Block Web Sites and More with OpenDNS

OpenDNS offers quicker and more reliable Web browsing, but when you sign up for a free OpenDNS account, you can also get other features such as content/domain blocking and access to your DNS usage statistics.

by Joseph Moran

Last week, we saw how you can enjoy quicker and more reliable Web browsing simply by using the DNS servers maintained by OpenDNS rather those of your ISP. But when you sign up for a free OpenDNS account, you can also get other features such as content/domain blocking and access to your DNS usage statistics.

The first step is to use the Create account link in the upper right corner of www.opendns.com to register with the site. (Your account won't be confirmed and activated until you respond to an e-mail sent by OpenDNS.)

When you log into your OpenDNS account for the first time, you'll be taken to the Settings tab where an "add a network" link will let you associate your network to the account. You won't need to supply any IP address information since it will automatically be detected and filled in for you. Once your network is added you'll see it listed under Manage your networks, and then you can click the wrench icon customize your settings.

Content/Site Blocking Options
Note that the blocking features OpenDNS gives you aren't equivalent to those you'd find in dedicated software or a broadband router with a paid content filtering subscription. For starters there are relatively few content categories to choose from, and since there's no per-system or per-user configuration, the settings you use apply to every person and computer on the network. Still, if you don't need more than basic blocking capabilities, OpenDNS offers an excellent and free way to get them.

To use the OpenDNS blocking feature, start by clicking on Adult Site Blocking. Here you'll be able to select from a half-dozen adult content categories to block access to. If those on your network are technically savvy enough to try and circumvent the OpenDNS content filters by using proxy or anonymous access servers, you can block access to those kinds of sites as well. (Remember to click the Apply button at the bottom of the page for your settings to be saved.)

Some of OpenDNS's blocking choices can be a bit counterintuitive; TMZ.com is considered a lingerie/bikini site, for example. If you're not sure what category a particular site would fall under (or if it would be even blocked at all), use the Check a domain link in the left margin on the page, which will let you enter a Web site to see if OpenDNS will block it, and if so, why. (This feature is cumbersome for checking more than a few sites, however, because it requires you to enter a "CAPCHA" code for each lookup.)

A convenient way to prevent access to specific sites is to select Domain Blocking. Here you'll be able to type in the exact site name to be blocked, like myspace.com. Note that for best results you should not use the www prefix when blocking domains by name; this way, all the pages within a given domain will be blocked, not just the ones that start with www. Conversely, if you find that a site you actually want to allow is contained within one of OpenDNS's adult categories you can use the Whitelist feature, which will keep it from being blocked.

Something to keep in mind whenever you change OpenDNS blocking settings is that they don't take effect instantaneously. According to OpenDNS, it can take between 5-10 minutes for changes to be updated to their servers. Moreover, if you block a site that a computer has previously visited, some of the site's pages may still be accessible because they're in the browser cache. Clearing the browser cache will eliminate this issue. (In Firefox, click Tools|Clear Private Data, and check the Cache box. In IE it's Tools|Browsing History, then click the Delete Files button next to Temporary Internet Files.)

Customization and Statistics When anyone on your network tries to access a site blocked by OpenDNS, they'll be greeted by a generic blocking page, but both the Adult Site and Domain Blocking features allow you to include your own admonition instead. Just click Use a custom message on either feature's page, but make it brief because you only get 100 characters. Similarly, you can include a customized message within the OpenDNS Guide Page (click the Guide Page link) or even upload your own logo to appear on the Guide Page and blocked site pages too (use the Your Logo link).

Another handy feature you get with OpenDNS is Network Shortcuts. Remember the example I used last week about inadvertently typing www.pracnet.net instead of www.practicallynetworked.com? With Network Shortcuts, you can avoid such issues by creating your own shorthand versions of frequently used addresses to type into your browser, like "pracnet" for Practically Networked or "bank" for Bank of America. Just select Network Shortcuts, click Set them up here, and follow the prompts.

If you want to get a birds-eye view of what sites you or others on your network are visiting, turn on the OpenDNS Stats and Logs feature. Once you do, your network statistics will be accessible via the Stats tab at the top of the OpenDNS home page. (Don't go there right away though, because it will be several hours before any data appears.)

Using Dynamic IP Addresses
OpenDNS is able to only do things like block sites and provide statistics when it knows the IP address your ISP assigns to you. If your ISP changes this address periodically — as many do — then all of OpenDNS's account-related features, like blocking, shortcuts, stats, etc., will stop functioning.

Therefore, in order keep OpenDNS in the loop each type your IP address changes, you need to use the Dynamic DNS feature. Start by selecting …and more|Set Up a Dynamic IP from the OpenDNS Settings page, then put a check next to Enable dynamic IP update and click Apply. Next, go to the Web site for OpenDNS's Dynamic DNS service, which it calls DNS-O-Matic (www.dnsomatic.com). You don't need to create a new account here — just click the sign in link and use your OpenDNS logon info, and then click the Update Account Info button to link the two services.

You might be wondering why OpenDNS uses its own Dynamic DNS service rather than working with one of the commonly used Dynamic DNS services like DynDNS. It's mainly because OpenDNS's goal is merely to keep itself apprised of your address changes, in contrast other Dynamic DNS services which are usually designed to provide you with a consistent hostname for remote network access.

Therefore, you'll still need to use DNS-O-Matic even if you already use DynDNS or a similar service. Moreover, while the majority of broadband routers can be configured to automatically send IP address updates to DynDNS, they won't do the same thing for DNS-O-Matic. The upshot of all of this is that you'll need to keep a utility running on one of your systems to do the job — perhaps the simplest is the DNS-O-Matic Updater, which can be found at dnsomatic.marc-hoersken.de/. Just download and run the utility (no installation required) and then enter your OpenDNS login info. Once it's running, right click the utility's tray icon (the Orange "O") and select Enable AutoStart so the program will run each time Windows loads. (There are other free updating utilities — including ones for the Mac — available at www.dnsomatic.com/wiki/software.)

Finally, privacy is a big issue these days, so you may have some qualms about using a service like OpenDNS. If so, check out the OpenDNS Privacy Policy at www.opendns.com/privacy/ , which may address your concerns as it is written in relatively straightforward English and is not excessively verbose.

 

No comments: