See: https://www.opendns.com/home-internet-security/
OpenDNS Family Shield
- Pre-configured DNS servers to block adult related sites
- No need to sign up and configure
DNS Servers
208.67.222.123
208.67.220.123
OpenDNS Home
- Sign up and configure what to block
See:
- https://signup.opendns.com/homefree/
- https://www.howtogeek.com/79998/protect-your-kids-online-using-open-dns-2/
DNS Servers
208.67.222.222
208.67.220.220
Enforce to use only OpenDNS servers
On each computer
- Set the computers (laptops, desktops, mobile devices etc.) to use openDNS servers
- Restrict access to changing DNS server in computers (Remove administrator access/role from the child account)
On the router (network edge)
- Set the router DNS servers to OpenDNS servers
- Add firewall rule to block all traffic to port 53 and only allow traffic to port 53 of OpenDNS servers
Example firewall rules using OpenDNS Home Servers:
BLOCK TCP/UDP IN/OUT all IP addresses on Port 53
ALLOW TCP/UDP IN/OUT to 208.67.222.222 or 208.67.220.220 on Port 53
Block a specific DNS Server with “Static Routing”
Example to block Google DNS server 8.8.8.8 by adding a static routing rule
- Use an ip address other that actual router ip address as gateway.
- E.g. if router ip address is
192.168.0.1
, use192.168.0.2
- E.g. if router ip address is
Destination Network: 8.8.8.8
Subnet Mask: 255.255.255.255
Gateway: 192.168.0.2