Synology DNS to Force Google SafeSearch

I had been looking at improving the multi-device family based security within the network. Having two children increasing their use of the internet and differing requirements to my own.

I wanted to force google safe search to run by default on my network. I had already slotted in OpenDNS to protect a region of the network, but a recent childsearch when investigating chickens, and looking for cockerel but having been abbreviated to the first four letters produced results that werent wanted.

I wanted a network approach to force safesearch on. OpenDNS doesnt support this, but has an article around it here: How-to-Enforcing-Google-SafeSearch. I had a look at dnsthingy, but my router wasnt on the supported list, and it would also cost US$8 per month.

 I had a synology disk station in my network stack, which is always on, so seemed like a good opportunity to leverage its DNS capabilities. This article will assume that you have adjusted your network config to make your synology the nameserver, and I will write about that soon. The important thing is that your computers use the synology dns server, 192.168.2.101 in my case:

ipconfig /all
Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : homezone
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6230
   Physical Address. . . . . . . . . : 88-53-2E-A3-D6-67
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::315a:de6:b8f5:ae09%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.140(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, 28 August 2016 5:29:49 AM
   Lease Expires . . . . . . . . . . : Sunday, 28 August 2016 11:04:18 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.101
   DHCPv6 IAID . . . . . . . . . . . : 59265838
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-38-93-AD-E8-E0-B7-17-A8-52
   DNS Servers . . . . . . . . . . . : 192.168.2.101
   NetBIOS over Tcpip. . . . . . . . : Enabled

 Lets look at the end result:
Now this for me had to appear when i typed the search into google.com on any pc. I am in australia so I need to adjust the entry for google.com and also google.com.au, you may need to do the same adjustments for your own country.

To make this work, I tried adjusting the CNAME entries, without obtaining the desired results, so I just setup the A records and overrode the IP to the google safesearch one - 216.239.38.120. Now of course if google ever changes this, some network reconfiguration will be required.

So on my synology, add in a new www.google.com master zone (don't do a google.com zone as all sorts of things will break, like mail.google.com etc). Do the same for your country's TLD.
Create an A type record
Then check with a ping on your system.

  C:\Users\..> ping www.google.com.au 

Pinging www.google.com.au [216.239.38.120] with 32 bytes of data: 
Reply from 216.239.38.120: bytes=32 time=53ms TTL=51 
Reply from 216.239.38.120: bytes=32 time=54ms TTL=51 
Reply from 216.239.38.120: bytes=32 time=53ms TTL=51 
Reply from 216.239.38.120: bytes=32 time=53ms TTL=51  
Ping statistics for 216.239.38.120: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 53ms, Maximum = 54ms, Average = 53ms 

Now go to google.com enter your search and check you are getting safe results.

Comments