Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
DNS Filtering for kids
« previous
next »
Print
Pages: [
1
]
Author
Topic: DNS Filtering for kids (Read 2085 times)
OPNsense4ever
Newbie
Posts: 26
Karma: 2
DNS Filtering for kids
«
on:
April 15, 2023, 09:11:33 pm »
Hi all,
Wanted to see if anyone had any great opinions on this. I am replacing my legacy FW with a new machine to support 10Gb (w00t fiber!)
In the previous machine I use NAT rules to send all DNS traffic back to the FW itself. I have a /24 that I created a FW alias of a number of IPs that I called "trusted." All other IPs in the DHCP range and are "untrusted." The "untrusted" IPs go to a port that runs BIND with safe-search and a few other blackholes enabled. The "trusted" IPs go right to 53 where unbound is running and tunneling DoT to supported, external servers.
All of this was a little complicated, but ended up working great. Any new machine the kids pop up automatically is safe and I add static-mapped IPs for any devices that need unfettered Internet access. I mainly did this because of the limitations of BIND and Unbound at the time. I know there are a lot of new changes, but I never updated the old configuration.
What I want is to have some devices pushed through safe searches and other filters for a bit longer and others with unfettered access. Any thoughts on new ways to do this? What are you using?
Thanks so much.
«
Last Edit: April 15, 2023, 09:26:25 pm by OPNsense4ever
»
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: DNS Filtering for kids
«
Reply #1 on:
April 16, 2023, 08:54:17 am »
When my kids were younger, I used OpenDNS. It's still free even after being gobbled up by Cisco:
https://www.opendns.com/home-internet-security/
Logged
newsense
Hero Member
Posts: 1037
Karma: 77
Re: DNS Filtering for kids
«
Reply #2 on:
April 17, 2023, 04:33:59 am »
DHCP reservations, one or more (per kid ?) docker containers with either AdGuardHome or Pi-Hole, dedicated VLAN for their devices to make sure they can't get out with a random MAC - a few things to ponder depending on their age, interests, trustworthiness when it comes to homework on an internet facing device, circle of friends...
Logged
xscoutx
Newbie
Posts: 2
Karma: 0
Re: DNS Filtering for kids
«
Reply #3 on:
April 19, 2023, 08:33:47 pm »
I'm running adguard into unbound all in opnsense.
https://forum.opnsense.org/index.php?topic=22162.msg146626#msg146626
In adguard:
setup safesearch and dns blocklists (public lists). I apply that to everyone on my LAN, then allow certain mac's access above and beyond.
In unbound:
I have a few combinations of cleanbrowsing.org lists in the dns over tls options.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
DNS Filtering for kids