Web Filter Options For COVID-schooling

Anything related to technology, past, present and future
Post Reply
hazarjast
Posts: 9
Joined: Wed Dec 11, 2019 8:38 am
Has thanked: 2 times
Been thanked: 6 times

Web Filter Options For COVID-schooling

Post by hazarjast » Thu Aug 27, 2020 11:54 am

***9/15/20 UPDATE***
After some actual "production" testing (i.e. my wife and older son going through a couple weeks of at home learning) I'm finding that my chosen solution, Adam:ONE, was having some intermittent latency spikes as they don't have first tier anycast (routing DNS queries to the most geographically local DNS server possible) and I was seeing one to two minute random DNS dropouts where specific domains would not resolve while others would (i.e. could not resolve wikipedia.org but Google.com worked fine).

As I really liked the ad-blocking features I did a bit more searching and found NextDNS (https://nextdns.io/) which was founded by a couple of network infrastructure pioneers (founder of Dailymotion and current Director at Netflix). Not only does NextDNS have ad-blocking and anycast but they have stupid-easy DNS over TLS (DoT) proxy command line (CLI) application which supports almost every router operating system in existence. I have now now switched exclusively to NextDNS and am running the proxy CLI on my local pfSense box. The value and support communication I've received from NextDNS is an incredible value at less than $20/year. I highly recommend NextDNS.


***Original Post Follows***
For those of you with school age children stuck at home on a laptop for hybrid or virtual learning all day like me you might be asking yourself "How do I make sure they stay on task and not stumble into porn, surf Reddit, or click on something that will infect my PC without standing over their shoulder 24/7?". Well friends, you have options to ease your mind a bit; some free and other more robust paid offerings.

While there are certainly many per-device web filter apps you can run on individual PCs/phones/tablets, I am focusing mostly on DNS filtering and router based options as they tend to have less overhead and provide a centralized solution across all devices on your network as compared to the older per-device software offerings (though some of the options below offer on-device apps as an extension of their core filtering tech):

OpenDNS (https://www.opendns.com/home-internet-security/)
Offers two free DNS filtering options called Home and FamilyShield. Home is a free sign-up option that allows you to filter by categories but needs your router or PC to update your dynamic IP to its servers periodically so that it can apply your rules to your location. FamilyShield is a very simple option that requires no sign-up and will block malicious and adult sites without any configuration; it also defaults search engines and YouTube to SafeSearch results. There is also a Home Premium offering with more features. With any of these offerings it is simple case of changing the DNS servers on your router or device to point to the the OpenDNS server IPs.

CleanBrowsing (https://cleanbrowsing.org/filters)
Offers an Adult Filter to block all adult/malicious domains and defaults search engines to SafeSearch. They also offer a Family Filter that blocks the same as the Adult Filter but also blocks sites that offer proxies and VPNs which would help older/smarter kids from circumventing DNS filtering; it also blocks Reddit. As with OpenDNS you simply change the DNS servers on your router or device to point to their server IPs.

CloudFlare (https://blog.cloudflare.com/introducing ... -families/)
As a refinement to their 1.1.1.1 DNS service, CloudFlare also offers a Families option at IP 1.1.1.3 which filters out Malware and Adult content. This is a no-frills offering that doesn't provide the advanced features of other competitors but with the robust CloudFlare network behind it, it is a solid offering. To use simply change your router or device DNS settings to use the 1.1..1.3 IP.

DNSFilter (https://www.dnsfilter.com/)
Also, another paid subscription (but reasonably priced starting at $1/month), DNSFilter is a direct competitor to OpenDNS but has some nifty feature advantages such as lightweight apps for phones and tablets that let your restrictions follow your kids even with they are off WiFi and on cellular networks. They tout A.I. based filtering of emerging websites with malicious or otherwise undesirable content as well. DNSFilter can be as simple as changing the DNS servers on your router or more advanced which does require installing their software on your devices. Setup can be as easy changing your router or device DNS to the DNSFilter IPs or deploying the full solution by also installing their device apps.

Circle (https://meetcircle.com/)
Circle started out life as a $129 device that connects via WiFi or Ethernet to your existing router and filters traffic on your LAN via "ARP spoofing" (impersonating your router to your client devices). The Circle device comes with free basic service and costs $4.99 monthly for their Go subscription to enable full functionality with their phone apps. I say it 'started out' as a device first because they now have iOS and Android apps which protect your kids phones when they leave your home WiFi as well. Circle offers all the standard web filtering options as well as blocking access to specific apps and devices completely or on a schedule. If you aren't tech-savvy enough to change the DNS settings on your router or run an advanced router/firewall like PFSense then this may be a perfect option for you. Circle has partnered with Netgear so many newer Netgear and Orbi branded routers may already have Circle functionality pre-installed ready for you to activate.

CleanRouter (https://cleanrouter.com/)
Another hardware offering, CleanRouter is meant to replace your existing router. It runs on ZBT hardware and OpenWRT based firmware which may be quite familiar to many folks who run their own fixed point cellular Internet setup. Initial hardware purchase starts at Free and goes up to $179 depending on the WiFi (N vs. AC standards) and service is between $9.99 and $14.99 per month. Along with the standard DNS filtering offered by its competitors that latter subscription also provides clean browser apps for phones and bandwidth usage charts. While many DIY folks may simply purchase the ZBT hardware and customize some existing OpenWRT packages to give similar results, the value here is in the custom developed all-in-one firmware supported by CleanRouter instead of yourself.

Adam:ONE (https://adamnet.works/get/)
Previously called "DNSThingy" Adam:ONE is a paid subscription service ($7.99/month or $79 for Home users; offers a free 2 week trial) that runs on your local ClearOS, PFSense, or select Asus model router and offers pro-sumers advanced DNS filtering using the forwarder of their choice along with ad-blocking, custom domain white/black-listing down the client device level on the local network, and time schedule based policies. While not as dead simple as basic DNS filtering it offers some significant feature advantages such as creating firewall rules on your router automatically to ensure all DNS traffic is redirected through your DNS filter of choice (has options for 1.1.1.1, Quad9, OpenDNS, and CleanBrowsing out of the box). The up-to-date add-filtering lists function similarly to another pro-sumer favorite, pi-hole, without the admin time-sink of constantly trying to find updated feeds. I myself use Adam:ONE on PFSense and, while requiring some whitelist tweaking at times, I have generally been quite impressed with it especially the ad-blocking when compared to free PFSense plugin options such as PFBlockerNG.

(For any of the DNS based filtering options above the following guide may be helpful to you as it shows how to update DNS settings for most devices: https://www.howtogeek.com/167533/the-ul ... ns-server/. If you want a basic introduction to DNS and DNS filtering, CloudFlare offers a good explanation here: https://www.cloudflare.com/learning/acc ... filtering/)

Post Reply