March 13, 2019

[Parental Control] OpenDNS, ddclient

There are several ways of parental control, and usually single solution is not enough.
Here is how internet is used from home setting:

User → device (ipad, computer) → [home router] → Internet

DNS is like a yellow book.  When user types this URL "" in the browser, computer looks it up on DNS, it responses with it's address ("IP"), and then it uses the IP to get to the destination.
Parental control can be done in each layer:
  • User (by parents)
  • Device
  • Router
  • DNS
In this posting, User and DNS level control is discussed.

Parental Control at User Level

Educating children and set usage limit is the most important.

Set rules on:
  1. Time
  2. Place
  3. Content
I trust my kids, but don't trust those sites.  They want traffic to make money and they'll do anything to trick or attract people to visit the sites.
  • Time limit - duration of use and time of the day. 
  • Agree on where in the house the devices will be used.
  • Talk about content types - what's inappropriate, and some sites may be harmful for them and also might damage the device (e.g. virus).

Parental Control with DNS

Blocking is done at DNS, it simply denies to give the address for inappropriate sites.  Set devices to use OpenDNS to block inappropriate sites.

Two methods to change it:
  1. On each device
  2. On home router
Changing DNS setting in device is different for each device and for routers.  If you don't know how, just search for it, or visit this page -

A couple of ways to use OpenDNS:
  1. Use predefined settings:
    Just sent your devices' DNS to these without any registration.  It has pre-configured family setting (for "Family Shield"): 
  2. Use custom settings:
    Register with OpenDNS, update your IP with them, and it will block with customization -- custom category, custom blacklist (unfortunately, limited to 25 entries).
Custom OpenDNS Settings

Benefits of using custom OpenDNS:
  • Custom message on blocked sites
  • Customize categories to block
  • Customized black/white lists (up to only 25 though)
I won't go into details here, however.  It is assumed you have some advanced knowledge, otherwise search on the topic.
  1. Register -
  2. Update your dynamic IP with OpenDNS, one of these methods:
    1. via web page, manually
    2. Windows
    3. Linux
    4. Mac
These days, with high speed internet, even if it's dynamic IP, it doesn't change often.  So even your computer is turned on once every a few days for short period of time, running on that computer to update the IP with OpenDNS will be suffice.

For Windows and Mac, just search for "ddclient" and will find the applications.  Examples (not tried):
For Linux, I use 'ddclient' to update the setting at OpenDNS.  As of January 2019, OpenDNS has changed a few things around, and the older way (using ddclient directly to opendns) doesn't work any longer.  You must use dnsomatic until OpenDNS change their way.
  1. Set DNS to and (different from FamilyShield DNS)
  2. Go to and use your OpenDNS ID/PW.  And set up things there.
  3. Set up ddclient, or wget/curl.
ddclient settings for dnsomatic:

use=web,,      \
protocol=dyndns2,                  \
login=dnsomatic_username,          \
password=dnsomatic_password        \

curl or wget:

curl --user "username:password" ""

wget --user "username" --password="password" ""

Advantages of using ddclient:
  • It supports other dynamic IP DNS services.  (Now with service, you can also do that with dnsomatic settings.)
  • ddclient caches IP address it updated previously and if it hasn't been changed, it won't update again.

No comments: