I set my router and devices to resolve to the OpenDNS “Family Shield” address to block offensive content from getting through the wi-fi router. Here’s how to set it up, get the dashboard (and actual blocking) to work, and what I learned about IPv6 incompatibility.
Cut it off at the Source.
I decided it was time to put an adult / offensive content filter between the internet and my household, because we have 3 children who increasingly like to consume YouTube and online games content. Even though I plan on changing all devices to also resolve to Family Shield DNS servers (in case they bypass our router by using cellular networks or another wi-fi network), it’s important to set our router to do the same, as it’s the main gate to our internet.
The one-two punch for Internet filtering: Set both the device and the router to resolve to a filtering DNS.
Why? Because most people don’t know how to change their DNS settings–they’ve never even been in their router’s settings, and couldn’t find such a thing if their life depended on it. The cable guy or phone company set it up. You’re going to send your children to their homes with a phone or tablet, because those people are your child’s grandparents and friends, and they’re going to have filter-less web browsing unless their device is set to resolve to an adult-content-blocking DNS.
Content Blocking? Didn’t I install an app for that?
Yes. And I’ll keep using some of those apps, because they’re good at limiting screen time, telling me where my family is, or also helping to block bad content.
One app to rule them all? Probably not, but let’s set goals…
Maybe we still need to install parental apps, but I only want to use one app to do that stuff, across all devices. I can no longer deal with Google Family Link for Android devices, Microsoft Family for PC/Surface devices, Amazon Kindle’s nonsense for whatever it’s supposed to do… I think it’s an app that parentally controls me to break Kindles over my knee and throw them in the trash once I realize there’s going to be one more unusable app to deal with. I don’t buy Apple products, so the only time I have to deal with their appstore insanity is when someone asks me to take a look at an issue. Basically, I’m trying to simplify by narrowing down the platform ecosystem I live in, but it’s not easy to get to one silver bullet solution.
Even with only 2 or 3 OS platforms to deal with parental apps on, it means I have to be a timecard machine and daily calculator of aggregated-privileges across devices for 3 people (my children). E.g., if my child has a Surface tablet and a Chromebook–and I want them to have 0.5 hrs screen time on school nights, and 3hrs screen time on weekends–if I put those time limits in the Windows app and the Android app, the kid can use their full limit on the Surface, then their full limit on the Chromebook, effectively doubling the screen time I wanted them to spend. The 2 different apps do not communicate with each other to delegate and enforce time rules.
Windows doesn’t make phones anymore.
So I’ve tried to move everyone to Windows devices to use one platform, with PCs and Surface tablets, literally throwing out Kindles and other devices. The Windows / Xbox / Microsoft family app is pretty good, in my opinion. But Windows doesn’t make phones anymore. And so we’re back to the problem of using multiple apps to control screen time, etc., now that our eldest child is using a phone.
Even more device platforms…
And although we’ve managed to relegate all games to PC or android phones/tablets until now, eventually I’m sure someone’s going to talk us into getting a console, like Nintendo Switch, and I have no idea what to do for parental controls on devices like that. I’ve thought about paying a $50/yr subscription fee to Norton Family, since it’s cross-platform, but I’m not sure yet.
Blanket solution for content filtering
So the best “blanket” solution I’ve thought of so far for content filtering across devices is just to resolve all devices and our router to a “safe” DNS address. It’s not going to help with screen-time budgeting, but it will help with preserving a modicum of innocence. I think. (Who knows what other kids will have access to and be sharing).
One last rant on a “Parental Control App”: Google Family Link
Google’s Family Link has been a tremendous disappointment in that it’s too restrictive (even this conservative blog, which seems to advocate blocking everything, says so). With the “kids tube” product it forces on children as a YouTube replacement, it has zero content my kids wants to watch. And parents can’t opt their children out of it and back into the real YouTube in safe-search mode.
It’s all or nothing–create a new Google account entering your child’s true age and get stuck with their overly-restrictive User Experience, or lie and set up a profile telling Google your child is 18-yrs-old, but you won’t qualify for being monitored or protected by a parental controls app.
Google is shipping such half-baked product, last I read, they won’t be able to convert a Google account to one with normal adult privileges when a child turns 18. Can you imagine getting an email account at age 5 to play Angry Birds, and you use it your entire life with all your school mates and family, and then you have to leave it behind when you turn 18 because Google can’t figure out how to convert it to have different privileges? I hope I’m wrong about this soon, because it’s sad.
Yes, Google, the company that makes tens of billions in annual profits from internet ad revenue doesn’t allocate enough resources to make a good parental controls app to responsibly shield children from the dangers of the internet. If you want to shield your child from this brave new world, then Family Link is literally the least they could do to help you with that.
My daughter cried and almost refused her first phone when told there would be a parental app installed on it, because of her experience with the Family Link app. It makes a device effectively worthless to children… which may be its content blocking strategy?
Why OpenDNS Family Shield?
I saw it recommended on a couple sites, and the free option looked good enough.
Well, actually…
After starting this blog, I realized I didn’t actually use the “Family Shield” DNS numbers, which are 208.67.222.123
and 208.67.220.123
.
I simply used the OpenDNS numbers and set up a free account so I have a settings dashboard to set filtering levels. The OpenDNS nameservers are 208.67.222.222
and 208.67.220.220
. I figure this way is more customizable. And I did have to customize, as the settings were too restrictive for me–it wouldn’t let me pull up GIF sites, and I love animated GIFs.
What’s the problem with IPv6 and OpenDNS Content Filtering?
Does not work together. There’s actually a page where they list some IPv6 DNS addresses, and I entered them in my router and rebooted, and then OpenDNS finally said I “Passed” the test of resolving to their DNS (got the orange check instead of the red x), but:
- Their own Dashboard wasn’t showing me any results about my household’s browsing stats.
- Their own Updater app–that’s supposed to see if my router’s dynamic IP address has changed, and then update my OpenDNS account with that info–doesn’t show an IP address for me/says I’m not “Using OpenDNS” when I have IPv6 turned on.
- And most importantly: I tested it by typing in what should be a restricted URL, and I was able to go to that site just fine.
IPv6 may work for resolving to OpenDNS servers, but it does not work for the Family Shield part of the deal.
How to install the filtering DNS on your Router
Just do what the instructions say. I’m going to reprint them here:
1. Open the preferences for your router.
Often, the preferences are set in your web browser, via a URL with numbers (example: http://192.168.0.1 or http://192.168.1.1). You may need a password.
If you’re like us, and you set the router password long ago and cannot remember it now, you can often reset the password to the manufacturer default by pressing a button on the router itself.
Or preferences may be set via a specific application for your router, which you installed on your computer when you added the router.
2. Find the DNS server settings.
Scan for the letters DNS next to a field which allows two or three sets of numbers, each broken into four groups of one to three numbers. It might look like this:
3. Put in the OpenDNS server addresses as your DNS server settings and save/apply.
Please write down your current settings before entering the OpenDNS addresses, just in case.
- 208.67.222.222
- 208.67.220.220
4. Cache Flushing.
Once you have configured your DNS settings and saved them, we highly suggest that you flush your DNS resolver cache to ensure that your new DNS configuration settings take immediate effect.
5. Check your Settings.
Once you have configured your DNS, check the router has retained the settings.
Great Copy/Paste Job. So why am I reading this here?
Why did I write a “how to” post where I just copied content from the OpenDNS site?
Because of the part I had to figure out myself, and it took a long time to do so: That “OpenDNS” won’t work with IPv6 mode. Don’t try it at this point. Just go into your router and turn off that option if you had it checked (it’s still default to enable IPv4 in routers, I think, but I had enabled IPv6 for years with no issues until now).
IPv6 may work for resolving to OpenDNS servers, but it does not work for the Family Shield part of the deal.
IPv6 doesn’t work for DYNAMIC IPs
Although Cisco wants you to know that they support IPv6, even for content filtering, I had to finally stumble across the fine print for why it wasn’t working for me: It will not work for networks with Dynamic IP addresses. Well guess what: Most people with a home network have dynamic IP addresses. It usually costs a significant upcharge to obtain a static IP from your ISP. In other words: you should probably shut off IPv6 for your home router if you’re trying to resolve to the OpenDNS servers.
How to install on your Devices
For your non-router client devices, like phones, TVs, PCs: Those instructions are on the DNS site too. Just choose the correct category. My rationale for setting the DNS on both the router AND devices is above.
Other things worth mentioning:
You’ll need to make a free account.
You’ll need to sign up for a free account to enter stuff like your preferences on how strict you want the filter to be. More on that at this blog post.
Download the Updater app.
You should probably download the little utility app for your Windows or Mac OS because your router probably changes its IP address periodically (if it’s a “dynamic” IP address). Having the updating app on a home computer or device that is on the network, and preferably used often, will help keep the system working with updated blocked content, I presume.
You can brand your account.
I like this part.
Good luck on your content filtering!
I asked my wife to tell me if anything weird happens, like difficulty with online shopping carts, browsing problems she normally has no issues with, or social media glitches. I’ve streamed some TV content on various services and have not had trouble with any slowdowns or blocking. I’m writing this on the day I started using it, so we’ll see how it goes from here.
Leave a Reply about how this blog changed your life.