Google Safe Search and Open DNS?

It seems there is no way to get Safe Search and Open DNS working at the same time. Is this the case? I can seem to get either one or the other working.
Thanks to FarmerGreg I have google safe search working as described in this link: Force Google SafeSearch on Lede 17.01.4

Can anyone confirm or deny this? It seems either my kids cant search bad images on the web or they can't type bad urls into the browser but i need both protections for them.

https://support.google.com/websearch/answer/186669?hl=en

Turn on SafeSearch VIP. To force SafeSearch for your network, you'll need to update your DNS configuration. Set the DNS entry for www. google .com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch. google .com.

So, basically, you need to override the various google.com DNS entries before it gets to OpenDNS.

Perhaps useful is also

and once google and bing are filtered, there will still be duckduckgo, yahoo, lycos, metager, ...

You can assign those IPs to your router - yes; but I don't think you'll get the desired effect.

I noted that here:

I feared you would add both companies' DNS servers - and not get the desired effect.

This is the case. I think it's perhaps necessary to explain why this will not work:

As I noted, you are adding DNS servers from 2 different providers. They likely create different blocklists of domains. Therefore, when you add both providers DNS servers, you have a 50/50% chance of receiving the query of company X or Y (given latency over the network, other factors and on their servers were identical, etc.). This means you have a 50% chance of a given domain being blocked upon query - if only one provider has it blocked. In the other 50% of cases, your query will succeed. Hence, providing an undesired effect. I won't even mention the 25% scenarios where a domain you don't wish to be blocked - is in fact blocked by one provider.

So lleachii what you are telling me is that LEDE/OpenWRT is basically useless as a complete solution to prevent kids from accessing porn? Is that ultimately what it boils down to?

:man_facepalming:

No...it doesn't boil down to that...

You cannot use 2 different DNS infrastructures, using different lists, and get the result you describe. You must pick one or the other. If you don't understand why that is, I suggest you study more on how DNS works.

See the Drawbacks section:

You need to provide the resolution of the impacted segment of the google.com name space before passing the remaining queries to your upstream DNS provider. I don’t run dnsmasq, but I believe it can be configured to either replace completely with an answer, or change the query being made. Changing the query is preferred as you’ll gain the benefit of redundancy and steering provided by Google’s DNS

@Whitebunnyflock
I don't think you can depend on the router only to prevent adult content but is a good place to start. For example, I recently found out if your child uses Discord they can subscribe to adult channels. DNS on your router won't block that. Parents are fighting an uphill battle when it comes to adult content and children.

I would suggest using Cleanbrowsing.org DNS servers because they are definitely better than OpenDNS right now. They provide Google and YouTube safe search by default.

I do not have any financial or other interest in Cleanbrowsing. I am a parent like you.

2 Likes

Hi lleachii, I understand why you cant use two DNS servers, but what I am looking for is a way to use one DNS server but still get the desired effect. I will try what other people have posted here.

thanks so much

Then you misunderstand if this is based on something I posted. I said that you cannot you servers from multiple companies. They must be servers from either Company A or Company B - you cannot mix them.

Then you should be able to use the instructions I posted above. The URL leads here: Force Google SafeSearch on Lede 17.01.4. If you do not get the desired effect, you have not configured something properly.