Apple have built in website filtering into OS X under the ‘System Preferences’ – ‘Parental Controls’ but Parental Control cannot be enabled for administrator accounts (which is probably the account you are running from) and Parental Controls also becomes hard to manage if you have multiple users because you need to set it up for each one. Here’s how to set up internet filtering on your whole home network at once using a free service called OpenDNS. Once it’s set up this can help block unsuitable content from reaching any computer, iphone, ipad etc connected to your internet. This approach can be used at home, school, or the workplace.
DNS Stands for domain name server. A DNS is like a big phonebook and every time your computer or iPad or iPhone goes to a webpage (e.g. apple.com) it looks up the name you have given it (apple.com) and converts it to a number (e.g. 192.124.1.2) which it then uses to find the webpage.
This what you do when you phone someone. You look up their name in a phone book to get their phone number and then you ring their phone number. A simple way of limiting the people who you could ring would be to not give you their phone number. That’s how web filtering with Open DNS works.
A DNS is like a big internet phonebook where your computer looks up webpage addresses.
When you signed up for Internet access with your local Internet Provider they gave you a DNS number to put into your computer – something like 192.231.203.132. This number is the place your computer goes to look up the address of every page you visit.
Open DNS is a free DNS service, but it has settings to restrict what sites you can access. It’s like a phonebook with all the ‘unwanted’ phone numbers missing. To use open DNS you replace the DNS numbers on your computer with the Open DNS numbers. Your computer will be unable to find some websites because open DNS won’t give your computer the address when it asks for it.
I’ve tried to explain the concepts clearly, but getting it running can be tricky, so read on and you may need to get a computer friend to help you out!
Here’s how to set it up.
1. Have a look at this image. It should say “Use Open DNS”. After you switch to Open DNS the image will change and it will say “You’re using Open DNS”!
1. Have a look at this image. It should say “Use Open DNS”. After you switch to Open DNS the image will change and it will say “You’re using Open DNS”!
2. Go to opendns.com and set up a free account. Go to the open DNS dashboard and select Internet filtering, and the level of filtering you require. Here are what some of the options look like (click to enlarge):
3. Open your Router settings (the Router is the device that plugs into your internet connection and shares it with all your computers). We are setting this up on your router so that it will affect all your computers. Find the setting that says DNS Servers and put in the Open DNS server numbers. (Before you do this make a note of the old DNS settings, you will need them later when you are testing.) The Open DNS numbers are 208.67.222.222 and 208.67.220.220
Here are the DNS settings on my wireless router.
4. Restart your computer and your router, and come back to this page and a little button in step one should have changed to show you that you are now using OpenDNS.
5. Go to www.internetbadguys.com (a test site) and you should get a blocked message something like this:
6. Securing it.
What we had just done is we have made the default DNS server the server that your computer goes to. The problem is that if you manually type in DNS settings in your computer network settings it will bypass the Open DNS settings. So what we need to do now is to help your router not to allow any other DNS settings through. To do this go to the firewall settings on your router (not your computer) and block all outgoing TCP and UDP requests on port 53 that are not going to Open DNS. This can be a little bit tricky, but here’s how I did it on my router, which is a Draytek Vigor 2700.
I had to add three rules.
1. allow DNS lookups that are going to open DNS 208.67.222.222
2. allow DNS lookups that are going to open DNS 208.67.220.220
3. block any other DNS lookups.
Here’s where I added the rules:
Here’s where I added the Rules:
On the Draytek modem the firewall settings are set up under default data filter
Here are the three rules I added:
I added rules two, three, and four.
Rule 1 & 2 (called rule 1 and 2 because there was already a rule in there)
Rule 2 allows any traffic going to the Open DNS server. Rule 3 was the same as rule to accept it used the second DNS number.
Rule 3 (called rule 4).
Rule 4 comes after rule 1 and 2 and it blocks any remaining DNS requests.
Testing.
Type in your old DNS settings into your Macintosh system preferences, ( system preferences – network settings- DNS Server) and press apply.
Open Safari and type in an address (eg apple.com) – you should not be able to go to any websites at all.
Delete the DNS address from your Macintosh system preferences, the open DNS settings should reappear, and you should be able to browse the web, but not restricted sites.
The only way I can think of getting round this without the router password is to reset the router to the default factory settings, but then OpenDNS will stop altogether, and you’ll notice someone is playing with things!
