Filtering Web Content Via OpenDNS

Internet as world wide web
“WWW” by Marius!! is licensed under CC BY-NC-ND 2.0.

This article is to help users filter content on Android mobile phones and desktop computers. In-depth knowledge of computers or technology is not a prerequisite. If you have the patience to read through this article and follow my instructions, you should be able to set up a DNS based filtering mechanism on your smartphone. (I use OpenDNS but I do not have any commercial ties with that company. You can check out other services too.)

1. What does a Domain Server do?

When you type the address of a website in your browser, for instance, http://www.google.com, your phone or computer recognize the domain name ‘Google.com’ or of any other site. It does not know which computer in the world hosts that page or site. The browser might check the “hosts” file on your device to see whether there is any information there about “google.com”. Most probably, it won’t find it there – unless you have included it there!

The browser sends a request to a Domain Name Server (DNS), which is like a telephone directory. Such a request is called a DNS query. It’s like asking, “Which computer hosts the website ‘google.com’? The DNS server tries to match the domain name to an IP address — a unique address that each connected device is assigned on the Internet. Once the browser gets the IP address of the computer that hosts the site “www.google.com”, it can send a request to that particular computer (server) and retrieve the site/page you asked for. (Click here to see an illustration)

2. Switch to OpenDNS

You mobile service or home Internet provider may have DNS servers. The IP address of those DNS servers may be stored in your phone. Instead of using those DNS servers, you can force your computer/phone to send all DNS queries to OpenDNS.

2.1 Home/Office Router

This is an optional step. If the modem-cum-router provided by your Internet Service Provider (ISP) supports custom DNS settings, ask your ISP customer service whether they could help you change the DNS settings in the router and point those to the addresses of OpenDNS. OpenDNS always makes available these servers for DNS queries: 208.67.222.222, 208.67.220.220. These values should be entered in the router (through a browser). Your children/employees should not know the password to the router’s settings.
Your ISP could help you with this. If they can’t do it or if the router does not support it, this step can be omitted. However, if you are able to get this done, I recommended that you change the DNS settings of the router.

2.2 Android Device

Step 1: Secure your phone
Ensure that only you, as a parent, have access to these settings on your phone:
a. Phone Settings
b. Google Play
If children are able to uninstall important apps that you install, there is no point following this guide. You can control access to phone settings, Google Play Store, and other apps by installing AppLock. Follow the instruction in the app during installation. Grant it the necessary administrator privileges and set a secure password. Lock Phone Settings and Google Play Store.

Step 2: Change DNS server settings
Install an app that can change the DNS server addresses on your phone. You could install DNS Changer. Soon after installation, lock access to this app using AppLock.

From the drop-down menu in the app, select OpenDns. The IP addresses of OpenDNS service (208.67.222.222, 208.67.220.220) will automatically appear there. Click the “Start” button to begin using the new DNS service. IMPORTANT: This step by itself doesn’t offer any protection until you create an account with OpenDNS. That will be explained below.

The advantage of using an app such as DNS Changer is that it will make sure that your phone will always use OpenDNS servers for DNS queries whether it is on Wi-Fi or on the local phone network.

How to change DNS settings on an iPhone 10 or an iPhone 11?

Step 3: Set up an OpenDNS account
Visit OpenDNS on your phone (or whichever device you are configuring right now) and sign up for a free account for your home/small business. It may be good to read this blog post on your phone so that you can click on the links I have provided. After signing up, check your email. You have to verify your email address by clicking on a verification link email to you. Your account will be activated after this.
Now, visit their settings page.

Since you have not yet created any “network”, there is nothing to select here. You need to enter the IP address of your phone in the space provided. DO NOT enter the IP Address that you see in your “About Phone” or “Phone Status” section of your phone’s settings. Instead, click here. You current IP address will be displayed. Enter that address in the space provided. Then, click “ADD THIS NETWORK” button. After your phone’s network is added, assign it a name – such as “Android-1” or similar.

Step 4: Set up the OpenDNS filter
Now that your network has been added, you can select that network using the drop-down menu on the Settings page. Choose your filtering method. I suggest you select the custom option. Tick all the boxes that correspond to the categories of websites you wish to block: adult themes, pornography, lingerie/bikini, nudity, gambling, sexuality, drugs, visual search engines, chat services, anime/manga/webcomic, tasteless, web spam, etc. If you don’t want your children /employees to access illegal file sharing sites, select “P2P File/sharing”. Selecting “Video sharing sites” will block YouTube also.
At the bottom of that settings page, you can manage individual domains/sites. I suggest that you block Wikipedia using this facility. Wikipedia displays all kinds of terrible images in the name of freedom of expression. Enter “wikipedia.org” (without the quotation marks) in the space provided. Select “Always block” and click “Add Domain”.

You will be asked whether just the “wikipedia.org” site be blocked or an entire class of such sites must be blocked. Select the first option. You can block around 15 or 20 domains this way without any payment.

If you do not want OpenDNS to block a site, even when its class of sites is blocked, you can add that domain – for instance, classroom.google.com – to the above form and select “Never Block” before clicking “Add Domain” button.

Step 5: Enable Stats and Logs

At the top of the Settings page, in the left-side column, you will find a link to “Stats and Logs.” Follow that link and enable “stats and logs” so that you can later check which all sites were allowed/blocked during a certain time period.

If you don’t enable “Stats and Logs” you have no way to track misuse of the Internet by phone users.

Step 6: Install OpenDNS Updater
The IP address of your phone or Android device will keep changing. OpenDNS site will not be able to continue filtering content unless your new IP address is passed on to its servers. There is an app called OpenDNS Updater on Google Store that will update your IP address on OpenDNS servers. Please install it and enable all permissions and settings. You will have to login to the app using your OpenDNS credentials. Remember to enter the name of the “network” you created on OpenDNS for your phone.
IMPORTANT: Lock access to this app in AppLock.

Step 7: Disable/Lock all browsers/social media apps
If your child does not need to use an Internet browser, lock it using AppLock. All online learning might happen through Google Classroom, Moodle, or Zoom app. Small children don’t need to use a browser. Similarly, lock access to all social media apps. If your children need to use those apps, let them do so in your presence.
A lot of harmful content is shared between smartphone users via Bluetooth, WiFi server apps, Xender, etc. Lock access to all such apps and features.

CHECK THIS OUT: For Android 9 and above, there’s an easier way to change system-wide DNS settings.

2.3 Desktop Computer

Steps 3, 4, and 5 listed above should be repeated for desktop computers. But before you go about doing that, you need to follow certain steps.

Step 1: Secure your computer
Ensure that you have administrator privileges on your computer. Each of your children/employee can have standard user accounts. They should not have access to your account. They should not be able to install or uninstall programs.

Step 2: Change DNS server settings
We use Ubuntu Linux distribution on all our computers. Let me first explain how to change DNS server settings on a Linux desktop computer. In your computer’s “Settings”, choose the “Wifi” tab. Then, click on the little wheel icon next to your Wifi router’s name.

In the dialogue box that will come up, select the IPv4 tab. Disable “Automatic DNS” and enter the IP addresses of OpenDNS servers: 208.67.222.222, 208.67.220.220. Do not change any other setting. Click “Apply” and close the dialogue box. Under IPv6 tab, you can choose the “disable” option.


Repeat this step with your wired network’s options. Under “Network” settings in the main settings page, choose your wired LAN connection (if any) and enter OpenDNS server’s IP address.

On a computer that runs Windows, open its Control Panel. Choose “Network and Internet”. Click on “Network and Sharing Center.” Click on “Change adapter settings” on the left pane.

That will reveal your Ethernet (wired) network and WiFi network connections as seen below. Right click on one of the connections and select “Properties”. In this case, it is the wired “Ethernet” connection. (You have to repeat this process on your WiFi connection too.)

In the dialogue box that pops up (see below), click on “Internet Protocol Version” and then click “Properties” button.

Select the Use the following DNS server addresses option (See below) and enter the two IP addresses of OpenDNS servers – 208.67.222.222 and 208.67.220.220.

Then, click “OK” and close the dialogue box. Close other dialogue box too by clicking “OK.” In the “Network Connections” window from where you right-clicked on the “Ethernet” connection, you will see your WiFi connection too (if any). Repeat this step on the WiFi connection too.

Step 3: Set up OpenDNS connection
Follow the instructions given in Step 3 above under the heading “Android Devices”.
If you already have an account with OpenDNS, you can now login to your account and create a new “network” for your Desktop computer just as you created a named account for your Android smartphone.

Step 4: Set up the OpenDNS filter
Follow instructions under Step 4 above to create a new set of filter categories for your new OpenDNS network for the desktop PC.

Step 5: Enable Stats and Logs
Follow instructions under Step 5 above to enable Statistics and Logs for your new OpenDNS network.

Step 6: Install ‘ddclient’ OR to OpenDNS Updater Client
If your home/office internet connection has “Static IP address”, you can ignore this step. Static IP is mostly used by institutions and businesses.
Most home Internet connections are given Dynamic IP addresses. When your IP address changes, OpenDNS needs to know about it.
On Linux systems, install “ddclient” by following instructions given here.
On Windows/Mac systems, download and install the OpenDNS IP Updater client from this page. Detailed instructions for setting up the updater client is given here.

3. About Search Engines

Even after switching to OpenDNS, you will notice that search engines will throw up pornographic images. Popular search engines such as Google are notorious for this reason. There is a “safe search” option. But users can turn it off. For this reason, you could consider blocking “search engines” as a whole in OpenDNS settings. Or, you may block certain search engines. For the sake of keeping children safe, we may have to rely on safer, “child-friendly” search engines such as “Safe Search Kids” or “Kidzsearch.” (More)

On all our systems, I have disabled Google search engine. When you block Google, you normally end up losing access to Google Drive, Play Store, Gmail, Calendar, Contacts, etc. You may need to employ a proxy server with custom filters to block Google search and simultaneously allow other useful Google sites. More about that in a later post.

IF you liked this post, please click “Like” below. Feel free to share this post with your friends. Learn more about Refineria and about our ministry.

2 Comments

  1. Irene Jepkoech

    Reply

    Rev. Eapen, this is informative and very helpful, more so now that our children are asked to take their classes online. This couldn’t have come at a better time. Thanks a lot and God bless you.

Leave Comment

Your email address will not be published. Required fields are marked *