The Internet is a fantastic place filled with helpful resources, ways of connecting with friends and family, and the answers to many of your questions. Unfortunately, it is also filled with predators, misinformation, and people looking to compromise your systems and identity. If you have kids, the Internet is can be especially worrisome. The best approach is to teach your kids good Internet skills. But for extra protection, Internet filters like OpenDNS can be helpful. How does OpenDNS work and how well does work? Let’s dig in.
What is OpenDNS?
Before I address what OpenDNS is, let’s briefly discuss what DNS is. Domain Name System, or DNS, is the system that assigns names to IP addresses. Imagine having to remember 184.108.40.206 instead of google.com, or 220.127.116.11 instead of youtube.com. DNS maps names to IP addresses to make services like websites much easier to remember.
Computers that connect to the Internet use DNS servers to locate the sites and services they are connected to. By default, they usually start with the DNS servers specified by your Internet Service Provider (ISP), but most devices allow you to change your DNS servers. That’s where OpenDNS comes in.
OpenDNS maintains a database that categorizes domain names. Using these categories, you can filter the servers that computers can connect to after setting your computers (or your router) to use OpenDNS. These filters include pornography, drugs, gaming, academic fraud, and many other categories. You can also choose specific domains to block or allow to enhance or override the OpenDNS standard filters.
OpenDNS plans and pricing
OpenDNS has three plans targeted at home users:
- Family Shield — This plan lets you use OpenDNS servers in their default filtering configuration. This primarily filters porn and proxy/anonymizing sites. You can’t configure the filters in this plan. You also don’t need an account to use this plan, but without one you lose access to all logs and reports.
- Home — This plan is similar to Family Shield but adds the ability to configure which filters are enabled and the ability to ban and whitelist individual domains. You need to create and account to use it. With that account you can view logs and reports of domains that are accessed and blocked.
- Home VIP — This is the only paid plan of these three, with a fee of $19.95 a year. It works just like the Home plan, but with enhancements. First, it increases the number of individual domains you can ban and whitelist from 25 to 50 domains. Second, it increases the time you can go back and view reports and logs from two weeks to one year. Lastly, it has a whitelist only mode that restricts browsing to only the domains you specify.
For most people, OpenDNS home will work just fine, and it’s free.
How to configure OpenDNS
Sign up for an account
If you are using OpenDNS Home or Home VIP the first step is to create an account, which you can do with just an email address and password. OpenDNS then provides detailed instructions for how to change your DNS settings at the router level or at the individual device level. If you change your DNS settings at your router level you’ll be affecting most, if not all the devices on your network. You may want to test with an individual computer first.
Configure your filters
You need to log in to your OpenDNS dashboard to configure your content filters. The first time you log in you’ll be asked for your network’s IP address. For starters, just accept the one it has detected. We’ll come back to the network IP address configuration later.
Via the dashboard you can set the OpenDNS filters to one of four predefined levels; High, Moderate, Low, and None. You can see which categories are included by default in each of these levels. You can also customize the categories. Another approach is to choose the custom setting and handpick which categories you want to block.
As I mentioned earlier, you can also block and whitelist individual domains. This is helpful if a filter doesn’t catch a site you want it to block. It’s also helpful when a filter blocks a site you don’t want it to block.
If you want OpenDNS to retain logs and statistics, you’ll need to turn that feature on. You can purge the logs at any time, in case you want to start fresh.
Configuring security and advanced features
In addition to filters, you can also configure three security settings:
- Malware/Botnet Protection — This feature blocks botnet and malware sites that OpenDNS has identified.
- Phishing Protection — This feature blocks known phishing sites.
- Suspicious Responses — This helps block DNS rebinding attacks.
Even though they appear to offer limited protection, I recommend you turn the Malware/Botnet and Phishing protection on. I also recommend you leave suspicious responses off because this could cause problems with local sites on your network.
Additional configuration options include creating a custom block page (the page displayed when OpenDNS blocks a site), caching for better DNS performance, and network IP address configuration, which I’ll discuss next.
Network IP address configuration
OpenDNS logs activity and sets custom filters based on your network’s IP address. The problem for most home users is that their home network IP address is dynamic; ISPs typically change your home network IP address from time to time. OpenDNS provides a utility to automatically update your IP address when it changes. Also, many routers, like my pfSense router, come with this capability built-in. You just have to configure it with your OpenDNS credentials.
My Experience with OpenDNS
I started using OpenDNS in 2020, during the pandemic. My kids were homeschooling and spending all day online. They had self-discipline problems with staying off of time-wasting sites, and I wanted an easy way to block them.
I configured OpenDNS on their machines and it worked pretty well. The fact that the kids didn’t like it is a testament to its effectiveness. I used the custom filter and hand-picked which categories I wanted to block. I also used the individual domain block and whitelists to fine-tune the filters. One thing to note is that although you can adjust the filter in real-time, it sometimes takes a few minutes for those changes to take effect.
The reporting works well and has the filters and options I need. One thing to note is that your reports will have domain names, not websites, as this is what DNS logs. Sometimes the domains called by websites are not websites themselves. And sometimes the services computers access are not web sites.
There are many alternatives to OpenDNS. Here are a few of the more popular ones, some of which don’t have a free offering:
- NextDNS (free for up to 300,000 queries a month)
- Cloudflare Gateway (free for up to 50 users)
- NxFilter (free)
- Most useful options are free
- Basic configuration is straight-forward
- Fairly granular filtering options
- Robust set of reporting options
- No way to have separate settings for different computers
- Initial configuration can be difficult for some users
Overall, I’ve found OpenDNS to be a good web content filter for my children. It has all the features I really need, and it’s free! It’s also a good complement to Google Family Link, which I use on Android devices.
You can also learn more about protecting yourself and your family online in my book The Personal Cybersecurity Manual: How Anyone Can Protect Themselves from Fraud, Identity Theft, and Other Cybercrimes.
Have you used OpenDNS? Do you use a similar product? Let me know in the comments!
Interested in supporting HomeTechHacker?
Have you found the content on this site useful? If so, are you interested in supporting me and this site? There’s no obligation of course, but I would really appreciate any support you can give. Below are a few ways you can show support:
- Share this site with your friends and on social media (use the sharing links at the end of this page for your convenience)
- Subscribe to this site
- Purchase one of my books, The Personal Cybersecurity Manual, The Home Network Manual or The Smart Home Manual, for yourself or as a gift
- Put a link to HomeTechHacker on a site you have access to. Be sure to let me know about it!
- Reach out to me via my contact page or Twitter and let me know something I should write about
- Shop at Amazon through my affiliate links and ads on these pages. See my disclosures for more details about affiliate links. You can also just shop from one of the links below:
- HomeTechHacker Shop: This is a listing of products that I use, have reviewed, and that I recommend
- HomeTechHacker Technology Advisor: This suite of tools will give you customized home technology product recommendations based on your needs
- My Amazon affiliate link: Just click on this link to go to Amazon and shop
Thank you! I really appreciate it!