OpenDNS

I have curious kids. Their iPods, tablets and laptops give them access to anything on the internet - unfiltered.  Sure I can load parental controls on the laptops but that doesn't help the iPods or tablets.  I know they are going to grow up, just don't want them to see everything the world has to offer just yet.  So after looking into it a little bit I found out about content filtering through DNS.  DNS is basically a phonebook for computers - you put a computer name in and get it's IP (phone) number.  IP very much like a phone number and how computers know who to talk to.  DNS just lets us humans work with words instead.

The trick with content filtering with DNS is where the DNS provider categorizes each website into topics like politics, phishing, alcohol or porn.  Then you get to select which categories you want to let through. So when you say to filter out all porn sites, it will not give out those IPs (phone number) to any device on your network be it a iPod, laptop, phone or tablet!

Now, no technology is foolproof and this is no exception.  It can be bypassed in one of these three ways:

1. If you already know the IP address you can type it in directly.
2. There is a way to reconfigure a laptop to use specific DNS servers.
3. They can go to someone else's house that does not have these sites blocked.

Also, this does not block site like YouTube where you can find almost anything.  But it does take care of the dedicated sites.  There are several providers out there - most are free - but I chose OpenDNS because it was the largest and easiest and free! 

The first step is to go to OpenDNS and setup an account.  They also have instructions on how to configure your router (better than mine).  

Next you have to go to your router's configuration page and enter OpenDNS's IP addresses into your DNS server fields. This is where you put it in DD-WRT:

Be sure to click save/apply, and some routers may require rebooting.  All devices on your network will get the new DNS server IP addresses then next time they restart.  

Now, there's one more step.  The same way laptops and tablets get a new IP address every time they connect to your network, your network might get a new IP address when connecting to your ISP.  The problem is that your LAN's IP address is how OpenDNS knows what your preferences are. So, in order for OpenDNS to know what your preferences, you must keep your IP address updated in their system. Painful? No!

Go to OpenDNS' site and down load the Updater.  It's a simple little application that runs on one of your laptops and periodically checks in with OpenDNS to tell them your network's IP address. I suggest installing it on a laptop you use frequently.  Or, if you have DD-WRT on your router go here and follow their instructions on how to configure your router to do it - very elegant!

DD-WRT on ASUS RT-AC66U

I've had the ASUS router for a little over a year now and love it.  It has been one of the best routers in terms of range, speed, quality of connection (no drops) and ease of management (the firmware).  However, I wanted to dig into it a little more and try a few things out (cause I'm a geek).  But the firmware could did not have any advanced features.  So I started looking into DD-WRT and much to my surprise the RT-AC66U was supported by DD-WRT. Awesome!

Turns out there were many options for me.  After some digging I found out that ASUS' firmware was based on Tomato, a sister/cousin of DD-WRT.  ASUS had put a lot of effort into making it very friendly and pretty, but underneath was Tomato.  The other thing that I found out was that ASUS had made it VERY easy to switch back to stock firmware.

I found Merlin's Asuswrt-Merlin which is based on ASUS' code.  He's even contributed back to ASUS with bug fixes and new features.  I tried Merlin's version and I like it: very close to the beautiful ASUS UI, zero learning curve.  But in the end not enough features I was interested it.

In the end I chose DD-WRT because it had all of the features I would need PLUS SOME! Plenty of gurus and fanboys, and lot's of instructions already out there. I like to geek out but don't have time to reinvent the wheel.  Specifically, I chose Kong's releases since he seemed to be leading the charge with my model router.

The main blog I used to walk be through the installation was Victor's Blog.  I ended up switching back to stock firmware for a couple days because DD-WRT would not route WAN traffic.  Turns out step #8 was critical, you had to CLEAR NVRAM again.  The next time I tried it - and used the correct command - everything worked perfectly!

In the next few days, I'll post my configuration changes to work the way I need.