Why isn't there a enforce safesearch option that redirects google searches to forcesafesearch.google.com?

Comments

15 comments

  • Avatar
    mattwilson9090

    You still need to be able to define a CNAME in a DNS server to make safesearch work according to option 3. LPC does not display it's blocked page as a result of creating custom CNAME's, if a domain that is looked up is blocked according to your settings it returns an IP address that corresponds to that webpage. It's a subtle difference, but it's not the same as creating that customized CNAME.

    According to Google's directions *you* need to create a DNS server of some sort that defines the google addresses via a CNAME that you create and control. This is just the same as all of the discussions where non-LPC users are demanding that OpenDNS create the CNAME on their own servers, instead of on your own local DNS server as google says you need. When LPC is thrown into the mix that means a DNS server *before* the DNS traffic is passed to and through LPC.

    Basically, LPC or not you are still going to need to create your own DNS server.

  • Avatar
    rainmanjs

    I do hear what you are saying, and I haven't found those discussions, probably because I was searching specifically having to do with the Netgear router.  I guess I don't see what the problem with OpenDNS making the adjustment on their side, as long as the user has to choose to use that configuration.  As many complaints as there are about search engine issues, it only makes sense to control it at the network level instead of the much more easily compromised and much harder to control OS level.  It seems like you have to have an IT department to have reasonable restrictions on your home network, and with OpenDNS and Netgear advertising that they offer a solution, I think they should offer a solution.  All that said, at first glance, there doesn't seem to be a way to do it in the router without loosing LPC, since you have to flash it with an alternative firmware.  If anyone knows another way, I'm all ears.  I'll certainly be looking in the DD-WRT forums tomorrow.

  • Avatar
    mattwilson9090

    You really do need to look at some of the other threads related to safesearch to get full explanations.

     

    The "problem" with OpenDNS making those "adjustments" on their side is that they cannot. This is a technology issue, it's not a matter of what they choose to do or not. When all is said and done, OpenDNS is a recursive DNS service, and editing and creating CNAME needs to be done on authoritative DNS servers. That's why you need to do it on your own DNS server, and why Google says you need to do it on your own DNS server. This is not a mere "adjustment", it's a fundamental change to how Google's domains are listed in DNS and one that OpenDNS cannot do for any domains it does not own since they are not an authoritative DNS service.

    You're correct, it makes sense to do that is at the network level, which is precisely why it needs to be done on a DNS server on your network. It cannot be done on anyone else's network, including on the internet, which OpenDNS is a part of.

    Yes, OpenDNS is offering a solution, but they are not offering this particular solution (and they can't offer it even if they wanted to). If you want to add mandatory safesearch to your network you will need to setup some form of DNS server, and define it's forwarders. You can do that whether or not you want to use LPC. With "straight" OpenDNS you would set those forwarders to the OpenDNS DNS servers, but with LPC you would set those forwarders to the router itself, where the router will handle the connections to OpenDNS. There is no need to flash the router with alternative firmware to force safesearch on your network and continue using LPC, you just need to follow the directions that Google has, and make them fit with what OpenDNS is offering via their products.

    I'm not saying that this is a simple solution, but then again, if you look at the Google page that you looked at, they did say that this is for very advanced users. It's Google that is defining what needs to be done. All that OpenDNS can do is tell you to make those requirements fit with the products and services that they offer.

  • Avatar
    rainmanjs

    "with OpenDNS and Netgear advertising that they offer a solution"   I suppose this is on Netgear then.  Which would make sense, since they still have not stopped you from needed to expose your router password on every device you log into a bypass account.  The fact that I have to change the router password every time that I add a device to a bypass account is pretty absurd.  

    How about a separate search engine category for "safe" search engines, such as those listed here? http://www.techlearning.com/default.aspx?tabid=100&entryid=578 That way I could block the standard ones and leave these available?  I could whitelist them, but that would kill the time based filtering.

  • Avatar
    mattwilson9090

    I'm not sure what the router password has to do with Google safesearch, but yes, that probably does sound like an issue you need to take up with Netgear.

    What would be the point in creating a "safe" search engine category? You can only block categories, so in effect you'd be blocking safe search engines, thereby only allowing "unsafe" search engines on your network. While OpenDNS does have categories that are similar, but not the same, they do not have categories that are subsets of another. Since a "safe" search engine would also be properly categorized as search engines, without a way to whitelist categories, blocking search engines would also by necessity block the domains in the subcategory.

    I'm not sure how you are using the time based filtering, but if you only want to allow certain search engines on your network your only real option with OpenDNS is blacklisting the search engine category and whitelisting the ones you want to allow.

     

  • Avatar
    rainmanjs

    Definitely meant as a separate category, safe search engines could be unblocked and all other search engines could be blocked.  I think "auctions" could be considered subset of "E-comerce/shopping", so it seems that OpenDNS will create a separate category for things that are subsets of another.  

    I'm not trying to start an argument here, and I would really appreciate the input of someone from OpenDNS.  I'm offering suggestions for improvement, and I know that any good company, like OpenDNS, is always looking for ways to improve.  My suggestions may not be practical, but I'm looking for a way to get the best possible solution out of the hardware and service package that I purchased.

  • Avatar
    mattwilson9090

    Go ahead and post it as a suggestion to the Idea Bank https://support.opendns.com/forums/21211727-Idea-Bank You'll also have to define what you mean by safe search. To me safe has nothing to do with adult material, but rather with potential sources of viruses, malware, and other "bad" technologies. The more explanation you put in the more useful any responses might be, rather than "that's a stupid idea".

    That said, I don't think this category will get created, since it's too close to it's parent, and you'd than have calls for "adult" search engines, "weapons" search engines or whatever. It would also likely lead to requests for fragmenting other categories into "safe" or whatever else.

    In the meantime however, if you do want to limit what search engines can be used on your network you'll need to blacklist the search engine category and whitelist the ones you want to allow. That could also be done in conjunction with the CNAME record for Google Safesearch and any other "safe search" that any other search engine you might allow might have available.

  • Avatar
    johank96

    FYI: There's a new breed of of router that deal with the incognito loophole! They appear to implement something like option 3 described in this link: (https://support.google.com/websearch/answer/186669?hl=en) or perhaps append &safe=active at the router, and make it real easy. I found three: 1) Kibosh (www.kibosh.net) 2) Blocksi Router (http://www.blocksi.net/parental-control.php) and 3) pcWRT (http://www.pcwrt.com/).

    Please, please, please consider distributing this information. It is appalling that 90% of parents are so completely unaware of what access kids have through incognito browsing.

    Likewise, it's disturbing how unaware the general adult population is about 3g/4g smartphone access to porn is by minors. An outstanding solution for 3g/4g smartphones is 'comvigo'. It filters and blocks incognito without restricting many other features unnecessarily like funamo and other apps do.

  • Avatar
    highlight44

    If you can redirect goggle.com to google.com, then you can redirect google.com to forcesafesearch.google.com. It is that simple. Problem solved.

  • Avatar
    rotblitz

    ...but OpenDNS does not redirect goggle.com to google.com.  Now what?

  • Avatar
    highlight44

    This article implies that it is completely within the capability of OpenDNS to redirect goggle.com to google.com. https://blog.opendns.com/2006/08/04/gogglecom-gross-what-should-we-do/  If I am not mistaken, a DNS server takes the URLs we type into our browser and translates it to an IP address. When you enter google.com OpenDNS looks up the IP address for that which is: 74.125.224.72  I would rather have OpenDNS route my "google.com" URL request to: 216.239.38.120  It is my understanding that this IP address forces safe search. 

    Am I wrong? If I am, I am more than happy to learn where my thinking is in error. If not, let's get it done.

  • Avatar
    rotblitz

    But you see that the article is from August 4, 2006, do you?  A lot has changed since then, when OpenDNS stopped NXDOMAIN redirection and typo correction in 2014. 
    https://blog.opendns.com/2014/05/29/no-more-ads/ 
    https://www.opendns.com/no-more-ads/

    "If I am not mistaken, a DNS server takes the URLs we type into our browser and translates it to an IP address."

    No, the browser extracts the domain name from the URL and sends it via your OS to a recursive DNS service like OpenDNS to possibly return the related IPv4 and/or IPv6 address for A and AAAA request types, other information for other request types.

    "When you enter google.com OpenDNS looks up the IP address for that which is: 74.125.224.72  I would rather have OpenDNS route my "google.com" URL request to: 216.239.38.120"

    This is what OpenDNS rejected to do, to redirect from one domain to another.  They only return the real result or one of their own addresses in case of blocking.  They never return an address of another domain.  They say that this must not be the case with a recursive DNS service.

    "It is my understanding that this IP address forces safe search."

    This is correct.  If you want to use this feature, you had to do it as Google advises: configure it on your own DNS server, maybe in your local hosts files.

    But you need to do it right.  It's not google.com which you have to use, but www.google.com.  And also, google.com does not necessarily resolve to 74.125.224.72, but to a lot of other IP addresses, depending on the client's geolocation.  For me it resolves to an IPv6 address and to eleven IPv4 addresses in the 173.194.116.* range.

    Did you learn more now?  Still questions?

  • Avatar
    highlight44

    Okay, now I understand. I also give up on any hope that OpenDNS will ever address this problem. I appreciate OpenDNS for what it does. I need to look elsewhere for things I can add to OpenDNS to achieve what I want to do. Or, perhaps I can find a total replacement.

    Thanks for your help.

  • Avatar
    mattwilson9090

    A problem implies something that isn't working correctly, or at least isn't working as intended. That is not the case here since OpenDNS is providing the features that it was intended to provide. Therefore there is nothing to address or fix, especially since OpenDNS never intended to provide this feature.

    But you're right, if their FREE service doesn't provide the features that you need you need to find a different service to use, either free or pay.

Please sign in to leave a comment.