We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
DNS filtering (to block ads and parental controls)
Do_Not_Book_With_MyTrip_com
Posts: 25 Forumite
in Techie Stuff
Please can you tell what do you recommend/use?
I am using NextDNS and I am finding at router level it is flaky and unreliable (connection to websites play up and then work).
I am looking at safedns or cleanbrowsing.....
OpenDNS insists on displaying a block page which messes up when used at router level because selfsigned or no certificate.
Thanks.
I am using NextDNS and I am finding at router level it is flaky and unreliable (connection to websites play up and then work).
I am looking at safedns or cleanbrowsing.....
OpenDNS insists on displaying a block page which messes up when used at router level because selfsigned or no certificate.
Thanks.
0
Comments
-
Pi-Hole might be worth looking at.Designed for use on a Raspberry Pi but can be used on Debian and Ubuntu as well (Raspian, the OS for the Pi is built on Debian). Requires a bit of configuration (since you have to change router settings to force everything through Pi-Hole) but once done, everything on the network will go through it.2
-
None of this is going to help if the person being controlled uses DoH in the HTTP client rather than traditional DNS, so the router (or pi-hole) DNS is entirely bypassed..
Proud member of the wokerati, though I don't eat tofu.Home is where my books are.Solar PV 5.2kWp system, SE facing, >1% shading, installed March 2019.Mortgage free July 20230 -
TLDR: Another option to put in your mix is Cloudfare DNS - 3 levels, including malware and family safe blocking.Please can you tell what do you recommend/use?
I am using NextDNS and I am finding at router level it is flaky and unreliable (connection to websites play up and then work).
I am looking at safedns or cleanbrowsing.....
Nothing is going to be perfect on a DNS level control of websites unfortunately, I've tried various approaches including a PiHole and without doubt that will give the most control but still isn't perfect because some devices use a hard coded DNS server - I had to re-write the NAT tables in my router to capture the leaked DNS traffic.
Also things like referral links / cashback sites etc don't always work properly with DNS adblocking so you can't use them to save money - worth mentioning on the MSE forum! So you need an easy way to white list and having a local browser based adblocker such as uBlock Origin is easier to whitelist a site for that purpose.
Some legitimate websites don't work when adblocking at DNS level, for example I had an issue with Channel 4 TV catch up which refused to play content with DNS adblocking running.
For parental controls - I'm not sure of your exact use case (ie age group / types of site to block) here but DNS based parental controls are easily bypassed by the user by setting their own DNS server on their devices so you cannot prevent a determined user from accessing sites that you have decided to block. You would be better off combining with a router with proper built in parental control such as Asus AiProtection which will filter out the websites regardless of your DNS provider so it works much more effectively.
Having said that, parental controls are near useless with some kind of websites - for example if you want to block adult content, there are mixed sites such as Reddit with lots of "safe / clean" content and some adult content. Even Google images is a nightmare in that scenario as well.
OpenDNS insists on displaying a block page which messes up when used at router level because selfsigned or no certificate.
OpenDNS block page error - this is an issue when Open DNS is used at both router or local level because a secure (https) website has been redirected to a different domain so quite rightly the browser refuses to connect because the certificate is not for the original domain - there is a workaround where you install the certificate on the client machine but can't see why this is a problem as you have the desired effect of blocking the website anyway?
After months of playing with various options (my aim was adblock rather than parental controls) I gave up and repurposed my Raspberry Pi as a Kodi player and have concentrated on blocking malware and malicious sites using Cloudfare 1.1.1.2 and Asus AI protection.2 -
I did think about this, but dismissed it.Neil_Jones said:Pi-Hole might be worth looking at.Designed for use on a Raspberry Pi but can be used on Debian and Ubuntu as well (Raspian, the OS for the Pi is built on Debian). Requires a bit of configuration (since you have to change router settings to force everything through Pi-Hole) but once done, everything on the network will go through it.
Will reconsider.0 -
[Deleted User] said:
For parental controls - I'm not sure of your exact use case (ie age group / types of site to block) here but DNS based parental controls are easily bypassed by the user by setting their own DNS server on their devices so you cannot prevent a determined user from accessing sites that you have decided to block. You would be better off combining with a router with proper built in parental control such as Asus AiProtection which will filter out the websites regardless of your DNS provider so it works much more effectively.
.
You can proxy port 53 at the router level to force all normal DNS queries through the pi-hole (assuming the router is sophisticated enough to do this), Doesn't help with DoH though.
Proud member of the wokerati, though I don't eat tofu.Home is where my books are.Solar PV 5.2kWp system, SE facing, >1% shading, installed March 2019.Mortgage free July 20231
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.7K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards