I saw an article about free DNS services a couple weeks ago in some IT magazine, and now Wesley Fryer has a post about using OpenDNS at home for content filtering. Mind you, we’re not talking about providing nameservers for domains that you own or host, but rather name resolution as you (and your kids) browse. Background: When you type in a URL or click a link on a web page, your browser needs to look up the IP address that corresponds with the URL you’re asking for. How does it do that lookup? It asks a DNS server. Access to a DNS server is one of the things your ISP provides you with, but you can set your computer to use any DNS provider you want.
So the idea with OpenDNS is that you set up your computers to use their server, and they do all sorts of intelligent things based on the URL you’re requesting. For example, if you’ve made an obvious typo, they can redirect you to the correct site. If you’ve clicked a link that goes to a phishing site, they can warn you. And if you’re clicking on something deemed objectionable, they can block you. Since this is an opt-in kind of thing, it makes sense for them to give you control over exactly what you want to filter or block, and they do. The technical details of how this is accomplished would make a great topic for a networking, software, or engineering class.
Anyway, I wrote six months ago about SFUSD’s poor quality network filtering. Since that time, the district has updated the installation of 8e6 (which provides CIPA compliance) and in the process unblocked Google image search. Yay. However, this is a product that we’re paying for, and it’s unclear that it provides any level of service or value that OpenDNS can’t provide for free. Not only is the web full of sites that tell users how to get around this type of filtering, there’s also software out there designed to help people who live in censorship states with repressive governments get around their national firewalls. It turns out that SFUSD’s network looks a lot like one of those networks from the inside and, as you might imagine, software designed to do encrypted web proxying across a distributed network of servers contacted directly by IP is very successful in both environments. Both the 8e6 solution and OpenDNS are ineffective there.
Of course, it’s always an arms race between the filter lists / filtering technology and the users who want access to whatever content. It makes sense to me that we ought to have a level of filtering at schools that protects students from inadvertently seeing disturbing things, and also prevents them from intentionally accessing pornography. It doesn’t make sense to me that we’d pay for software (and pay to own and run and administer a server for it) if an equivalent is available for free –especially in an era of impending budget cuts. It also doesn’t make sense for any company to go it alone in terms of adding new blocked sites, when there are community efforts to build these lists. OpenDNS lets users tag domains into categories, find consensus on a domain, and block based on those categories. Plus you can always individually override the settings for a given domain (either way) for your own network. Smart.
Maybe it’s time for SFUSD to think about OpenDNS as a way to get better filtering and save money in the process.