9/20/10
9:47 am

MacMost Now 453: Beyond Parental Controls with DNS

You can block web sites and protect all of the devices in your house using DNS controls. A service like OpenDNS allows you to prevent any computer or device on your network from going to categories of sites or a specific site. You may also be able to block sites using your DSL or Cable Modem's controls.

Video Transcript
Hi this is Gary with MacMost Now. On today's episode let's go beyond parental controls and look at blocking websites using DNS. So way back in episode number 49 I talked about Mac parental controls and these are great for a single Mac. But, what if you also have other devices? Maybe iPod Touches, iPads, game consoles and other things, hooked up to your network and you want to prevent the kids in your house from visiting certain websites? Well you can do this by controlling the domain name servers hooked up to your network and you can do this all the way up at the router level. So every time that any device on your network asks for a website it has to go to the DNS service and figure out where that server's located. Now if the DNS service intercepts certain websites and directs to a page that just says this site is blocked then you prevented any device from your network from accessing it. Now one search service is called OpenDNS. You can go it OpenDNS.com and sign up for an account there. The basic account is free and I know a lot of different parents that use this. And once you sign up for it you can set a level for which sites are allowed on your network. So for instance you can set it to high, moderate, low, etcetera. You can also customize it by adding individual domain names, you can see that there at the bottom and you can also click on the custom setting and this will allow you to then pick specific categories to exclude on your network. Now what happens when you try to visit one of the sites its on one of those categories or specifically blocked is you get a page that looks like this and you can see Open DNS is advertiser supported so you also get ads on the page as well. But you can't go and access that website and this will work on any computer hooked up to your network not just one specific device. The way you set this up for instance if you're using an AirPort base station you go into your settings and under internet you can control the DNS servers. And you can see there set here to be the Open DNS DNS servers. So once you do that any device that's hooked up wirelessly or wired to your AirPort will then have to go through these DNS servers and then any sites that are blocked will get that blocked message rather than displaying the website. Alternatively you could go one level up from your AirPort base station and set the DNS servers for your cable modem or DSL router or whoever you use for an ISP usually there are control panels that you can access, it's different for every single model, every single service, so figure out how to get into your controls there, look for the DNS settings and you can set those to Open DNS as well. Open DNS has a whole set of instructions for many popular routers out there. Now there are ways around this. For instance, you can set the DNS for each individual computer. So for instance, you can have Open DNS set for your router or AirPort base station and then just go into your individual Mac and set it to another DNS service like a Google service and will bypass the entire thing. However, that only works for admin accounts. So, if you have your kids setup on a standard user account they won't be able to change their DNS controls. Another way to do this is to go to your controls for your cable modem or DSL router and see if you can block things there. For instance on mine you can. You can add IP addresses or domain names to it and it will block for the entire network. And you won't be able to get around this by simply changing DNS on an individual device. In addition, you can be really clever and actually block alternative DNS services, so that the only way to get DNS is through Open DNS. Well of course this solution isn't perfect , none is. For instance, iPhone and some iPads have 3G connectivity, so you can just bypass your local network completely. A neighbors house may have open Wi-Fi and of course there open Wi-Fi hotspots, there's friends houses, there's even schools and libraries, things like that, that your kids can use to get to any website. So of course solutions like this only work so far as you are smarter than your kids as far as internet connectivity. Till next time this is Gary Rosenzweig with MacMost Now.

Comments: 3 Responses to “MacMost Now 453: Beyond Parental Controls with DNS”

    Matt
    9/21/10 @ 6:01 am

    Thanks Gary! May I request for a HDD to SDD migration for macbooks tutorial sometime in the future. Highly appreciated thanks..

    Scott
    12/11/10 @ 12:29 pm

    Hey Gary,

    I am switching from Windows to mac. Currently i use a program called K9 Web security to prevent adult sites, ect.. from being accessed. Dose Mac OS X 10.6 Snow Leopard have this capability or do i need to go to OpenBNS? What if i dont have a network and just have a single laptop i need to protect no matter where the wifi signal is coming from? Any other programs out there to accomplish this?

    Scott

      12/11/10 @ 12:44 pm

      Snow Leopard has this in Parental controls. See episode 49 (http://macmost.com/parental-controls.html). I do recommend OpenDNS (or similar) because it will also work with other devices. Now that smart phones and other mobile Internet devices are being used more often, it isn’t enough to just have one computer locked down. See this episode. But for a single laptop that moves around, Parental Controls are probably what you are looking for.

Comments Closed.