If I told you there’s a way to get basic Internet security and web filtering for your whole house for free, would you be interested? I was when I first learned about OpenDNS over a decade ago, and I’ve been using it ever since. I’ve also seen OpenDNS used at businesses, public libraries, and churches, though they’re not necessarily using the free plan I’ll describe here. OpenDNS can give your home network the following features for free!
- Customizable content filtering
- Malware and botnet protection
- Phishing protection
Let’s learn more about OpenDNS and how to set it up.
Think of all the devices on your home network. You probably have multiple computers, multiple phones, and several other devices, from tablets to smart TVs to video game consoles. They’re all requesting data from the Internet, which flows into your home through your home Internet connection. You don’t need me to tell you that the Internet contains dangers such as malware and phishing. And if you’re a parent, you certainly don’t need me to tell you that the Internet contains a lot of content that you don’t want your kids consuming.
Your devices are probably not all running anti-malware software. Even if they are, a family member could manage to get around it or deactivate it. Your devices probably don’t all have parental control or web filtering software, and even if they are, a family member could manage to get around it or deactivate it.
How to Increase Your Security
OpenDNS works at the network level, so it protects all the devices on your home network, regardless of their operating system or browser. In that way, it’s different than security software, parental control software, or web filtering software that runs locally on each device. That makes OpenDNS harder to get around (though it’s not impossible).
How does OpenDNS work? When you request a website, your device makes a request to the Domain Name Service (DNS). It’s basically a directory that tells the IP (Internet Protocol) address associated with the domain names that we’re used to. For example, the IP address for opendns.com is 126.96.36.199. Usually these DNS requests go through your ISP (Internet Service Provider), but if you direct them through OpenDNS instead, then OpenDNS can filter based on your settings.
Let’s see how you can benefit from OpenDNS.
How to Configure Your Router
To send your home’s DNS requests through OpenDNS, you need to configure your router to use OpenDNS for its DNS servers. The steps will vary based on your router, so follow OpenDNS’ instructions. They have instructions for many routers, as well as general instructions if your router isn’t listed.
If your router supports IPv6, be sure to set the IPv6 DNS Servers to OpenDNS’s IPv6 addresses. If that doesn’t work, try disabling DHCPv6 in your router. If that doesn’t work, try disabling IPv6 in your router.
How to Configure OpenDNS
OpenDNS has several plans you can check out. Some are free, and others are paid. I recommend starting with a free plan, unless you see something compelling in a paid plan. OpenDNS Home has all the features of OpenDNS Family Shield, and both are free. The difference is that with Family Shield you must use the preconfigured content filtering (which blocks “adult content”), but with Home you can configure the content filtering. So I recommend signing up for Home.
After you log into your account, you’ll follow the steps to add your network. OpenDNS will ask if you have a dynamic IP address. If you have cable or DSL Internet, you most likely have a dynamic IP address. Because your ISP may give you a different IP address after your modem reboots (such as because of a power outage), you should install OpenDNS Updater on the computer that will be most frequently connected to your home Internet connection. It only needs to run on 1 computer, which will keep OpenDNS informed of your home’s IP address.
Next, you should configure your network settings in OpenDNS. Click the Settings tab at the top of the OpenDNS dashboard. You’ll then see a small menu on the top left of the page. You’ll start on the Web Content Filtering page.
Web Content Filtering
Choose your filtering level. You can choose from the predefined levels, or choose Custom and check the boxes for the categories you want to block.
Below each predefined level you can click View to see the categories included in the level, or click Customize to copy the settings from that predefined level into the Custom level, where you can then customize the categories.
If you choose Custom, you can hover over the categories to see descriptions. You can also see a full list of the categories and their descriptions.
Block and unblock categories as you see fit for your needs and family. When you’re finished, click Apply.
At the bottom of the page you’ll see Manage individual domains. This allows you to always block or always allow specific domains, regardless of the filtering you chose above. OpenDNS recommends entering these as the root of the domain; for example, put example.com, not http://www.example.com. Putting the root of the domain blocks all the subdomains of example.com including http://www.example.com, mail.example.com, etc.
You can even use OpenDNS to block top-level domains (TLDs) such as .cn (China) and .ru (Russia). That blocks all sites within those top-level domains.
In the small menu on the top left of the page, click Security to get to the security settings. I recommend enabling all the options here.
- Malware/Botnet Protection: “When certain Internet-scale botnets are discovered or particularly malicious malware hits, we offer protection to all our users so that as many people as possible can be protected from the threat.”
- Phishing Protection: “By enabling phishing protection, you’ll protect everyone on your network from known phishing sites using the best data available.”
- Block internal IP addresses: Don’t worry if you don’t understand the description of this one. I recommend enabling it too.
Stats and Logs
You can uncheck Enable stats and logs if you don’t want OpenDNS to record your DNS lookups.
If you told OpenDNS that you have a dynamic IP address during setup, then you’ll see Enable dynamic IP update is enabled here. If it’s not enabled and it should be, enable it now. Here are more details.
After you complete your configuration, test that OpenDNS is filtering by attempting to browse to a website you know should be blocked by your filters. You should see an OpenDNS block page. If you don’t, review the steps above, or check out OpenDNS Support.
Especially in the first month, it wouldn’t hurt to test regularly, to ensure your network is still running through OpenDNS.
If you wonder why a domain is being blocked (or not blocked), see Why is this Domain Blocked or not Blocked?
If OpenDNS is working on at least one of your devices, but not others, see Why OpenDNS is Only Working on One or Some of my Computers/Devices.
This OpenDNS filtering only works on your home network. If a device goes outside your home network, by leaving your home, or by switching to a different network (such as a phone switching from your home Wi-Fi to its mobile data network), OpenDNS no longer protects that device.
A user can get around OpenDNS by manually changing the IP addresses for the DNS servers within the device. If you’re worried about your kids getting around OpenDNS this way, make sure they’re using limited (non-administrator) accounts on their devices, so they can’t access the device’s DNS settings.
Because we’re concerned about not only security but also privacy, I want to point out that if you use OpenDNS, your DNS requests will go through OpenDNS, so they’ll be able to see which websites you visit (only the domains, not the pages within the domains). But your ISP (Internet Service Provider, such as Comcast or Spectrum) is already able to see that info, and do you trust them any more than OpenDNS? For what it’s worth, OpenDNS is owned by the networking giant Cisco.
- Home Internet Security (opendns.com)
- Web Content Filtering and Security (opendns.com)
- How to Set Up Whole-House Parental Controls with OpenDNS (howtogeek.com)
What You Should Do
- Sign up for OpenDNS. I recommend OpenDNS Home, but you can choose a different plan.
- Configure your router for OpenDNS.
- Install OpenDNS Updater on the computer that will be most frequently connected to your home Internet connection.
- Configure your OpenDNS settings.
- Configure any Apple iOS devices you own, if necessary.
- Test OpenDNS.