Skip to content
March 25, 2008 / Ben Chun


I saw an article about free DNS services a couple weeks ago in some IT magazine, and now Wesley Fryer has a post about using OpenDNS at home for content filtering. Mind you, we’re not talking about providing nameservers for domains that you own or host, but rather name resolution as you (and your kids) browse. Background: When you type in a URL or click a link on a web page, your browser needs to look up the IP address that corresponds with the URL you’re asking for. How does it do that lookup? It asks a DNS server. Access to a DNS server is one of the things your ISP provides you with, but you can set your computer to use any DNS provider you want.

So the idea with OpenDNS is that you set up your computers to use their server, and they do all sorts of intelligent things based on the URL you’re requesting. For example, if you’ve made an obvious typo, they can redirect you to the correct site. If you’ve clicked a link that goes to a phishing site, they can warn you. And if you’re clicking on something deemed objectionable, they can block you. Since this is an opt-in kind of thing, it makes sense for them to give you control over exactly what you want to filter or block, and they do. The technical details of how this is accomplished would make a great topic for a networking, software, or engineering class.

Anyway, I wrote six months ago about SFUSD’s poor quality network filtering. Since that time, the district has updated the installation of 8e6 (which provides CIPA compliance) and in the process unblocked Google image search. Yay. However, this is a product that we’re paying for, and it’s unclear that it provides any level of service or value that OpenDNS can’t provide for free. Not only is the web full of sites that tell users how to get around this type of filtering, there’s also software out there designed to help people who live in censorship states with repressive governments get around their national firewalls. It turns out that SFUSD’s network looks a lot like one of those networks from the inside and, as you might imagine, software designed to do encrypted web proxying across a distributed network of servers contacted directly by IP is very successful in both environments. Both the 8e6 solution and OpenDNS are ineffective there.

Of course, it’s always an arms race between the filter lists / filtering technology and the users who want access to whatever content. It makes sense to me that we ought to have a level of filtering at schools that protects students from inadvertently seeing disturbing things, and also prevents them from intentionally accessing pornography. It doesn’t make sense to me that we’d pay for software (and pay to own and run and administer a server for it) if an equivalent is available for free –especially in an era of impending budget cuts. It also doesn’t make sense for any company to go it alone in terms of adding new blocked sites, when there are community efforts to build these lists. OpenDNS lets users tag domains into categories, find consensus on a domain, and block based on those categories. Plus you can always individually override the settings for a given domain (either way) for your own network. Smart.

Maybe it’s time for SFUSD to think about OpenDNS as a way to get better filtering and save money in the process.



Leave a Comment
  1. Wesley Fryer / Mar 25 2008 12:48 pm

    These are good questions to ask. In my experience, many school administrators want a filtering solution that they can basically trust to “block everything,” and can give peace of mind to teachers that they don’t need to monitor what the kids are doing online. That is an unfortunately and flawed perception, in my view. I do advocate systems which provide tracking accountability for where people go online, but I think more basic levels of content filtering are preferable to many of the draconian filtering systems we see implemented now. Thanks for sharing the word about OpenDNS. It’s not a complete solution for “issues” that come up with web use at home or at school, but for the price it’s pretty amazing. I think, as in other contexts, the availability of a free solution like OpenDNS should create a dynamic where commercial vendors are challenged to differentiate the functionality of their products further. There are still good reasons to pay for commercial solutions for content filtering and other technology functions, but that commercial function should certainly go far beyond that which is provided by a free solution like OpenDNS.

  2. Allison Rhodes / Mar 25 2008 3:41 pm

    @Ben – Thanks for the post and the time you’ve clearly spent looking into this.

    “The technical details of how this is accomplished would make a great topic for a networking, software, or engineering class.”

    Completely agree. We’d love to help if you decide to do this…

    Allison Rhodes

  3. raymond / May 13 2008 6:11 pm

    can u teach me how to unblock the youtube. i really need you tube for research purposes. thank you

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: