Network News

X My Profile
View More Activity

A Software-Free Approach to Blocking Online Porn

Many readers have asked for advice on how to protect their kids from accidentally or purposefully viewing Internet porn, so over the next week or so Security Fix will examine various free methods for helping users block adult Web sites on their home networks.

One ingenious approach comes from OpenDNS. It offers a service to help filter out porn without installing software. Because the service works on a network level, it can easily be deployed across any operating system or network.

OpenDNS filters out Web page requests at the domain name system level. DNS is responsible for translating human-friendly Web site names like "" into numeric, machine-readable Internet addresses. Anytime you send an e-mail or browse a Web site, your machine is sending a DNS look-up request to your Internet service provider to help route the traffic.

Most Internet users use their ISP's DNS servers for this task, either explicitly because the information was entered when signing up for service, or by default because the user hasn't specified any external DNS servers. By creating a free account at, changing the DNS settings on your machine, and registering your Internet address with OpenDNS, the company will block most porn sites from loading via any browser. Reboot, log back in to your account, and you should be all set.

You can change the DNS settings on each computer in your home. But if your network is behind a wireless router, a speedier and more reliable solution is to change the DNS settings on the router (see this link for instructions broken down by router model). That should cover all of the systems that connect to that router.

I tested the service using Internet Explorer 7 on a Windows Vista machine, but it shouldn't matter which browser or operating system you are using as long as you've correctly changed the DNS settings on that machine or on your router.

I was impressed by how comprehensively it blocked adult sites with the exception of two fairly significant incidents. OpenDNS lets you pick and choose which broad types of content you want to block, with categories such as lingerie and bikini, nudity, pornography, sexuality, tasteless sites and adult-themed sites.

I tested all of the categories, then set about the thankless task of searching for porn. In my first Google search, for the term "porn," OpenDNS blocked me from 99 of the top 100 results. I was able to access the very first one on the list, which contains an extremely graphic home page. Oops. OpenDNS chief executive Dave Ulevitch confirmed this oversight and said St. Bernard Software, which runs the back-end filtering part of the service, soon would block that site.

The other anomaly I found was Although the site's homepage doesn't include extremely explicit photos, I was able to click around to some fairly explicit nude videos and still images. Eventually, however, a link I clicked within the Playboy site led me to OpenDNS's "blocked" page. The ads displayed on this page were promoting "Las Vegas Bachelor Party" and "Drag Queens." Ulevitch said the company is still ironing out in blocking some ads as well.

What does OpenDNS get out of all this? When you mistype a domain or enter a Web site name that doesn't exist, the service will try to determine which site you meant to visit. So, if you accidentally type "linux.cmo," it takes you to "" But if it can't fix the domain you typed, it serves you targeted text ads. You also can set up the service so that it serves a custom image or message when you mistype a Web address.

The service has a few other useful features. It claims to speed your Web browsing, a claim that I haven't measured but one that has been praised in other media reviews of OpenDNS. Anyway, it doesn't appear to slow things down, except maybe when trying to visit porn sites. In addition, OpenDNS runs Phishtank, an anti-phishing community that works to identify known scam Web sites. By deploying OpenDNS, the system will block any attempts to visit phishing sites that Phishtank has verified as scammy.

One final note about the porn filtering service: Computer-savvy teens may find various ways to terminate porn filtering software, but monkeying with DNS settings is quite a bit trickier on a computer or router that's properly locked down. If you have secured your router with a strong administrator password (as you should), a user would have to know that password to change the DNS settings (unless he/she reset the router, in which case one giveaway would be that your router password would no longer work). Similarly, if you've taken my oft-uttered advice and are running Windows under a "limited user" account, regular users should not be able to alter their DNS settings.

By Brian Krebs  |  June 15, 2007; 2:22 PM ET
Categories:  From the Bunker , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: House Approves Anti-Caller ID Spoofing Bill
Next: PayPal to Roll Out Buyer Vetting Service

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company