I have Telus-supplied ActionTec v1000H, and would like to use OpenDNS as my DNS server, mainly for family-content filtering at the router level.
I've tried changing the DNS addresses in a couple of place that look obvious (to an uneducated eye) but things aren't working.
Under "LAN IP settings" there's a place where one can enter "Set the DNS values" and statically assign them. I set those to the appropriate OpenDNS values, rebooted the router and so on. Didn't seem to work in that OpenDNS does see DNS requests coming from me.
What do I have to change do get this working? Is this possible? Thanks!
Greg.
Just follow the picture below, and you will be running on the dns you choose
There are many many ways to get around DNS blocks, or any "parental control" type system. As I said if you are trying to block accidental viewing with said methods, they should work fine. If you are trying to block intentional viewing, you will not have success. No matter what method you choose, they will find a way around it.
Blocking port 53 is likely impossible on most consumer routers, as you would need to block it on the forward chain with a source of the WAN interface, but not the input chain, something I've only ever seen on enterprise level equipment, mind you I haven't used consumer equipment in years, so I could be wrong now.
A transparent proxy would be the only method that would have a reasonable chance of blocking access, this would require a dedicated server with a reasonable amount of processing power, and even then, its only as good as its blacklists. Proxy websites pop up under different names almost daily specifically for this purpose, and VPNs are also usually immune to transparent proxy's.
Then what do you suggest to prevent a teenage boy from accessing inappropriate content online?
Nothing. If they want to view porn, you won't be able to block it. There are ALWAYS ways around content filters. OpenDNS works great for protecting younger kids from accidentally stumbling upon inappropriate sites, however it is basically useless against intentional viewing. Even with enterprise hardware and a transparent proxy, all you have to do is find a single unblocked proxy site (blacklists don't/can't list every possible site) or run TOR and they are through the block.
You're going about this the wrong way, even if you think it's working, I can guarantee you that they're getting around it.