Use Wildcard to Limit TLD (and block Google search images)

Comments

62 comments

  • Avatar
    jmerichards
    Sure, I'll try. I have numerous issues about users picking up the IP address of another OpenDNS user when there own lease expires. As a result, apparently, the settings that take effect are those of the acquired IP address. I have not experienced this myself, but what I have experienced is great difficulty is keeping mobile device caches flushed - particularly true of iPads. True, this is not an OpenDNS issue, but it does make using the service frustrating. I have also found that the protection (blocking) I've put in place seems to disappear when my IP address changes. I say that because I occasionally test the network to see that is blocking content (honestly) and I find that it sometimes is not. When I notice this the first thing I do is check to see if my IP address is different to what OpenDNS is guarding. Every time, without fail, that has been the case. Now, that may be a coincidence, I don't know enough about this to speculate any more on it. I realise that as long as the router continues to point at OpenDNS servers, the protection should not falter, only the logging activity is interrupted. However, that does not seem to have been my experience. It's also difficult to find information about these issues on the site, and I have to say if it had not been for yourself and Rotblitz (almost on your own) there'd be little hope of getting anyway, so thanks for your contribution. I just don't think this service is as simple and effective as the blurb makes out. Does it block xxx.com if you type it into the address bar? Yes, I have that to be the case - very effective. The issue is dealing with search engines and what they can show through simple queries. The other issue I've had is that so many domains are ridiculously listed as "search engines" simply because they have sites with a search box for searches for that site, or within that domain. I think OpenDNS could improve things here by making the Search Engine category related to search scope (only the broader internet). Sorry to moan at you guys about it, but I've already contacted support about this issue and did not even receive a response. I guess your listening, so I'm telling ;) Cheers.
  • Avatar
    jmerichards
    NB: correction - "I have *read* (in the OpenDNS forums) numerous issues about..."
  • Avatar
    cervezafria

    Have you tried the IP Updater?

    http://www.opendns.com/support/dynamic_ip_downloads/

    I keep it running on a desktop unit connected to my router and all users are kept current through any IP changes. 

  • Avatar
    jmerichards
    Hi again. Yes, I use them. I have an iMac running both OS X and W7, and I have the updater installed on both systems. When the computer is on, there is no problem with updating the IP. However, we don't leave the computer on al 24 x 7, and in fact it is used infrequently compared to mobile devices for Internet access. I have to remember to log in to the web site every so often and manually update the IP address. Again, this is not the of OpenDNS, but it complicates using the service for a home environment, or perhaps more accurately, an environment without an always-on server.
  • Avatar
    jmerichards
    The IP updating needs to occur at the router, I believe. Perhaps OpenDNS could negotiate the inclusion of their service into more router firmware?
  • Avatar
    rotblitz

    "When I notice this the first thing I do is check to see if my IP address is different to what OpenDNS is guarding. Every time, without fail, that has been the case."

    It seems you don't run an Updater. You must!  http://www.opendns.com/support/dynamic_ip_downloads/

    Then it will keep your IP address information updated at https://dashboard.opendns.com/settings/ an your settings will take effect without interruption.

    "The issue is dealing with search engines and what they can show through simple queries. The other issue I've had is that so many domains are ridiculously listed as "search engines" simply because they have sites with a search box for searches for that site, or within that domain. I think OpenDNS could improve things here by making the Search Engine category related to search scope (only the broader internet)."

    The domain tagging system is mainly a community effort: http://community.opendns.com/domaintagging/faq/
    You are part of the community...

    "I've already contacted support about this issue and did not even receive a response."

    If you raise a support ticket, you'll receive an automatic e-mail notification with the reference number within minutes and a response within 72 hours during working times.  If you don't receive these, then your mail provider has thrown it into spam or silently discarded it.  Blame on them.

  • Avatar
    rotblitz

    Sorry, it took a while to respond while the thread went on.

    "The IP updating needs to occur at the router, I believe. Perhaps OpenDNS could negotiate the inclusion of their service into more router firmware?"

    It's up to the router suppliers to support DDNS based services, not vice versa.  Maybe your router already supports this?  What excact router model do you have?

  • Avatar
    jmerichards
    Rotblitz, it isn't about blaming anyone, any more than it is about blindly defending the shortcomings of this service for some home users. Some use cases for OpenDNS in the home market, in my opinion, wouldn't stack up. My comment about the poorly categorised search engines was a reference to community tagging, which I have been participating in. The community tagging is a good idea, but there is obviously issues with how people interpret the intended definitions of some categories (Search Engines and Adware to name a couple of big ones). There are category definitions available, I just wonder if people bother to read them. My request to OpenDNS was actually done through a feedback link, not a support ticket. My point is not that OpenDNS is a bad service, it isn't. I just think it could do more to better cater for folks that fall into a case similar to mine. I'll continue to use it, as a paid user, which I've been from the outset.
  • Avatar
    jmerichards
    Yes I agree ROtblitz, it is up to the router manufacturers; I'm not blaming OpenDNS. I'm merely suggesting some pro-activity in getting mor manufacturers to consider them. It only helps them. My router supports DynDNS and some other service that I cannot recall, but not OpenDNS.
  • Avatar
    cindelicato

    Jmerichards, with all due respect, and at the risk of going off-topic, if a device runs on your network, you need to enforce certain rules.  Case in point, if some adventurous young students decide to test the firewall of their school, the IP trace will point to your  home.   Now I could easily come up with a number of other possible scenarios, including actual attempts at crime, but I hope I've made my point.    If you're comfortable having device you don't administer on your network, you need to be prepared for other issues beyond xxx.com being accessed.

    So you need to set clear, concise and enforced ground rules of what will be and won't be tolerated. 

     

    Just saying.

  • Avatar
    jmerichards
    I hear what you're saying Cindelicato, but I don't think that takes some home user environments and how they function into account. You're correct about heading off topic, and I apologise as I've lead things that way somewhat, but we are still discussing blocking of certain content and the effectiveness of OpenDNS to achieve this for some home users. I have to say that if OpenDNS can control anything related to this it may be the expectations they set in their customers. If you take a look at this page http://www.opendns.com/home-solutions/parental-controls/ you'll see that the target audience is families - presumably a home environment - and the solution is "set it and forget it". I can't speak for others, but this kind of marketing creates an expectation in me that I can sign up, set up and walk away with no more nasties appearing on the devices in my house. The reality is quite different to that, as I've indicated and as have many others in various threads as I'm sure you're aware. In my case, I see the service limitations and it's opportunities. Because of how it is marketed to the likes of me I expect more - perhaps unreasonably. I am, however, interested in sticking with the company and service to see if features can be added to better reach my area in the user market, if that is what OpenDNS wants to do. I appreciate your feedback, thanks.
  • Avatar
    rotblitz

    "My router supports DynDNS and some other service that I cannot recall, but not OpenDNS."

    It doesn't need to support OpenDNS directly, DNS-O-Matic or "user defined" would be sufficient too.

  • Avatar
    jmerichards
    Thanks for the tip Rotblitz, but my router doesn't have those options. I'm looking for a new one.
  • Avatar
    jmerichards
    It seems I did submit a ticket about the search engine category definitions (request #66577 on 29-12-2013). I have the automated email reply, I just don't have a reply from the support desk. C'est comment la vie va parfois.
  • Avatar
    rotblitz

    "my router doesn't have those options. I'm looking for a new one."

    You didn't say what exact model you have.  There may be options nevertheless also with this router.

    "I have the automated email reply, I just don't have a reply from the support desk."

    So "reply" to this e-mail, keeping the reference number in the subject line, to reach out to OpenDNS support.

  • Avatar
    jmerichards
    My router is a Belkin F1PI243EGAU, marketed in Australia as BoB (version 1), by iiNet. It has limited DDNS features. With regard to the ticket number, I will take your advice; thanks.
  • Avatar
    rotblitz

    Yes, I see from http://ftp.iinet.net.au/pub/iinet/belkin/F1PI243EGau/Documentation/ that your router supports only dyndns.com and tzo.com (which is now dyndns.com too).  You had to get another router to do the updates for you.

  • Avatar
    jmerichards
    Yep. We have a high speed broadband rollout going on in Australia at the moment (although It has halted pending review by a new federal government), so I needed a new router anyway.
  • Avatar
    defgal

    If you do block Google , you are also blocking some of the kid friendly search engine (like kids.gov or something like that. They use Google so kids can search within their website). It gets very frustrating for a kid. My son did. So I allow it now. And safe search rarely work and when I can lock safesearch, they can unlock it by clearing history and caches.

     

    Try adding k-9 protection software

  • Avatar
    pengalo

    This is a very frustrating problem.  Many, many sites now depend on some portion of google for functionality (not just search, but other functionality too).   You can't just block google.* since it breaks half the sites on the internet.  Somehow google is now so ingrained in everything internet that you can't block them.  Their SafeSearch is a scam to try and pacify parents.  I've sent my feedback to them repeatedly to please, please implement something like bing did with explicit.bing.net, which works great.  Everyone concerned with this issue needs to send their feedback to google to give us a DNS or router based way to block porn searches.

  • Avatar
    jmerichards

    @defgal: "Try adding k-9 protection software"

    Hi. These kinds of options might work for a home environment using only desktops (PC's/Macs, etc).  However the range of computing devices available these days, particularly smart phones and tablets, makes "Net Nanny" style solutions somewhat redundant (except in treating specific machines).

    This is where services like OpenDNS can have the edge, if it's easy to implement and properly marketed so as to control client expectations. Despite some of the grumbling I have done in this thread, I'm happy with the solution posted here as a means to limit the viewing of porn on my home network, on all devices that use it.

    @pengalo: I feel your pain.

  • Avatar
    jmerichards

    I've attached a document to the top of this thread (in the original post) that lists the changes I've made in my home network to get the results I was looking for. I will update the information in the document as I find the need to make changes to my OpenDNS settings to keep things safe.

  • Avatar
    cervezafria

    @jmerichards... OpenDNS is pretty useless for cell phones, once you go beyond your personal wifi network with either external APs or the cellular networks, unless you VPN into your home network once you leave the house. Every smartphone brings a world of porn to its user.

  • Avatar
    karenam

    cervezafria, while this is true I do not think jmerichards was primarily intending his instructions for this, it was mainly for his home network, which I appreciate the posts very much as this is my main concern. If you need something for cell phones, K9 works very good for us. it is totally free and once set up has so far has worked very well for us, also works for other portable devices like ipad and ipods. Just a thought.

  • Avatar
    jmerichards
    @cervezafria: Yes, I understand that, no problem. It is as Karenam has said; I'm wanting to control the use within the confines of my wifi network. I don't want to be responsible for giving my guests children access to porn on their smart phones via my home network. @Karenam: Thanks for your suggestion about K9. I have downloaded it on my ipad to test it and will install it on my youngest's phone. Apologies to all if there's no line breaks in my replies; they don't seem to work from an ipad.
  • Avatar
    davidlev

    Just to follow up: I've done everything above, and still can find porn images when searching Bing. Haven't tried vagina, like above, but something as simple as 'sex' returns bad images. I wish there was a way to force the 'strict' or 'moderate' search results in bing magically. I should note I have the bing.net blocked (per above), but have mm.bing.net allowed. Google maps is working, but not in satellite mode (no terrain/pictures of houses, which I need).

  • Avatar
    cervezafria
    @davidlev... OpenDNS lacks the granularity you are seeking; worse yet, a simple proxy can bypass all your filters.You may want to consider a software solution. In addition, you might restrict net usage to machines located in a very public area (no bedrooms, no closed doors, etc.) OpenDNS is an 80% solution. It protects well gains inadvertent exposure, but NOT intentional exposure.. If you're going to look for porn, you will find it. OpenDNS can't prevent that. There are too many porn websites created daily, and the OpenDNS classification system takes months, even years to respond. Bing and Google images add another layer of access which OpenDNS is not set up to handle without totally blocking all access to their search results.
  • Avatar
    davidlev

    Thank you. I had bad luck with safe eyes / internet safety.com / MacAfee, so went with OpenDNS. The 50 blacklist cap is what I'm against with OpenDNS, and it keeps showing those 'sex' and 'vagina' images on Bing - the only site I believe I have available to search the web on right now (with the explicit blocked, etc.). I want to enforce the 'strict' setting in bing, but cannot find a way to do so across all wifi-enabled or desktop devices.  Open to other options for software-based solutions.  Was considering the Umbrellla-thing, too.  I am willing to pay up to several hundred a year to secure my family, no problem - especially if on iDevices as well. Educate me to what my options are - this search results showing bad images problem is huge - reading about it everywhere in these forums for past 5 days.

  • Avatar
    davidlev

    I should also note that it sounds like if the umbrella/proxy software is installed on the iOS device, they are covered at home with OpenDNS configured on router, mobile/data roaming with VPN client/umbrella, but if they go to friends' wifi or starbucks, or even school/college and jump on their wifi, they will not be protected. Surely someone has thought about and fixed this somehow by now...any suggestions?

  • Avatar
    jmerichards
    Hi David. I found that it took a little while (a day or so) for the blocking to okra effectively for me, subject to the limitations already mentioned. In addition to the OpenDNS solution described in this thread I have also installed the K9 web browser on my child's iOS device, and disabled Safari. That combination has provided me with the protection I was hoping for.

Post is closed for comments.