Synology DNS to Force Google SafeSearch
I had been looking at improving the multi-device family based security within the network. Having two children increasing their use of the internet and differing requirements to my own.
I wanted to force google safe search to run by default on my network. I had already slotted in OpenDNS to protect a region of the network, but a recent childsearch when investigating chickens, and looking for cockerel but having been abbreviated to the first four letters produced results that werent wanted.
I wanted a network approach to force safesearch on. OpenDNS doesnt support this, but has an article around it here: How-to-Enforcing-Google-SafeSearch. I had a look at dnsthingy, but my router wasnt on the supported list, and it would also cost US$8 per month.
I had a synology disk station in my network stack, which is always on, so seemed like a good opportunity to leverage its DNS capabilities. This article will assume that you have adjusted your network config to make your synology the nameserver, and I will write about that soon. The important thing is that your computers use the synology dns server, 192.168.2.101 in my case:
Lets look at the end result:
Now this for me had to appear when i typed the search into google.com on any pc. I am in australia so I need to adjust the entry for google.com and also google.com.au, you may need to do the same adjustments for your own country.
To make this work, I tried adjusting the CNAME entries, without obtaining the desired results, so I just setup the A records and overrode the IP to the google safesearch one - 216.239.38.120. Now of course if google ever changes this, some network reconfiguration will be required.
So on my synology, add in a new www.google.com master zone (don't do a google.com zone as all sorts of things will break, like mail.google.com etc). Do the same for your country's TLD.
Create an A type record
Then check with a ping on your system.
Now go to google.com enter your search and check you are getting safe results.
I wanted to force google safe search to run by default on my network. I had already slotted in OpenDNS to protect a region of the network, but a recent childsearch when investigating chickens, and looking for cockerel but having been abbreviated to the first four letters produced results that werent wanted.
I wanted a network approach to force safesearch on. OpenDNS doesnt support this, but has an article around it here: How-to-Enforcing-Google-SafeSearch. I had a look at dnsthingy, but my router wasnt on the supported list, and it would also cost US$8 per month.
I had a synology disk station in my network stack, which is always on, so seemed like a good opportunity to leverage its DNS capabilities. This article will assume that you have adjusted your network config to make your synology the nameserver, and I will write about that soon. The important thing is that your computers use the synology dns server, 192.168.2.101 in my case:
ipconfig /all Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : homezone Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6230 Physical Address. . . . . . . . . : 88-53-2E-A3-D6-67 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::315a:de6:b8f5:ae09%5(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.140(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, 28 August 2016 5:29:49 AM Lease Expires . . . . . . . . . . : Sunday, 28 August 2016 11:04:18 AM Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.101 DHCPv6 IAID . . . . . . . . . . . : 59265838 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-38-93-AD-E8-E0-B7-17-A8-52 DNS Servers . . . . . . . . . . . : 192.168.2.101 NetBIOS over Tcpip. . . . . . . . : Enabled
Lets look at the end result:
To make this work, I tried adjusting the CNAME entries, without obtaining the desired results, so I just setup the A records and overrode the IP to the google safesearch one - 216.239.38.120. Now of course if google ever changes this, some network reconfiguration will be required.
So on my synology, add in a new www.google.com master zone (don't do a google.com zone as all sorts of things will break, like mail.google.com etc). Do the same for your country's TLD.
C:\Users\..> ping www.google.com.au
Pinging www.google.com.au [216.239.38.120] with 32 bytes of data: Reply from 216.239.38.120: bytes=32 time=53ms TTL=51 Reply from 216.239.38.120: bytes=32 time=54ms TTL=51 Reply from 216.239.38.120: bytes=32 time=53ms TTL=51 Reply from 216.239.38.120: bytes=32 time=53ms TTL=51
Ping statistics for 216.239.38.120:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 54ms, Average = 53ms Now go to google.com enter your search and check you are getting safe results.
Comments
Post a Comment