It seems there is no way to get Safe Search and Open DNS working at the same time. Is this the case? I can seem to get either one or the other working.
Thanks to FarmerGreg I have google safe search working as described in this link: Force Google SafeSearch on Lede 17.01.4
Can anyone confirm or deny this? It seems either my kids cant search bad images on the web or they can't type bad urls into the browser but i need both protections for them.
Turn on SafeSearch VIP. To force SafeSearch for your network, you'll need to update your DNS configuration. Set the DNS entry for www. google .com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch. google .com.
So, basically, you need to override the various google.com DNS entries before it gets to OpenDNS.
This is the case. I think it's perhaps necessary to explain why this will not work:
As I noted, you are adding DNS servers from 2 different providers. They likely create different blocklists of domains. Therefore, when you add both providers DNS servers, you have a 50/50% chance of receiving the query of company X or Y (given latency over the network, other factors and on their servers were identical, etc.). This means you have a 50% chance of a given domain being blocked upon query - if only one provider has it blocked. In the other 50% of cases, your query will succeed. Hence, providing an undesired effect. I won't even mention the 25% scenarios where a domain you don't wish to be blocked - is in fact blocked by one provider.
You cannot use 2 different DNS infrastructures, using different lists, and get the result you describe. You must pick one or the other. If you don't understand why that is, I suggest you study more on how DNS works.
You need to provide the resolution of the impacted segment of the google.com name space before passing the remaining queries to your upstream DNS provider. I don’t run dnsmasq, but I believe it can be configured to either replace completely with an answer, or change the query being made. Changing the query is preferred as you’ll gain the benefit of redundancy and steering provided by Google’s DNS
I don't think you can depend on the router only to prevent adult content but is a good place to start. For example, I recently found out if your child uses Discord they can subscribe to adult channels. DNS on your router won't block that. Parents are fighting an uphill battle when it comes to adult content and children.
I would suggest using Cleanbrowsing.org DNS servers because they are definitely better than OpenDNS right now. They provide Google and YouTube safe search by default.
I do not have any financial or other interest in Cleanbrowsing. I am a parent like you.
Then you misunderstand if this is based on something I posted. I said that you cannot you servers from multiple companies. They must be servers from either Company A or Company B - you cannot mix them.