How to Block Porn Sites and Phishing Sites AND Speed Up Your Home Network

OpenDNS

— How to Block Porn Sites and Phishing Sites AND Speed Up Your Home Network using OpenDNS–

EXECUTIVE SUMMARY
Improve your home network by using OpenDNS. Web pages will load more quickly, and dangerous/inappropriate websites will be blocked. All you have to do is change your router’s DNS numbers. Read the whole article to know which numbers to change them to.


If you could protect your home network, blocking porn sites and phishing sites, and you could do it simply, would you do it? What if it also made your network faster? What if it didn’t cost anything? I think you’d do it. Read to the end of this article and you’ll know how.

Even if all you want is “faster” this article is for you. I had a delay of almost one second before web pages started to load using the default AT&T DNS numbers. Using the same internet service, in the same location (the same chair!), but using OpenDNS, the delay went away. You can set up OpenDNS to use their domain name servers without any filtering– that works just fine too.

The Problem

Sometimes people go to websites by mistake, and sometimes those websites are full of trouble. They might be phishing sites (where they imitate a “real” site, and try to get you to give them your email address and password) or they might be “adult” sites that you don’t want your kids and their friends getting into. Or they might be sites full of pop-up “scareware” to lure you into spending money to remove viruses that you don’t have. (See my article on fake virus scams.)

People end up on these bad websites by making mistakes. Maybe they clicked links that claimed to be something they weren’t (for example, “Click here to update your Flash plug-in!“). Or maybe they mis-remembered a URL and typed it in wrong (playmonopoly.com instead of the real address, playmonopoly.us). Maybe they clicked a link that was one letter away from being the site they really wanted to go to, or maybe they made a typo and instead of “.com” they typed “.cm” or “.co” or “.om.” (Read more about “typo squatting” here and here.)

The Solution: Internet Filtering

Wouldn’t it be cool if there was a list of bad websites, and your network knew about it, so if you accidentally tried to go to a bad website your network wouldn’t load it? Turns out that lists like that do exist. All your network has to do is check your website requests against the “bad” list, and refuse to send you to bad sites. (It’s better to do the filtering at the network level rather than on each machine, because if you do it at the network you only have to do it once. Basically, you make one change in your router, and the whole network’s protected.)

A little bit of background

The internet works on IP addresses, not names. But you don’t type IP addresses into your web browser. You type domain names, like apple.com, christianboyce.com, amazon.com, etc., and somehow your browser knows to send you to 216.92.134.247. Actually, it’s not “somehow.” Something called the Domain Name System (DNS) makes it all work. DNS servers are computers that store giant two-column, always up-to-date lists: one column with domain names (apple.com, christianboyce.com, amazon.com, etc.) and the other column with the corresponding IP addresses. You type in a domain name and the DNS system looks it up in the list. When it finds the IP address it sends your web page request, and soon after the page begins to load. This is sort of like tapping a speed-dial button on a phone– you want to call Joe and the phone’s programming tells it to dial Joe’s phone number.

Obviously, the Domain Name System is very important. Internet service providers (ISPs) generally set you up to use their Domain Name servers because (a) it’s easy, and (b) they can track your use of their service (because they’re the ones looking up your requests). ISP domain name servers usually work, but they can be slow– you might notice a lag after you type in a URL and hit Return. That’s the time the Domain Name server took to look up what you typed and translate it into the IP address it needs to be. Another problem is that DNS servers sometimes get overloaded, and when that happens you can’t go to any web pages at all. (Time Warner Cable’s Domain Name servers have this problem and most people “solve” it by restarting their modems– a hassle.) And, to get back on topic, the typical DNS sever does not provide filtering

You can block porn sites, block phishing sites, and speed up the lookup process– by setting your network to use better domain name servers. The best ones (fastest, most reliable, with the best filtering) are the ones from a company called OpenDNS. They make their money providing services to businesses– but they provide services to families and individual for free. If you know how to change your DNS numbers, switching to OpenDNS is a no-brainer: t’s faster, safer, and free. If you don’t know how to change your DNS numbers, read on and learn how. Or get an 8th-grader to do it for you.

How to Change Your Router’s Domain Name Servers

If you have a simple modem, and it’s connected to an Apple Airport base station, you’ll change the DNS numbers using the Airport Utility and be done in minutes. Here’s what it looks like:

Airport Utility showing OpenDNS
Airport Utility showing OpenDNS. Click for full-size image.

Restart everything when you’re done– the Airport(s), the Macs, the iPhones, your Apple TV. Everything. Otherwise your changes won’t take effect. Start with the modem and work your way in. First unplug-replug the modem, then the Airport, and then the computers.

If you have a combination modem-router, like the ones that Uverse and Time Warner supply, you have to get into its settings and change the DNS numbers to OpenDNS’s. Usually this involves typing in the router’s address, which you can get from your Mac’s System Preferences/Network. Ethernet users will see the Router’s address listed in the Network Preference Pane. WiFi users have to click the Advanced button, like so:

WiFi Network Settings
WiFi Network Settings. Click for full-size image.

Here’s what you get after clicking “Advanced.”
Router Address in TCP/IP section
Router Address in TCP/IP section. Click for full-size image.

(PC users can find the address of their routers by typing “ipconfig” on the command line.)

Now type the router’s address into a web browser and hit return. You’ll probably be asked to enter a username and a password, both of which should be on a sticker on the modem-router itself. Once you do that, look for the DNS settings. On the Arris modem-router (common in Time Warner installations) you’ll see the page below when you click on the LAN tab.

Arris router DNS settings
Arris router DNS settings. Click for full-size image.

All you need to do is change the DNS numbers that Time Warner supplies to the OpenDNS numbers. There are two choices, each with benefits. “OpenDNS Family Shield” is the simplest, and requires no signing up with OpenDNS. It is pre-configured to block the bad stuff while delivering good stuff faster. “OpenDNS Home” gives you everything that Family Shield gives, plus it’s customizable. You can control the level of filtering, you can specify that certain websites should be allowed through no matter what, and you can choose to filter out specific kinds of websites (such as phony sweepstakes sites, academic fraud sites, and gambling sites) while allowing others to get through. Family Shield is not customizable at all.

If you choose “Family Shield” simply change your router’s DNS numbers to 208.67.222.123 and 208.67.220.123. If you have room for a third DNS server you might try Google’s DNS: 8.8.8.8. The reason you need more than one is sometimes a server is busy, or offline for maintenance, and at those times you will be glad you specified more than one DNS server.

If you choose “Home” you’ll change the DNS numbers to 208.67.222.222 and 208.67.220.220. Then you’ll create an account to manage your settings.
OpenDNS has tutorials to help you: for Family Shield, and for Home.

After making the changes, restart the networking equipment, and your Macs, iPhones, iPads, Apple TVs– everything that uses the network– and you’re done. You can test that you’ve done it right by going to this page on the OpenDNS website and using the test link there.

Whether you choose Family Shield or Home, it is very important that you change the settings in the router and not on your computers and iPhones etc. Technically, you could change the settings on every device rather than the network, but that’s a lot more work, and in my experience, you’ll have problems at airports and hotels when you try to use their WiFi if you’ve changed your laptop’s DNS settings. That’s because the airports and the hotels want to track you, and the way they do that is by monitoring what their DNS servers do. Thus, they really, really want you to go through their DNS servers, and if you don’t, they simply block all traffic to and from your device.

Naturally you can put things back the way they were (default DNS) if you want. But I don’t think you’ll want do that. Remember, if you do make changes to the DNS numbers in your router, go back and unplug-replug everything, starting with the modem and working your way in.

Nobody’s Perfect, but OpenDNS is Close

OpenDNS’s servers do a great job of providing fast DNS services. That’s a reason to use OpenDNS right there. Their filtering service also works well, and if you get OpenDNS Home you’ll be able to customize the settings and review activity logs. Even so, it’s possible that a site you’d rather not see will get through, and a site you want to see will get blocked. In that case, you’ll go into the settings and explicitly allow some sites and disallow some others (whitelisting and blacklisting, respectively).

It’s also important to note that OpenDNS protects your devices only when they’re on your network. If you take your laptop to a coffee house or the airport it’s no longer protected. And, if your kids have iPhones and they use cellular data rather than your home WiFi, they won’t be protected either, because OpenDNS can’t do a thing about a cellular data connection. However, just because OpenDNS can’t do everything for you is no reason not to use it at all. You’ll appreciate the speed, and you’ll appreciate being steered clear of a large number of sites you didn’t mean to go to. Ever give your password away by entering it into a site that you thought was Yahoo mail, or Apple, or Chase? OpenDNS could have prevented the lookalike phishing sites from loading. (I can’t say for sure that OpenDNS would have saved the day in those cases. It is possible for someone to set up a phishing site without OpenDNS knowing about it. They can’t prevent what they don’t know about. But on the whole, OpenDNS protects you from a lot of trouble, so I’d set it up on your network if you can.)

In Conclusion

I’ve used OpenDNS on my home network for years. I like the speed and the protection. It costs nothing to use the service and you can always change back, so you really ought to give it a try. Follow the instructions on OpenDNS’s site (here, and here); contact me if you need more help.

by


6 thoughts on “How to Block Porn Sites and Phishing Sites AND Speed Up Your Home Network

  1. Thanks for the tips and tutorial. I too have them blocked on my office computers with the very same process mentioned here. It did really help employees watching porn during office hours.

  2. Interesting tips and tutorial. I have couple of questions,
    1) It is critical went using OPENDNS, the PC needed to be on 24/7? I saw some articles that PC needed to be on 24/7 in order for it to work well?
    2) ISP will change the IP..So how will that effect the blocking?. That is why OPENDNS users need to install a IP UPDATER.

    Thank you for your comments.

    1. OpenDNS Family Shield works at the router. You put the OpenDNS numbers into the router, and you’re all set. If your ISP gives you a combined modem/router you just put the numbers in there, and you’re done. You don’t have to worry about IP changes. If you put the OpenDNS numbers into your computer, those are the numbers it will always use. So you don’t have to worry about IP changes there either. However, for a laptop, I don’t recommend it. When a laptop joins a public network such as the ones at airports and hotels, your laptop may not work properly unless you use the network’s DNS numbers. To do that you can make a “Location” where it’s just pure DHCP– no hard-wired numbers. For a machine that stays in the house or the office, you can put the numbers in, and if it works, you’re all set. Send me an email if you need more help– use the Contact page.

      1. Dear Mr Boyce,

        Thank you for your comment. I enrolled in the OPENDNS Home FREE version, however, the blockage was a lot of hit and misses. I configured OPENDNS in my router, but I also run an WIFI extender (with the auto settings). I am not too sure why there were times it block porn sites, and other times, OPENDNS doesn’t.

        Anyway, I also installed the IP updater in my main PC. But lately, OPENDNS went completely DEAD. I had to reconfigure it several times a week just to make sure that it blocks out porn.

        I will try your suggestion to use the OPENDNS FamilyShield version (I have not used it before). See if it works better than the Home versions.

        Thank you

        Simon

Leave a Reply

Your email address will not be published.