Using OpenDNS with an ActionTec V1000H

Greg1 · ‎06-18-2016

I have Telus-supplied ActionTec v1000H, and would like to use OpenDNS as my DNS server, mainly for family-content filtering at the router level.

I've tried changing the DNS addresses in a couple of place that look obvious (to an uneducated eye) but things aren't working.

Under "LAN IP settings" there's a place where one can enter "Set the DNS values" and statically assign them. I set those to the appropriate OpenDNS values, rebooted the router and so on. Didn't seem to work in that OpenDNS does see DNS requests coming from me.

What do I have to change do get this working? Is this possible? Thanks!

Greg.

WestCoasterBC · ‎06-19-2016

Just follow the picture below, and you will be running on the dns you choose

Find a post useful, please click on "Like" to give the author recognition or mark as an accepted solution.

Kolby_G · ‎06-19-2016

Depending on the DHCP lease time you have configured, you may have to do a ipconfig /renew on all the client computers for this to take immediate effect.

Just an FYI it's trivial to get past DNS blocks. If your intent is on blocking accidental browsing then go ahead, but if you are trying to block intentional browsing then it's not going to work.

Greg1 · ‎06-20-2016

Thanks to both the last two respondents for very helpful comments. I've got that working now. A quick google search shows that it really is pretty easy to override the router dns setting by setting the dns servers within a client machine. Apparently a way to prevent *that* is to block port 53 on the router, which somehow prevents the overriding. Can that be done on the actiontec somehow? Thanks again

Kolby_G · ‎06-20-2016

There are many many ways to get around DNS blocks, or any "parental control" type system. As I said if you are trying to block accidental viewing with said methods, they should work fine. If you are trying to block intentional viewing, you will not have success. No matter what method you choose, they will find a way around it.

Blocking port 53 is likely impossible on most consumer routers, as you would need to block it on the forward chain with a source of the WAN interface, but not the input chain, something I've only ever seen on enterprise level equipment, mind you I haven't used consumer equipment in years, so I could be wrong now.

A transparent proxy would be the only method that would have a reasonable chance of blocking access, this would require a dedicated server with a reasonable amount of processing power, and even then, its only as good as its blacklists. Proxy websites pop up under different names almost daily specifically for this purpose, and VPNs are also usually immune to transparent proxy's.

rrolly · ‎11-13-2016

Then what do you suggest to prevent a teenage boy from accessing inappropriate content online?

Kolby_G · ‎11-13-2016

Nothing. If they want to view porn, you won't be able to block it. There are ALWAYS ways around content filters. OpenDNS works great for protecting younger kids from accidentally stumbling upon inappropriate sites, however it is basically useless against intentional viewing. Even with enterprise hardware and a transparent proxy, all you have to do is find a single unblocked proxy site (blacklists don't/can't list every possible site) or run TOR and they are through the block.

You're going about this the wrong way, even if you think it's working, I can guarantee you that they're getting around it.