Tuesday, October 06, 2009

Web filters - return to OpenDNS

We're having to deal with the so-fun task of managing child net access.

I'm obliged to confess that I once, long ago, thought this would be pretty straightforward. Just whitelist a few accepted sites and go with it. That was pre-Google and before web sites became so enmeshed.

Later I figured we could restrict access to watched machines. Yeah, if we weren't so distracted that might work. The logs, though, tell me that ain't doin' it.

Multiple computers with multiple accounts on each computer doesn't help. Neither does running OS X, there's not much of a market for OS X access management (see: Children Online: Web Filters); they are sold but I can't find any reviews from anyone I trust [1]. There might be a market except Apple bundled Parental Control into the OS.

Oh, wait, why not use Apple's Parental Control features? Because they're $#!$#!$ broken and they've been $&*^%^% broken for years. Maybe they're fixed in 10.6, but I lost my trust in Apple years ago. This is one of the things they can't do.

Our new Time Capsule (AirPort Extreme) doesn't support any kind of domain blocking, but our Qwest 2Wire DSL modem does. It's pretty crude though, and it turns off services for everyone.

So I'm back to ad-supported OpenDNS, which I got away from in my post-gerserker simplicity quest.

In the past I'd configured my router to use the OpenDNS Nameservers (just enter the IP addresses in the DNS settings), but this time I figured I'd change it for the one machine that's hardest for us to track.

I was hoping OS X would allow each account on the iMac to have its own Location Setting, but, unsurprisingly, this is a machine setting. I had to create a new Location I titled "OpenDNS" and change the DNS settings for that location only. You can stay with DHCP configuration, any IP addresses entered here over-ride the DHCP provided configuration.

That's now the default for every account on the iMac. Parents can change it of course, but the trick will be remembering to change it back! (If the kids figure out how to change Location Settings I'll have to either lock it down or make the changes on the router.)

My old OpenDNS account still worked, so I adjusted my custom filters to fit our current needs. I also discovered my external (Qwest) IP address had changed since I last used OpenDNS, so I'll have to monitor that. (OpenDNS uses the IP address to apply custom settings.)

We'll see how this goes ...

[1] I assume this software digs into OS innards, so I ain't letting it near my machine unless it's been blessed by geeks I trust.

Update 12/15/09: OpenDNS works well for us. I use OS X Location to switch to Google DNS if I want to bypass OpenDNS filters. So far the kids haven't found that technique. I would like it if OpenDNS offered me a password option to open up traffic.

I found that my IP address was changing, which breaks OpenDNS filtering. I had to install the small OpenDNS updater app. It seems modest and well behaved. I start it with each login and it checks for DNS changes. If one is found it updates my OpenDNS settings.

1 comment:

David Ulevitch said...

Let me know how it works out. I'm here to help if you need. david at opendns dot com