Ramblings on IT

OpenDNS is a free service I highly recommend – both for business and for home use. This post is targeted more at home use, and more specifically parents of computer-using children in their homes.

One of the biggest fears for parents when letting their children access the Internet from home is the accessing of inappropriate information (text/pictures/video), whether that access is inadvertent or purposely sought out.

As a caveat here, no mechanism is 100% foolproof, and as your children become more savvy than you in the ways of the computer world, they will eventually figure out what is going on. That could take a couple of years, or not. My 10 year-old son has a friend who thinks he knows a lot (and he does), but he was stymied when he was over for a play date and couldn’t get to places he though he should have had free reign over (he wasn’t used to an adult knowing more than him about computers).

Here’s a quick lesson on how the Internet works.

• Internet addresses are numerical like this: 123.123.123.123.
• So we don’t have to remember numbers, we use domain names – like microsoft.com instead. ‘Domain names’ are registered with its DNS (Domain Name Server) address information with a domain ‘Registrar’, and these Registrars tell all the other Registrars this same information. This is how Internet addressing gets propagated around the Internet.
• When we ask a computer to go to a ‘named’ address, it uses their designated DNS server to translate the name to a number that it can actually use. Your Internet Service Provider (ISP) provides DNS servers for you to use (and usually provides the information automatically). When your child types in www.<domainname>.***, it is these DNS servers that translate and deliver the numbered addresses back to the computer making the request so it can then get routed through the Internet to its destination and begin receiving information back.
• If you really want to get deep into how this works, go check out Wikipedia.

So the trick is to change where your computers obtain these IP addresses. OpenDNS categorizes web sites allowing you to go in and block whole categories (nudity, drugs, etc.). It’s not perfect, but it’s very close. Along with this function, you can also customize search pages with your own logo and messages when a site gets blocked (“what are you doing Spencer?”).

So here’s what you need to do:

• Set up an account with OpenDNS. Basic service is free and $10/year per household for more stuff – like a year’s worth of logging and ad-blocking.
• Register your address with OpenDNS (all your home computers will share the same address through a router – usually).
• Customize OpenDNS settings to block specific categories.
• Manually set your DNS addressing to point to OpenDNS (see below).

99% of home users are going to have a ‘dynamic’ Internet service, meaning your numbered address provided by your ISP is subject to change. So you will also need to:

• Install a piece of software to allow your computer to dynamically update your IP address with OpenDNS, OR
• Use a combination of services to dynamically update OpenDNS with your home router.
• CHANGE your DHCP (dynamic address allocation service) in your router to manually set the DNS addresses to 208.67.220.220 and 208.67.222.222. If you don’t have a router, and are directly connecting, you’ll have to set your TCP/IP settings on your computer’s network card to use these addresses manually (and then you should run, not walk, to the computer store and buy a router – yes, even if you only have 1 computer. It’s the best firewall protection you can have from the bad guys trying to get in).

In order to do the dynamic updating from a home router, you need 3 things:

1. An account with a Dynamic DNS Service provider like DynDNS. There are others, like www.no-ip.com, but the trick is to pick one that works with your home router. Which brings us to the 2nd thing you need:
2. A router that has ‘Dynamic DNS Services’ functionality built-in. You will find this somewhere in your home router’s web interface, usually under Advanced settings of some sort.
3. An account with DNS-O-Matic. Also free. Go here last and add both your DynDNS account and OpenDNS accounts.

Once set up, whenever your router gets a new IP address, it will notify DynDNS of the new address. Then your DNS-O-Matic account will check in with your DynDNS account, see there’s a new address, and report that to OpenDNS.

So why do all of this? The point is your OpenDNS account has to be associated with a specific network (your outside IP address) in order to know what you want blocked and to generate reports on your specific address.

This may seem like a lot of work and headache, but this is a one-time thing you can set and forget. Another added benefit is the OpenDNS servers are proven to be a lot more responsive than most, if not all ISP’s DNS servers, and a lot more reliable.

Last point – because this service is completely separated from your actual computer, it won’t have any impact your PC’s performance – a key point for older machines that choke on the large security packages from all the major vendors (McAfee, Trend, Symantec), which I loath to install, because they tend to take over your PC’s resources, especially on older systems, and they slow to a crawl.

Happy computing!