall and other security products or saving bandwidth - and it works for most users; the savvy users are free to do whichever they want, but are mostly not the ones whose systems need fixing by a third party...).

    Anyway, thanks for your views. I agree with you on security. For the record, I did not post to this thread to ask for blocking of ads, in fact I haven't asked anything at all. I simply replied to the discussion (and arguments provided) started by sfshamim based on what has been said already.

  • Avatar
    mattwilson9090

    This thread is not about blocking ads, it is about silently blocking domains without any visible notification of what has happened. You seem to drift back and forth between the two fundamentally different topics so I can't really tell what point you are actually trying to make.

    You also contradict yourself when you say you think whatever it is that you are advocating is available in the pay services, then later state that people have left OpenDNS for other pay services because whatever it is you are advocating is not available on in pay services on OpenDNS. So which is it, it's available on an OpenDNS pay service, or it's not.

    Also, I was not responding to the initial post in this thread, which played out more than 9 months ago. I was responding to your most recent post which made it sound as if you want pages to be blocked silently for *all* users, with no option to use the "feature" or not. If that isn't the case, then why not just save a lot of words and just say that was your intention.

    As for the ads, why would someone want to abandon a DNS based, free or paid, that provides a myriad of features, including some very powerful security and protection services, for a paid service that judging by it's name provides only ad-blocking service? Like I said in my reply, if you want to debate OpenDNS not blocking the ads category take that debate to one of the other threads discussing that. That thread is about silently blocking domains with no notification.

  • Avatar
    arboactive

    Please re-read my reply. Don't get me wrong, I appreciate what you are saying. Please allow me to clarify:

     

    1) I *know* this thread is not about blocking ads. I did not look for a thread about that nor did I ask about it. In fact I did not ASK for anything, I simply replied.

    Someone made a point about silently blocking domains wihout visible notification rather than redirecting to a page. That is what this thread is about.

     

    2) I happen to agree with the original poster when it comes to this aspect (and I guess I will have to quote myself) and provided an argument to this effect in my second sentence:

    --> "I actually agree with you, *which is why those users use this entirely different service*. They generally do not complain about things not working as expected, rather the opposite.. not blocking.. [example cited]" <--

    This is from experience with certain users. I am NOT asking nor trying to make this thread about adblocking. I am simply giving a case example where *silently blocking domains without notification* in practice has proven more beneficial than harmful as the number of complaints from users and headaches from problems associated with NOT blocking domains of your choice dropped significantly.

    In those cases where I simply blocked things the OpenDNS-way, most people were actually MORE confused, not less, and assumed their systems had been infected by some virus (they expect to see Google). That is ALL I was trying to say.

    You say said "which usually leads people to start screaming, complaining that the internet is broken, and calling their support people or ISP ...".

    From my experience, the opposite is true. They complain LESS, at least in THIS scenario, which is the whole point I was tryng to make.

    For that reason, I agree with the original poster that it would be helpful to have silent domain blocking as an OPTION.

    I agree with you in all other respects.

     

    As for the other thing..

    3) [Off-topic] Please don't judge a book by its cover, or in this case, by its name. That other service which helped out some people does more than what the name suggests (including malware blocking like OpenDNS). However I am not suggesting people switch, I merely pointed out that it worked for what THEY wanted and as such might be an option for the original poster if OpenDNS doesn't suit their needs or doesn't want to meet their needs. That's all.[/off-topic

     

    In any case, I don't need any help and since we're the only ones discussing this, I guess there is no need to reply anymore. Once again, I understand this thread is not about ad blocking, it was just an example of a case where silent blocking might be useful. If you misunderstood what I meant, I apologize. English is not my native language. Like I said, I'm not looking for assistance and I am NOT looking for blocking opions. I simply agreed with the fact that in certain situations, the original poster's suggestion has merit, in my humble opinion.

    I'm sorry for taking up so much of your valuable time and I appreciate your thoughs on this matter. However, I don't think there is any point in discussing it further, since contrary to what you may think, I am actually not asking for anyting or lookin or anything. Just contributing my thoughts - that's all.

    Anyway, I won't post here anymore. Tthanks for your replies. They're interesting :-)

     

  • Avatar
    rotblitz

    As OpenDNS does not provide you with this option, why don't you help yourself?

    You configure the block page domains in your local hosts files or on your local DNS server to redirect them to anything like an empty page or Google or an own website or what.  Case closed!

  • Avatar
    Patrick Colford

    @rotblitz, check your tone please.

  • Avatar
    vick3

    OpneDns provides a very useful tool, but it's not the complete answer to the problem.  They're not your ISP and they don't own your router.  I have a MicroTik routerboard 750 (about USD $50.00 on Amazon) which is a real router where each ethernet port is individually configurable with firewall rules.  The cable modem is on one port, and I deny any traffic to port 53 that is outbound except on on OpenDNS' DNS servers.  Now it doesn't matter what they do with the client machine, or what they plug into my network.  All DNS on my network either gets resolved by OpenDNS or returns a "couldn't find whatever.com" error.  This raises the bar even more for trying to resolve those addresses elsewhere.

  • Avatar
    vick3

    OpneDns provides a very useful tool, but it's not the complete answer to the problem.  They're not your ISP and they don't own your router.  I have a MicroTik routerboard 750 (about USD $50.00 on Amazon) which is a real router where each ethernet port is individually configurable with firewall rules.  The cable modem is on one port, and I deny any traffic to port 53 that is outbound except on on OpenDNS' DNS servers.  Now it doesn't matter what they do with the client machine, or what they plug into my network.  All DNS on my network either gets resolved by OpenDNS or returns a "couldn't find whatever.com" error.  This raises the bar even more for trying to resolve those addresses elsewhere.

  • Avatar
    hotelnetwork.acs8

    Lockdown your DNS in your private network.

    Intercept port 53 (TCP and TCP) and redirect to openDNS DNS IPs. You'll need dd-wrt (using iptables) or tomato routers (intercept and iptables) or mikrotik routers (firewall/filter rules).

Please sign in to leave a comment.