Separate DNS IP addresses for Parental Control to ensure continued protection during IP address change

Comments

8 comments

  • Avatar
    rotblitz

    These additional resolver addresses exist, and therefore there is no need to request it.  It seems you missed that.

    You'll be using the OpenDNS FamilyShield addresses 208.67.222.123 and 2068.67.220.123 instead of the normal OpenDNS resolver addresses.
    https://store.opendns.com/setup/#/familyshield

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Correcting: 208.67.222.123 and 208.67.220.123

    0
    Comment actions Permalink
  • Avatar
    pealypealy

    Hi Rotblitz - I didn't miss it, those IP addresses provide a different service to the OpenDNS Home configurable filtering which I use. 

    I could use those IPs but would not be able to use the excellent facilities of blocking additional groups of sites and setting personal exceptions/additional blocks.

    I really think it makes sense to have different IP addresses for the OpenDNS Home configurable filtering so that there are no gaps in the filtering. If my antivirus software became ineffective for a few minutes after I reset my router I wouldn't say that was okay, should be the  same for the OpenDNS Home configurable filtering service too.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "would not be able to use the excellent facilities of blocking additional groups of sites and setting personal exceptions/additional blocks"

    This is where you are in error.  You can use every feature of your dashboard at https://dashboard.opendns.com/settings/ also with the FamilyShield addresses.  There is one exception: you will not be easily able to whitelist anything blocked by the FamilyShield categories (Pornography, Tasteless, Proxy/Anonymizer, and Sexuality).  But there are ways around this if you need...

    From the official https://support.opendns.com/entries/53936430 :
    If you create an account you can also configure additional custom category filtering at the network level, but the 4 categories Pornography, Tastelessness, Proxy/Anonymizer, and Sexuality will always be blocked on your network when using FamilyShield.

    It looked to me as if it is exactly this what you were asking for.  If not, please clarify.

    0
    Comment actions Permalink
  • Avatar
    pealypealy

    Hi - thanks rotblitz, If what you say is correct then this would work for me. I'll look into it tonight.

    0
    Comment actions Permalink
  • Avatar
    pealypealy

    Hi again - this looks like it's working really well.

    Is there a way to Whitelist sites then? I do have a few sites in my "Never Block" list.. 

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Assuming that this delay is indeed due to a delay in processing after OpenDNS has registered an updated address for your network, and not a delay in whatever software you are using to register the updated address with OpenDNS (the two really are very different things). How would having a different set of DNS server settings help?

    OpenDNS Home works by receiving a request at a set of addresses, checking the address where the request was sent from against it's list of registered addresses, and then applying any settings for that network. If after receiving an update it takes time for processing something and thus temporarily "turning off" your filtering having a different set of addresses wouldn't help since that delay would still be there. If on the other hand, there is a delay in getting your new address registered against your network, then when it checks the sending address against the networks it won't find anything so you won't get any filtering until that registration process completes. In that case I'd suggest changing whatever method you are using to detect and register address changes to something else that is more prompt in getting your address changes registered.

    Of course, like rotblitz said, if you use the Family Shield addresses, regardless of what is going on those categories blocked by Family Shield will always be blocked. As rotblitz said you can whitelist any domains that are in the categories that you manually blacklisted, but you cannot whitelist anything that belongs to the 4 categories that Family Shield always blocks.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "Is there a way to Whitelist sites then? I do have a few sites in my "Never Block" list.."

    You cannot whitelist or blacklist "sites" with a DNS service, just domain names.  This is a huge difference.

    Well, if the domain names in your "never block" list do not belong to any of the four mentioned categories covered by FamilyShield, then this whitelisting will take effect, else not.

    However, if you want to whitelist also domain names from the four FamilyShield categories, you can do that more granular per device, i.e.

    • You configure the FamilyShield addresses on the router and configure the normal OpenDNS resolver addresses on those devices which you want to exempt from the strict FamilyShield filtering of the four categories.
    • Or you configure the normal OpenDNS resolver addresses on the router and configure the FamilyShield addresses on those devices where you strictly want to block the four categories covered by FamilyShield.
    • Any mixture of the two options above is possible as well, but don't mix FamilyShield addresses and normal OpenDNS resolver addresses on the same device.
    • Another option, alone or in addition, would be to use the devices' local hosts files to allow or block domain names of your choice.
    • Not to forget, you'll have even far more options with running an own internal DNS server / forwarder.
    0
    Comment actions Permalink

Please sign in to leave a comment.