I had this same issue with my FiOS connection (35/35) - especially when trying to view Youtube on my iPad. I switched the iPad's DNS settings to Google's Public DNS and have had great Youtube since - I suspect Verizon's DNS sucks (or YT is optimized for Google DNS)?
DNS Servers: 8.8.8.8 and 8.8.4.4
http://code.google.com/speed/public-dns/
EDIT: fixed the 2nd DNS to 8.8.4.4
First of all the obligatory mention of talking to your children about internet safety is by far the most important step in keeping them safe.
Here's what I do.
I have a separate Wifi network dedicated for the kids devices (check and see if your router supports 'Guest Network ' functionality.
This Wifi network runs on a schedule so it turns on at 8am and disappears at 8pm.
All mobile devices and kids computer accounts use the free family shield DNS service https://www.opendns.com/home-internet-security/
Mobile phones are trickier because their data can circumvent most stuff. Check to see whether your cellular carrier offers parental control setting on data. Personally I lock down which apps can use mobile (for example YouTube can't
Some years ago I did some volunteer review work in website labelling on OpenDNS
Sidenote: OpenDNS is great if you know anyone with kids and who want a free DNS filter that blocks bad sites, specific types of sites, including pre-packaged lists of site categories
Anyway after just an hour or two, you really start to rethink humans as a single species. Not sure how else to say that.
You know there are some truly disturbed, sick bastards in the world, but when you see it and you know they are targeting kids on top of it...
I quit after that day.
Use a different DNS, like openDNS.
You can set you own filter and even set your own graphic and message for when people try to access things that they should not.
Because this filtering is at the DNS level and not software level, it'll be much harder for kids to get around.
Mobile data is still an issue, but there are ways to combat that too.
It's not, actually. That's an anycasted recursive-resolving DNS server run by Level3 for ISP customers. It's not a root server, or even a very special server (although very memorable!)
Since it has a memorable address, people tend to use it as a DNS server, but third-party use has never been officially authorized. You should use google's servers instead where possible (8.8.8.8, 8.8.4.4) as they actually authorize the use.
FWIW, the root servers are:
Note that these cannot be used in the 'DNS servers' configuration pane for ordinary clients (they do not perform recursive resolving).
I'm a fan of "Quad9"
IBM partnered with a bunch of security firms to pull a database of the most malicious domains on the internet (phishing domains, "phone home" domains for malware, actively installing malware on visitors machines, etc), and refuses to resolve them.
TL;DR
Settings > Network & Internet > Advanced > Private DNS
Type dns.quad9.net.
> Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.
only a stupid person will install such app .
you can delete your porn and put safe DNS like OPENDNS (<strong>https://www.opendns.com/</strong>) to stop opening porn sites .please don't trust anyone
I'm just waiting until they try to ban TorrentFreak just because they talk about news and issues surrounding Bittorrent and file sharing.
EDIT: You can bypass this block by changing DNS servers on your device or modem/router. Here's a list of community-run DNS servers as part of OpenNIC
> Yes we do, any site has a privacy policy.
I can create a DNS service, create a page saying "I don't log anything" and then log every query and sell it to advertisers. Let's not put all our trust on the privacy page.
> If they're not descriptive, then it's probably not a good one to use.
I agree. Still, many use and recommend services that don't describe what they're doing and are trusted anyway.
> https://www.quad9.net/policy/ is just one example.
I don't know if you think that Quad9 is better than Cloudflare from a privacy point of view, but what's the difference between both?
For many Quad9 is like the holy grail, but they seem to collect more and less the same data, which is probably required to run a stable service on level like this. Not to mention that Quad9 is supported by entities like this one: https://old.reddit.com/r/privacy/comments/8v0qru/next_mozilla_release_will_forward_all_your_dns/e1jzg88/
Both services log and share anonymized stats with 3rd parties. The main difference having a quick look at Quad9's privacy page is that they have a wall of text and, for example, talk about logging query data while Cloudflare specifies which part of the query is logged:
>Query Name > >Query Type > >Query Class > >Query Rd bit set > >Query Do bit set > >Query Size Query EDNS
I'm not going to go after CF because they used a list to show every single thing they log. Also we would be having a similar discussion if the service was operated by Mozilla.
Quick and easy solution to prevent this is to:
- set up an account at https://nextdns.io/ (no affiliation to me, I have a samsung tv and did this)
- Go to the "Privacy" tab and under "Native Tracking Protection" choose "Samsung"
​
Now you'll not get these shitty ads on your tv.
Yeah. It's probably time we start moving to encrypted DNS, something like https://www.opendns.com/about/innovations/dnscrypt/ maybe?
If the DNS request is encrypted, and the HTTP request is also encrypted, there's not a lot left for the ISP to know about, is there?
Are you talking about Google Public DNS or OpenDNS? They're not the same.
Though for what it's worth I do like using Google's Public DNS, they resolve faster than many ISPs' own DNS servers so it's kind of a speed boost for your web browsing & whatnot. Haven't used them to get around ISP level site blocks, not sure how well this works in that context.
IMO: use something to block urls on your shield... be it a pihole, your router or via dns filter rules.. then block this:
*.androidtvwatsonfe-pa.googleapis.com
Clear cache/data for Android TV and you'll get the generic Youtube and Google Play Store ad to cycle indefinitely.
I use Nextdns.io which has the ability to create a "denylist".. then I use the nextdns app on my shield which forces all the dns traffic thru nextdns.io and thus blocks the above url. Has worked since google enabled the new UI flag.
Give https://nextdns.io/ a try. System wide configurable ad blocking, and it uses the iOS built in DNS provider feature.
Very short explanation: your DNS requests go through NextDNS, when your phone requests an ad ("I'd like to load nastyad.adserver.scammyshit.com!") NextDNS replies with "sorry that page doesn't exist okbye!"
Internet is not going to censor itself for your children, if you don't want your kids to see something use an internet filter. It's YOUR responsibility to control what your children get to see on the internet, on TV and everywhere else. Seriously if it bothers you so much look into using something like this: https://www.opendns.com/home-solutions/parental-controls/
Den DNS im Router ändern. (Standardmäßig ist der ISP dort eingetragen, der nun scheinbar verpflichtet ist beim Verbreiten des Staatstrojaner mitzuhelfen). Ich würde hier den Quad9 DNS empfehlen.
VPN nutzen und in die Schweiz verbinden. Hier kann ich MullvadVPN empfehlen. Durch einen VPN wird ein verschlüsselter Tunnel zum VPN server des Anbieters hergestellt, der ab dann Quasi wie der Anbieter fungiert. MullvadVPN hat eine cleane history und hat noch nie irgendwelche Daten oder sonstiges rausgegeben. Zudem können Deutsche Behörden einen VPN Anbieter aus einem anderen Land nicht zwingen, irgendwas umzuleiten.
Kein Plan inwiefern die Behörden in der Lage sind Zeroday-Exploits für die Verbreitung zu nutzen, aber ich würde auf jeden Fall empfehlen alle Geräte und Softwares immer auf den neusten Stand zu halten. Dazu gehört vor Allem auch die FritzBox oder andere Router.
>The beta version of the app which is for now meant for laptops and desktops was launched on Monday and has so far 238 downloads.
238.. Wow! So many! Also reinventing the wheel
Wont stop 8 yo's from bypassing it though. And if you want to give your 8yo a bit of a challenge, use https://www.opendns.com/setupguide/#familyshield
DNS-based adblockers, they work system-wide. I use NextDNS https://nextdns.io/. All you have to do is change your DNS in your WiFi settings and then link your IP address on their website. You can also download the app if you want it to work on cellular data too, it’ll install a VPN profile. Last time I checked, they had 78 ad filter lists to choose from. Don’t enable all of them though unless you want a lot of false-positives and have to spend some time looking through the logs to figure out what domains you don’t want to block and whitelisting them. If the filter lists that you chose don’t block ads on Twitch, just manually blacklist cdn-a.amazon-adsystem.com. That worked for me.
You could make a separate vlan for your child's devices and block adult content on that vlan using https://www.opendns.com/home-internet-security/ as the DNS for that vlan.
https://www.opendns.com/home-internet-security/
Free DNS filtering that goes on your router that blocks all of this stuff from your entire home network. Pretty easy to set up and manage. Then, you can make sure that the kids account on the computer is not an admin account so they can't change the DNS setting on the computer itself to get around it.
>does not hijack your browser if you try to visit a non-existent page
OpenDNS does exactly that though, unless they've changed lately.
EDIT: /u/312c is right, they have changed and recently stopped hijacking queries: https://www.opendns.com/no-more-ads/
Neither. I use a self hosted DNS where I can, and when I can't, I use https://www.opennic.org/
Cloudflare actually has a terrible reputation for privacy, I have collected some links here for reading: r/sevengali/comments/8fy15e/dns_cloudflare_quad9_etc/
Google, of course, is also a disaster for privacy, I shouldn't need to go into much detail there.
FWIW, any DNS can have issues (hence why I self host my own), but I'd rather pick one that hasn't had issues in the past, unlike Cloudflare and Google. OpenNIC might be doing something dodgy, but I know Cloudflare is.
It's not really blocked, it's just a DNS hijack. I live in Norway, and thepiratebay.gd is most certainly not blocked for me.
But then, I use opendns.com's DNS server. Another good DNS server is 8.8.8.8 (Google).
Yet another workaround is to use one of Pirate Bay's own proxies.
First of all, the DNS settings are independent on the type of connection you're using. It applies to both wired and wireless connection, so it's not a "Wi-Fi tip".
Secondly, the DNS is the service that translates names such as (www.reddit.com) into addresses. Unless your ISP's DNS servers are slow (far) as hell, it's unlikely that you will get a faster response from Google's. That said, Google DNS is likely far more reliable than your ISPs (a couple of times my ISP's DNS went down, for instance) and you might be more comfortable (or not) knowing that your DNS traffic is known by Google and not your ISP.
Since all DNS is generally sent in the clear, you might want to check out DNSCrypt from OpenDNS.
Speaking of OpenDNS, I use their DNS instead of Google's because I trust them more. Also, since all their business revolves around DNS, I bet it's as reliable as Google's, if not more. I put Google's DNS as a backup, though.
To conclude, the only way to improve your Wi-Fi connection is through a careful configuration of your Wi-Fi router. But you have to know what you're doing.
To follow up on this. You can take your hosting outside jurisdiction:
Use web hosting from a Swiss provider like SwissMade.Host and a domain name created and hosted on OpenNIC - it makes seizures a little harder to accomplish
OpenDNS lo eviterei come la peste per la loro politica di logging aggressivo.Volendo c'è https://nextdns.io/ che fa circa quello che fa PiHole e, la versione base, è pure gratuita e sta in cloud. C'è da dire che io per privacy mi tengo pihole che punta ad un'istanza di dnscrypt locale, così manco il mio ISP sa che domini sto cercando
I use some of the adult content filters in pihole and they are pretty effective. In addition, as a second layer, you can also set the DNS resolver in pihole to Adblock DNS Family Protection or OpenDNS Family Shield ip adresses that are both free of charge.
Most requests would be blocked by the pihole, but anything that gets through is blocked by these services. Of course, these services apply to the whole household. But adult content can still be accessed via a VPN on a machine-specific basis and this goes around the pihole.
I'm in IT and I would second this. If you're looking for content filtering (which it sounds like you are for the most part) OpenDNS running at the level of your network is a great way to do that without leaving any software installed locally that he could potentially remove. OpenDNS has a number of free options as well as a paid service that would provide some of the analytics you'd want to be able to see if he'd potentially run across something malicious/disturbing, what websites he's spending his time on, etc. It's also updated far more frequently than most installable content filtering software. https://www.opendns.com/home-internet-security/
I would also strongly recommend setting him up as a standard on the new machine. Reserve the administrator account for yourself to assist with software changes and system settings modifications. This setup would also allow you to set the local DNS on his computer to point to OpenDNS without filtering setup for the entire household (network level) if you'd prefer that configuration and would prevent him from modifying the DNS settings once you've changed them. Forgive me if any of that was over-explained. :) Hope that helps!
As long as people are mucking around with their DNS settings, they might as well install DNSCrypt. It won't help for things like this, but it will prevent some MITM attacks and encrypt DNS traffic.
>Google 8.8.8.8: Private and unfiltered. Most popular option.
I read reports that it is filtered, in some countries domains with torrents/mangers are blocked.
>Quad9 9.9.9.9: Private and security aware. New player that blocks access to malicious domains.
Quan9 is City of London Police, the same police department that tracks people on piracy websites by ads, I'm sure it's so much pro-privacy.
>Norton DNS 199.85.126.20: Old player that blocks malicious domains and is integrated with their Antivirus.
Dns from antivirus company? No thank you. Your antivirus is enough botnet.
>Yandex DNS 77.88.8.7: Old player that blocks malicious domains. Very popular in Russia.
We can assume that this company is highly influenced by Russian government. No thank you.
No link to OpenNIC? Community managed DNS servers with end-to-end encryption support (with dns-crypt), pro-privacy, anti-censorship with support for non-regulated domains (hello IANA/ICANN block tthis) like .name .bazar?
This article is literally garbage.
If anyone has issues trusting Google with their nameresolution there's a swiss based public DNS resolver called quad9 at - who'd have guessed - 9.9.9.9
They even have optional threat blocking: https://www.quad9.net/service/threat-blocking
quad9 is also in the data collection business FWIW (https://www.quad9.net/policy/ > see Logs, Compliance), and consider if an organization (https://www.globalcyberalliance.org/community-partners.html) who is interested in your privacy would be logging at all...I wonder if they ever got around to blacklisting basic botnet command & control domains.
Hey guys, it's really easy to solve! You need to switch your DNS servers to google's DNS and the YouTube videos load EXTREMELY fast even on a 2mb connection! Link here!
You probably need to set up something like this https://www.opendns.com/home-internet-security/ to block torrent sites, and then add it into your house rules that guests will be liable for any fines from downloading illegal content
You shouldn't feel guilty. Your a 17 year old your body is wreaking havoc on your brain. Your brain is still developing and getting away from undesirable habits is hard. This is one of the hardest points in your life to have have control over self.
God is not disappointed in you. God understands that we sin and gave us salvation so our sins don't have to weigh us down. Your going to make mistakes and going to fail over and over again. That's ok! That's part of life and struggles that come with being human. What's important is that you reflect on those mistakes and try to live better the next day.
Also you should know your normal. It's normal for young people to feel the way you do. If your starting to have a problem this is a good time to catch it early. Treat it like you would any other goal. Break things down to obtainable short term goals and build up to long term ones. You should do this with everything you want in life. Including your walk with Christ. Life is long and complicated your journey with Christ will likely be the same. Understand failure is not an unsuccessful attempt it's when you stop trying
On a more practical note here is a link to setting up a DNS filter for porn.
https://www.opendns.com/setupguide/#familyshield
If you set this up most explicit sites will be completely blocked. You will have to put effort into turning this filtering on and off. That way you have a minute to think about what your doing.
DNS is a service, not a network. There are alternatives for DNS root (like https://www.opennic.org, for example) and it's not difficult to create others.
Internet as a network is built around high throughput (backbone) routers: essentially you have one you can build yourself an (alternative) internet.
The point of the article is Russian capacity to cut underwater cables which many economies rely on for their communications (Russia doesn't have many which puts in advantage). Such event will only take place during a large military conflict when the "isolation" bit would be one of the lesser concerns for "the west".
NextDNS is founded by Director Engineering of Netflix and Ex-CTO of DailyMotion.
Their privacy policy is here: https://nextdns.io/privacy
They are listed on: https://www.privacytools.io/#adblocking
The only limit is that the free plan is limited to 300k queries a month which is more than enough for me. They are very transparent about everything and I've been using since the early days (when there was no paid plan), no issue whatsoever.
Create your own profile via the Apple configurator, then use the native DNS function in iOS14 - all ads gone everywhere (well, everywhere I've needed them to be gone).
I usually avoid the ISPs DNS, they are mostly shit. I almost always point to quad9.
its privacy respecting, and blocks some of the more stupid things most dns providers don't or cant be bothered with.
If you are looking for inexpensive DNS-based content filtering, then you really should take a look at dnsfilter.com. It's dirt cheap, and incredibly effective. It does not have near the feature set that Umbrella does, and there is no comparison between the 2 products, but for what it is, it's fantastic.
>revise el historial y tenia weas como: big fat mom,anal rape mom,cumshot mommy y puras weas con mom y cosas asi.
Puede ser una coincidencia de las recomendaciones de los sitios. Si estás preocupado por la falta de figura maternal, consulta con espcialista. He conocido hombres con actitudes bien raras en la adultez por la falta de la figura materna.
Algunos consejos:
Ten la típica charla padre-hijo sobre sexualidad, si que aun no lo haces.
¿Qué clase de padre le da acceso libre a internet a un menor? Bloquear el porno es muy fácil. Aunque si el muchacho quiere ver porno lo conseguirá igual.
Está claro que el muchacho está empezando a conocer su cuerpo y no sepa canalizar toda esa energía acumulada. Alguna actividad o pasatiempo podría ayudar (lo ideal es que ambos participen), mejor si son deportes ya que así gasta energía y no le darán ganas de agitar la nutria.
Pero no le gustan los deportes, pasa metido en la casa. Bueno, enséñale a tus hijos el amor por los videojuegos y te aseguro que en el futuro no tendrán dinero para drogas.
Asume que el muchacho se va a masturbar igual. Si no es con porno desde internet, será con cualquier cosa que se asemeje con una mujer.
Checks out:
208.67.222.222
208.67.220.220
208.67.222.123
208.67.220.123
EDIT: formatting
> Den jäveln runkade!
Ungdomar som vill titta på porr kommer bara att söka sig till suspekta sidor där porren är tillgänglig. Folk tittade på porr innan internet och det verkar inte ha varit så svårt att få tag på, så det enda man gör är att vifta med moralpinnen. För någon lösning på porrmissbruk och kass kvinnosyn är det inte.
Jag klagar inte på att införa ett filter, men då ska det vara att man aktivt gör valet att använda filtret. Inte tvärtom. Ett internet där staten reglerar vilka sidor jag får och inte får besöka ska vi inte ha.
Apropå filter för att blockera porr så finns det redan. Informera oroliga föräldrar om det istället. OpenDNS är ett lättanvänt exempel, så slipper man sin internetleverantörs DNS-serverar på köpet.
A censorship tactic we have not seen yet, but I predict we will, is going after the home internet connections of individuals with undesirable ideas. How hard would it be to pressure ISPs and wireless companies to cut off or throttle a customer on the grounds they're misusing the service? They may even sneak in a "you agree not to use our service to promote hate speech" clause into the ToS so they have grounds for that.
EDIT: Regarding DNS alternatives, I stumbled across this: https://www.opennic.org/
First question: http://www.howstuffworks.com/dns.htm
Second question: http://code.google.com/speed/public-dns/docs/using.html#setup
Scroll down a little on the second link and there are instructions on how to configure your pc/mac.
OpenDNS. You'd have to find the ad servers and blacklist them. My list is:
ad.ca.doubleclick.net
ad.doubleclick.net
ad.nozonedata.com
adclick.g.doubleclick.net
adimages.go.com
admonitor.net
ads.pointroll.com
ads.web.aol.com
ads.x10.com
adservices.google.com
advertising.com
amazingmedia.com
atdmt.com
clickagents.com
cloudservices.roku.com
commission-junction.com
doubleclick.com
doubleclick.net
go2net.com
googleads.g.doubleclick.net
googleadservices.com
msads.net
pagead2.googlesyndication.com
qksrv.net
zedo.com
You can have encrypted DNS with dnscrypt, however OpenDNS describes that as complementary to dnssec:
"DNSSEC does a number of things. First, it provides authentication. (Is the DNS record I’m getting a response for coming from the owner of the domain name I’m asking about or has it been tampered with?) Second, DNSSEC provides a chain of trust to help establish confidence that the answers you’re getting are verifiable." https://www.opendns.com/about/innovations/dnscrypt/
I'm with you that a user would want both, but it's a bit harsh to call dnssec lame when it is simply not the whole solution. It's still a step in the right direction.
Trygt å bruke om man syns det er greit at all internett-trafikken din går via Google, som allerede vet det meste om de fleste, mener du?
Hadde tenkt å anbefale OpenDNS, men de er visst kjøpt opp av Cisco. Noen som vet om en god, uavhengig DNS?
What DNS are you using? If you don't know or you are using your ISP's then that's your problem. Use OpenNIC or Google.
Personally, I use OpenNIC because they have a much better privacy policy and ToS compared to Google (which will store logs of domain lookups, what IP they came from, and timestamp indefinitely).
Its in the documentation, https://aws.amazon.com/route53/faqs/#associate_multiple_ip_with_single_record
You need a single record with multiple values, also see here https://stackoverflow.com/questions/40841273/multiple-ip-addresses-for-resource-record-sets-of-route-53
TPB er ikke blokeret som sådan, danske DNS-servere henviser bare til stopsiden i stedet. Skift til en alternativ DNS, fx Google DNS eller OpenDNS og der er fri adgang, i hvert fald fra alle ISPer jeg har testet.
Just so you know, your redirect to Comcast (or any other provider-branded 404) is due to their tomfoolery with your DNS.
If you don't mind what's going on, ignore the rest of this, but if you don't like being forced onto a site you didn't want I suggest changing your DNS to something like Google's DNS or Verizon's (which range from 4.2.2.1 to 4.2.2.6).
It is better to lock down things at the router level using something like opendns
https://www.opendns.com/home-internet-security/
Problem with lockdowning a pc, it is easy to get round using tablets, mobile phones etc.
You might be able to lock down their devices easily enough, but you cannot do it to their friends, short of denying them access to your router.
If you lockdown the router and password protect router your 'little monkeys' cannot easily get round it.
Even then, there are ways of getting round it, but by the time the 'little monkeys' know how to do that, you can only rely on education and trust ,and at least be satisfied you have budding computer experts.
For anyone who may be interested, OpenDNS's (I refuse to start calling it Cisco OpenDNS) has an acquisition FAQ page.
Also, quoted for the record (from the above linked FAQ) so I can point back to this when they inevitably break their promise and discontinue free individual use:
>The free service will continue to operate. It’s part of who we are, and Cisco loves who we are. We wouldn’t have entered into this agreement if we believed our free service would be in jeopardy. On contrary, Cisco’s commitment back to you is to maintain OpenDNS’s DNS services exactly as it is today. In their words: “This level of service for all users is a priority.”
Opendns is Cisco since 2015. I would not give my DNS records to Cisco personally.
There are alternatives as : https://www.opennic.org/ .
Hosting your own DNS is quite easy with unbound.
Do not forger about tls
Before you remove adguard app, I would disable or pause it. Then you can try dns.adguard.com and see if it meets your expections. If it doesn't you'll still have adguard app on your phone. I use NextDNS, here's the link if you're interested. https://nextdns.io
I used to use dns.adguard.com, but it breaks deal site links such as Slickdeals. I switched to nextdns.io which you can customize to allow deal sites to work.
Personally, I use NextDNS for that.
I have a Windows DNS server proxying to their servers, but you can also have your FortiGate connect directly there. You can set and unset anti-ad, privacy etc. blacklists in your account.
See nextdns.io
AdguardHome OPNsense plugin that has a few DNS rewrites for lookups of my local servers.
It passes on queries to Quad9. I used it have a separate PowerDNS server on my local net with block lists but I'm trying to simplify things a bit.
Assuming that the iPad is on your own WiFi network, you can use something like OpenDNS. Basically after you sign up, you go through there config screens to set what sites you don't want accessed. Then you'll set your WiFi router's DNS to the IP that OpenDNS gives you. Any device that connects will go through OpenDNS and sites you don't want accessed will be blocked. You will have the ability to set a bypass password so that you can still get to them if you want.
Answers based on my own experiences with eero. I moved to eero from AirPort.
Should be able to cover everything an old AirPort can cover, but antennas and interference can have an effect. You may have to change placement.
Apple devices work fine these days and with one eero, it shouldn't matter.
eero is plenty fast enough to handle pretty much any internet connection, short of gigabit fiber (and you won't handle that wirelessly with anything).
You can use a third-party DNS with eero like OpenDNS Family Shield or OpenDNS Home. https://www.opendns.com/home-internet-security/ Pausing a set of devices (a profile) is part of the base eero functionality.
Bonus. You can keep your Time Capsule (turn WiFi off or join the eero network) and still use it for backup.
This is a completely useless way of testing the performance of any service that sits on top of a global network - testing from 14 nodes means they're not even hitting all of these providers' facilities. OpenDNS has nearly twice as many facilities than he has test nodes.
Also based on the locations they tested from, guessing he just spun up a bunch of servers in AWS or Digital Ocean, which tells you absolutely nothing about the performance an end user on an actual eyeball network could expect from any of these services.
Look at the results from New York: #1 Google: 1 msec #1 Quad9: 1 msec The server they tested from is literally in the same building (or they're hitting local cache which would be even more facepalm).
Several relevant suggestions have been made but your reply to all of them has been this:
"Can I let someone else do this? I have no idea on how to do all this."
If you aren't willing to learn you either need to educate your users not to look for inappropriate content or you can try a managed service such as OpenDNS. If the users are smarter than you they could easily bypass this of course.
Use these OpenDNS IP addresses for your router:
208.67.222.222
208.67.220.220
You can do some really neat things using OpenDNS if you're so inclined:
https://www.opendns.com/home-internet-security/
Exactly. I can recommend DNSCrypt: https://www.opendns.com/about/innovations/dnscrypt/
It's a step beyond just using Google's DNS or something like that, but it's a completely uncensored, secure solution that can easily be coupled with a caching local nameserver. That means
Uncensored DNS responses
No spoofing or other practices to change the replying server
No alterations to the data stream itself possible
No sniffing of visited sites, no leak attacks against VPN users etc
Control over the transport mechanism for greater resilience against authorities blocking uncensored DNS servers
Easy control over your DNS cache, i. e. less queries that take time (with a caching nameserver)
Better rulesets for determining what server to use in what case (with a caching nameserver)
[Edit: Just changing your DNS by 'ordinary' means would eliminate everything past the first point. And the first point is of course not verifiable in either case, but I'd trust someone who develops such a system more than other DNS server providers.]
Linux instructions are here (not really Arch-specific), I don't know how to do it on Windows or Mac OS. I've not noticed any kind of drawback apart from the setup process taking some effort and new names not being propagated as quickly (which shouldn't really be an issue to the average user).
Look into OpenDNS.
https://www.opendns.com/enterprise-security/solutions/web-filtering/
No offense, but you won't be able to setup a DNS server on your own network, it's not for the uninitiated.
As another reply said, they haven't done that since June. https://www.opendns.com/no-more-ads/
Worth mentioning that namebench doesn't list it for OpenDNS (it's a whopping 2x as fast as my ISP's) whereas NX hijacking is listed for my ISP which obviously has an interest in injecting targeted ads.
Cloudflare are terrible for your privacy. Check https://www.opennic.org/
Posts on cloudflare worth reading:
r/privacy/comments/88ubrh/cloudflare_makes_it_harder_for_isps_to_track_your/
r/linux/comments/88be4g/cloudflare_dns_resolver_test_it_now_at_1111_1001/
r/privacy/comments/88qqjf/fastest_dns_from_cloudflare_privacy_first_hmmm/
r/privacy/comments/41cb4k/be_careful_with_cloudflare/
r/selfhosted/comments/88xuq0/cloudflare_launched_public_dns_resolvers_1111_and/
Based on some research https://www.opennic.org is my go to dns for privacy/anti-censorship. But its nice to have an non-google alternative anyway, whether its of questionable privacy wise, or not. (cloudflare)
No doubt they are just using this to discover which few websites are not already signed up into their centralized web. Once all the world is behind their system they can block all Tor users and demand a national ID card to access websites.
Speaking as one of the few users who took part in the private beta when they transitioned from from Project HoneyPot years ago - avoid CloudFlare like the plague that it is.
You can block ads and trackers in your browsers and apps without installing any application. On Android 9 and above, You just have to go to :
Settings - > Wifi & Internet - > Private DNS
Select "Private DNS provider hostname" and type
dns.adguard.com or p2.freedns.controld.com or
dot-de.blahdns.com You should also check out https://NextDNS.io, which allows customized blocklists
This is the term I’ll be using if it turns out that DDG collects user data anyway because of gag orders in the USA. Imo, they should move their legal HQ to Switzerland just like Quad9 did recently to add more weight to their privacy claim.
Route53 (for DNS queries) has a 100% SLA. This doesn't hold for the control plan, which has occasional outages. But, as far as I'm aware, Route53 has not breached that SLA for query responses.
There are plenty of other factors I'd take into consideration for DNS before thinking about availability.
https://adguard.com/en/privacy/dns.html They only do aggregated logging (ie, no user IP is included) to improve performance, identify the new addresses to block, and remove outdated ones. Seems to be pretty similar to what Quad9 collects https://www.quad9.net/privacy/policy/ aggregated logging to detect new threat, monitor performance and remove false positives
Everyone in this thread is clueless, that is the secondary Quad9 server at 149.112.112.112. You can do nslookup rpz-public-resolver1.rrdns.pch.net. to confirm.
> Secure IP: 9.9.9.9 Provides: Security blocklist, DNSSEC, No EDNS Client-Subnet sent. If your DNS software requires a Secondary IP address, please use the secure secondary address of 149.112.112.112
Sounds like a DNS issue. Maybe switch your DNS settings from Time-Warner's DNS to Google DNS? [edit] That's what I use and it pretty much eliminates any blind spots like you describe. You can make the switch temporarily and see if it makes a difference, if you are averse to letting Google be your DNS provider.
It only appeared to be down. They were switching to movies.netflix.com
for some reason, and those of you without quick DNS providers got left in the dust until the information propogated.
Disclaimer: Obviously nothing is perfect, kids should always be monitored when using the internet.
I did nothing extensive because things were generally secure from the start.
I didn't give her a sudo password, installed and set rkhunter to occasionally run a scan, and made sure the firewall was up and running.
I also implemented some rudimentary content blocking via OpenDNS. It's fairly easy to do for a single device. You could accomplish the same thing with PiHole if you'd like something more fine grained or under your control.
This is a rather blunt tool I put in place for additional peace of mind. It's still possible to find adult content on a site like say, reddit, for instance. Any kid old enough to go looking for that kind of content is probably smart and/or determined enough to find it on non-porn websites. But OpenDNS or PiHole might prevent you from having an awkward conversation before they're ready.
I'm an addict, but I set up OpenDNS (www.opendns.com) on our home network. This both filters out adult content and will log what websites are accessed and when, *even when using incognito mode*.
While this won't help you prove he hasn't used in a year, it may help you feel better moving forward.
Of course, he can always switch to a mobile device and a mobile data network...if he has an iPhone I'd recommend asking to see his "Screen Time" app, which shows what he's been doing on his phone for the past 7 days.
> Sean Goltz, a senior lecturer at Edith Cowan University Joondalup’s school of business law, said there were arguments for technology’s positive impact on our ability to connect and access information, but the internet was inherently bad.
Yeah, I wouldn't use an article like that to back up your argument. There are so many controls that are easy to put in place on devices that you can use to access the internet. If kids are accessing stuff that they shouldn't be, then it's the parents that have failed. It's understandable though as there's a fear bred from articles like the one above.
Letting kids have unfettered access to the Internet is like letting them loose in a library. There's some amazing stuff out their that can enrich their lives, but there's also a lot of stuff that you as a parent may want to keep them away from until they're older.
With iPads, it's trivial to control what apps the kids can load. If you're concerned about what they might be browsing on the Internet, set up something like Family Shield from OpenDNS. That's what I used before I set up a proper firewall at home (I'm in IT, that's probably beyond where most parents would go).
A parent's job is to keep one step ahead of their kids with pretty much everything they do, but don't be misled into blanket bans on things like technology as they could end up missing out on some great stuff.
Look at grammar and spelling very closely, often these attacks are coming from Africa or Eastern Europe and you can tell the writer's primary language isn't English.
Threats of "account suspension for (insert reason)" if you don't click a link and "verify" your account information right away. If in doubt, forward the e-mail to campus tech support and they can tell you if it's legitimate.
Mousing over any links shows that you're being sent to some other website than an office on campus. Often, there will be a ".ru" or other foreign extension instead of ".edu."
E-mail claims to come from "Campus Technology Services" or some other generic name, but there is no such office on campus.
Here is a good quiz that you can take to see if you can spot legitimate websites vs. fake ones:
You can do this now if you like :
https://www.opendns.com/home-internet-security/
Set your home router up to use their DNS servers and you’re 1000x more effective as porn filtering than you are right now.
It’s free and pretty effective.
Came to say this! Ad blockers!!
Also relevant: Raspberry Pi DNS based Adblock
I use both (raspi as primary & opendns as fallback). I also configured the Pi to replace ads with cat gifs.. it's great!
openDNS family shield, you can change you router's DNS to these DNS setting and it catches a lot. Not a solution to your situation but a step that can help.
For a rock bottom solution many consumer routers offer scheduled internet access so it could turn off at bedtime and on in the morning. I have an Asus AC66u that has this although there are better options now. As far as filtering you could use something like opendns family shield which will restrict the general content that's available https://www.opendns.com/setupguide/?url=familyshield. From there just make sure all your kids devices are fed from that router.
I'm in the same situation with kids getting internet access and am looking at setting up Sophos UTM on an old computer I had lying around. This enables more control/logging/ and virus scans for downloads with a more friendly gui than pfsense.
Really it comes down to how much time/money you want to invest, how technical your kids are, and how much control/logging you want.
Darò per scontato che tu abbia familiarità coi DNS e coi motivi per cui uno potrebbe volerli cambiare.
Vodafone ha storicamente sempre filtrato tutte le richieste DNS con la scusa della sicurezza, in pratica potevi mettere il DNS che volevi ma comunque la station avrebbe intercettato la richiesta e avrebbe risposto lei con DNS Vodafone. Se googli trovi molta gente che se ne lamenta.
L'unico modo sensato per aggirare quel filtro era DNSCrypt, non comodissimo e utilizzabile solo su pc e portatili. Da circa sei mesi invece (credo grazie all'intervento di qualche autorità) è comparso nel pannello di controllo della station il tasto "Secure DNS" accompagnato da questo spauracchio:
>Keep Secure DNS setting to ON in order to prevent malware to infect your devices and direct your Internet traffic to malicious websites. You can turn it OFF if you wish to manually configure the DNS on your devices.
Tra l'altro sniffando il traffico, sebbene al momento le richieste DNS vadano a chi di dovere, si può notare come la station si metta ancora in mezzo. Una richiesta DNS per "A sito.com" viene modificata prima in "A sito.com.station", poi in "AAAA sito.com.station" e solo dopo che sono falliti i primi due verrà richiesto "A sito.com". (Ma questo credo sia un refuso nel firmware, rimasto da quando i DNS erano per forza vodafone.)
>Also, la tua casa dista molto dal cabinet?
A me la fibra entra in casa, non credo abbia senso parlare di cabinet.
So technically it wasn't tracking software...just opendns adult content site blocker. He'll figure out how to disable it when he puts his mind to it.
I believe this is the responsible thing.
OpenDNS Family Shield. Just a quick run down, when you type in an address, like "reddit.com" your browser sends that address to the DNS server. Your DNS server turns that into an IP address (198.41.208.139). If your DNS server is set to Family Guard, and you try going to a blocked site, the server won't give your PC the right IP address. https://www.opendns.com/home-internet-security/parental-controls/opendns-familyshield/
Quad9 is blocking (or was recently) lookups to ak.privatelink.msidentity.com
IBM X-Force Exchange has marked the domain as malicious.
login.microsoftonline.com has the above address as it's CNAME entry.
https://www.quad9.net/result/?url=ak.privatelink.msidentity.com
Looks like IBM X-Force Exchange just performed a security analyst review and marked the domain safe.
Try googling for secure dns.
If your country firewall is shitty enough. You won't need VPN
But I don't recommend torrenting if you're not in a third world country. As this doesn't hide your ip, just unblock it.
Reddit is blocked in my country. But all is well using secure dns.
https://developers.cloudflare.com/1.1.1.1/dns-over-https/web-browser
https://www.quad9.net/news/blog/enable-private-dns-using-quad9-on-android-9/
Also, Quad9 has a human rights policy, rather than being the punchline to the joke about how many nazis are at the table. And they're a privacy-centric non-profit, rather than surveillance capitalists.
I would advice against cloudflare, since they bought this IP to be able to test their anti ddos and other security tools.
9.9.9.9, or (quad9)[https://www.quad9.net] is fast and protects you from malicious websites.
For another another option there is quad9, 9.9.9.9, who claim to block known malicious sites. Their privacy policy is reasonable, but it is of course up to the end user what service to use.
All of the alternates likely collect less information than google does, though.
I have been using these DNS servers for quite a while. Last night's fiasco still hit me. Fortunately we'd already killed almost all of the sleepers in the wave and logis were apparently not on Comcast so we survived the ordeal.
Google provides a public DNS as a free service. That still didn't help last night as it was not a DNS related issue. Some router somewhere choked and died or someone rebooted it without a backup that could handle the traffic.
Just hard-code your own DNS addresses:
You can use OpenDNS: 208.67.222.222 208.67.220.220 Instructions - btw, you don't have to sign up for the free account or any account, just configure your PC to use the OpenDNS servers.
Or Google DNS: 8.8.8.8 8.8.4.4
Maybe it's time to create an alternate DNS resolving service that acts like Google Public DNS (http://code.google.com/speed/public-dns/). Domain owners can register into the service (free or donation based) and after validation can freeze their DNS records. So if a domain is seized the site is still accessible if people are using these servers as resolvers. This could give enough time for sites to rename and renumber their assets and relaunch. If a domain isn't registered through the service no caching is setup and the request just passes through to the root name servers.
Even if a site didn't register for the service it could be possible to force old records after seizure. And this would be a lot easier to do than setting up an alternate naming system that is more open and less prone to a single government action taking things down. The creation and adoption could take years for a new and more secure system to take hold. This could be setup and launched is a much quicker fashion and not force people out of the normal domain registration paradigm.
My only problem is I couldn't do it.. US citizen.. It would still be subject to seizure if I were to build the system :(
Sadly not purely with Eero. The simplest way to achieve this (the least technically involved one) would be to use OpenDNS, which lets you sign up and configure filters, then you can set that as your DNS in Eero. That doesn’t let you filter on one network but not on the other, however.
The more technically involved option, which would probably enable you to filter on just one network, is to run your own DNS resolver locally. Pi-hole is super popular for this kind of thing, so you’ll find plenty of tutorials and documentation for it.
I think you have something backwards here. Google is 8.8.8.8 and 8.8.4.4. https://developers.google.com/speed/public-dns/
OpenDNS is 208.67.222.222 and 208.67.220.220.
They have their own, competing "standard" if you will... https://www.opendns.com/about/innovations/dnscrypt/
Although OpenDNS is now owned by Cisco, so maybe they will adopt this standard as "better" than the last?
In the end, it comes down to who do you trust for DNS, cause if you "tunnel" "securely" to OpenDNS or Google DNS, do you really think they're going to do any less shady (monetizing) things with your DNS than some of the major ISP's have?