David Szpunar: Owner, Servant 42 and Servant Voice

David's Church Information Technology

June 11th, 2007 at 12:00 am

OpenDNS Does Free Adult Blocking from St. Bernard!

OpenDNS has listened to their users and released Adult Site Blocking to complement the rest of their DNS arsenal! True, ScrubIT beat them to it, but when you combine the reporting, the ability to sign up for accounts now (I still haven’t been invited to the ScrubIT beta and signed up well over a month ago), the ability to select from six different categories of adult content blocking, and the source of the block list, you have a rather well thought-out combination that gets my vote!

They are using St. Bernard for the block list, the company that makes the iPrism for corporate content filtering. I’ve had some contact with them recently (watched an online live demo and gotten some quotes — the demo was impressive but not worth the time given the price of the quote vs. our budget) and they seem to be a classy company, near the top of the choices for premiere content filtering.

OpenDNS also allows you to put your custom image on the block page (for their typo correction, not just the content filtering). Their service is already being put to use in several churches, but I can’t help thinking this will bump that trend right on up! Andrew Mitry at Anchorite switched from OpenDNS to ScrubIT in March (it sounds like he either used OpenDNS before or liked it, hard to tell from that post), while at the same time commenting that OpenDNS appeared to be more mature (an assessment I’d fully agree with). This is the first time OpenDNS has responded with a content filter on this level however. In my experience (and I’ve corresponded with several of the OpenDNS staff including owner David Ulevich), OpenDNS doesn’t do something unless it can be done right, and going with a large provider like St. Bernard for their list sounds just like something they’d do.

Now, to test extensively! Detailed reporting (especially at the user or internal IP level) is really the key component missing from this service, since you can add your own blocked domains as well. I also don’t see a way to override specific blocked pages if you run into a site categorized incorrectly (although OpenDNS is known for adding additional control features later on). And, while it will catch direct-access porn and other adult content, it can’t do much for direct-IP access sites, or a bigger threat, open proxies (possibly the most well-known being Google’s own English-to-English translator, among hundreds of others) since it’s not doing URL filtering or any content inspection, just DNS blocking. But it’s a good first line of defense, at an even better price. Our free wireless internet is getting switched over post haste!

  • 1

    […] David Szpunar posted about a new Adult Site Blocking service from OpenDNS this morning. This is great news, as that I have had great experience with OpenDNS and so far they have been extremely reliable and responsive. After ScrubIT blocked Google.com, I was hesitant to re-enable them on the church network (especially since we never got a response about what happened). […]

  • 2

    I’ve been using OpenDNS for a couple of days now, having resolved some issues with my ISP, which you can read about on http://www.sciencetext.com

    I too would like to be able to override their filters on an adhoc basis, but don’t believe this can be done.

    But, I am intrigued by your comment on English2English translation via Google, how do you do that? Is it simply an obvious URL hack?


    David Bradley on June 28th, 2007
  • 3

    You got me. I haven’t actually tried the Google trick, I’ve just heard about it. So I did a Google search (what else? :-) for “bypass proxy with google translation” and found a plethora of sites…yes it’s a URL hack, according to O’Reilly. There appears to be two alternate methods according to tech-recipes: using Google’s Mobile Device proxy, and viewing pages from their cache.

    I tested the URL hack for the translate service and it worked perfectly for me! It redirects links on the site through the translator as well, so other than the top frame it’s pretty seamless. This would bypass the OpenDNS blocks but if you were running something like DansGuardian and it caught a page with the actual content filtering, it would still be blocked.

    Also, from what I’ve read, some other commercial filters know about this stuff and look deeper into the URL to block proxies like this. I’m not sure of which ones off the top of my head. But that’s just not possible at the DNS level to my knowledge, since only the top level domain (TLD) is ever passed to the DNS server.

    David Szpunar on June 28th, 2007
  • 4

    I’ll this out further an report back if I find out any more. Thanks for taking the time to investigate


    David Bradley on July 5th, 2007
  • 5

    OpenDNS is so much more than content filtering (which they’ve extended by the way). They can now protect against DNS rebinding attacks.


    David Bradley on April 25th, 2008
  • 6

    @David Bradley: That is good to know; I’m going to have to do some more research on DNS rebinding attacks now! I know about their extended content filtering already; that’s another cool new feature! They’ve taken their PhishTank community-voting setup and moved it over to categorize sites. Good move in my opinion!

    David Szpunar on April 26th, 2008
  • 7

    how can i bypass my dad’s opendns service, he’s blocked almost every page now, i can’t get into myspace, and i’ve tried using a proxy anonymizer but he blocked them as well, can anyone please help me.
    i wanna try using the translation pages

    Raul Laforcada on July 2nd, 2008
  • 8

    @Roul: Sorry, I have tested bypassing OpenDNS as an educational experiment to assist IT people in making informed blocking decisions. I will not provide customized consulting to someone trying to break through web filtering that they are supposed to be subject to. Moreover, I personally do not like MySpace and consider it the source of some of the worst web design in existence, not to mention the malware that has propagated through that site in the past, and thus would not condone getting through filters to get there anyway. Your dad has done you quite a good service to block MySpace in my opinion, if only more people felt the way he does :-)

    David Szpunar on July 2nd, 2008
  • 9


    I agree, MySpace is crap, but I don’t think parental filtering of such sites is on. Why hasn’t your dad given you a chance to discuss MySpace, it’s not like it’s hardcore porn or anything is it? Talk to him. He may have serious misconceptions about the web and what is and what isn’t out there. Gee, there are some sites that try to debunk evolution through pseudoscience, I’d be more worried that my kids were visiting those than MySpace!

    Meanwhile, check out this post on how to open banned sites (VPN is the key).


    David Bradley on July 7th, 2008