1

I want to set up a router to block the whole of the internet except for user-specified domains.

Similar questions have been asked here (like this), but they're asked by people who are aiming to manually implement things that I don't understand. I'm just a layman and I'm not anywhere near equipped to do that. OpenDNS has a service like this, but in order to access it, you have to have a "Home VIP" account which costs $20/year, and you can only whitelist up to 50 sites.

The two main drawbacks of the OpenDNS route are that it costs money and that the limit on the number of sites you can whitelist is fairly low. I would prefer 100+.

Does anybody know of a service that can provide this functionality, or something close to it?

Improve this question
3
  • 2
    I don't mean to be mean here, "I'm just a layman and I'm not anywhere near equipped to do that." pretty much means most of the answers you'd get here is out of the scope of the site - have a quick look at the faq to get what I mean. I'd also consider what is free to me - would you accept a simple solution you run yourself (untangle is worth a look), or if you want to make your current gear do this. There's always a tradeoff and its useful to ask yourself what that tradeoff is, and what skills and resources you're willing to put into it - as per @wesleydavid's answer.
    – Journeyman Geek
    Commented Mar 31, 2013 at 6:31
  • This is normally done through the use of a web proxy server such as squid, not via DNS hacks.
    – Michael Hampton
    Commented Mar 31, 2013 at 15:52
  • I would just use statdns.com/api to do DNS queries through HTTP and circumvent your system.
    – Ryan Ries
    Commented Mar 31, 2013 at 16:10

1 Answer 1

Reset to default
4

So you want:

  1. Something that enables you to only allow white-list based DNS resolution to 100 or more domains.
  2. Something that's point-n-click simple, or nearly so.
  3. Has to be free.

The answer is, in a word: NOPE.

Furthermore, know that using DNS as a method of locking down users will require you to restrict all DNS queries leaving your network. Queries will need to be only allowed out of your firewall if they are aimed at approved DNS servers. Doubly furthermore, users can simply edit their hosts file or use some kind of internal DNS server to circumvent that as well.

"My users aren't technical. They won't do that."

They might not be technical, but never underestimate the mental stamina of a person intent on checking their fantasy football brackets. Or porn. It's always porn. People go from "I FORGOT HOW TO COMPUTER" to "I'm haxen ur boxxen lol" before the workweek is out to get what they want.

"I've locked everything down and no one can mess with any setting that pertains to name resolution."

Well okay then. Make sure you attempt to falsify that statement. Preferably using a test subject under the age of 16 who wants to surf a torrent site.

Oh noes what do I do?!

In a choice between free, highly functional, and Fischer Price easy, you can have two. Maybe. My recommendation is to set up your own internal DNS server and make your own whitelist. Too technical? What you're asking is, by nature technical. Thus you either exchange currency for it or the sweat of your brow.

Parting notes: Make sure to block all outbound DNS queries except from that server you set up. Otherwise, stick to OpenDNS and see if you can raise the whitelist limit. $20 isn't much for the whole year. You could probably find that much change on the street. Hint: Check the sofas at shoe stores. Not that I've done that or anything.

Okay I have.

Improve this answer
1
  • That relies on the assumption users have root on their individual devices.
    – DMCoding
    Commented Nov 27, 2018 at 7:58

Not the answer you're looking for? Browse other questions tagged .