Synology DNS to Force Google SafeSearch

I had been looking at improving the multi-device family based security within the network. Having two children increasing their use of the internet and differing requirements to my own.

I wanted to force google safe search to run by default on my network. I had already slotted in OpenDNS to protect a region of the network, but a recent childsearch when investigating chickens, and looking for cockerel but having been abbreviated to the first four letters produced results that werent wanted.

I wanted a network approach to force safesearch on. OpenDNS doesnt support this, but has an article around it here: How-to-Enforcing-Google-SafeSearch. I had a look at dnsthingy, but my router wasnt on the supported list, and it would also cost US$8 per month.

 I had a synology disk station in my network stack, which is always on, so seemed like a good opportunity to leverage its DNS capabilities. This article will assume that you have adjusted your network config to make your synology the nameserver, and I will write about that soon. The important thing is that your computers use the synology dns server, 192.168.2.101 in my case:

ipconfig /all
Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : homezone
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6230
   Physical Address. . . . . . . . . : 88-53-2E-A3-D6-67
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::315a:de6:b8f5:ae09%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.140(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, 28 August 2016 5:29:49 AM
   Lease Expires . . . . . . . . . . : Sunday, 28 August 2016 11:04:18 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.101
   DHCPv6 IAID . . . . . . . . . . . : 59265838
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-38-93-AD-E8-E0-B7-17-A8-52
   DNS Servers . . . . . . . . . . . : 192.168.2.101
   NetBIOS over Tcpip. . . . . . . . : Enabled

 Lets look at the end result:
Now this for me had to appear when i typed the search into google.com on any pc. I am in australia so I need to adjust the entry for google.com and also google.com.au, you may need to do the same adjustments for your own country.

To make this work, I tried adjusting the CNAME entries, without obtaining the desired results, so I just setup the A records and overrode the IP to the google safesearch one - 216.239.38.120. Now of course if google ever changes this, some network reconfiguration will be required.

So on my synology, add in a new www.google.com master zone (don't do a google.com zone as all sorts of things will break, like mail.google.com etc). Do the same for your country's TLD.
Create an A type record
Then check with a ping on your system.

  C:\Users\..> ping www.google.com.au 

Pinging www.google.com.au [216.239.38.120] with 32 bytes of data: 
Reply from 216.239.38.120: bytes=32 time=53ms TTL=51 
Reply from 216.239.38.120: bytes=32 time=54ms TTL=51 
Reply from 216.239.38.120: bytes=32 time=53ms TTL=51 
Reply from 216.239.38.120: bytes=32 time=53ms TTL=51  
Ping statistics for 216.239.38.120: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 53ms, Maximum = 54ms, Average = 53ms 

Now go to google.com enter your search and check you are getting safe results.

Comments

  1. Firstly, Thanks for all the helpful insights. i'd prefer to thanks for golf stroke stress on however connectedness taking part in a giant role in hosting trade. I appreciate your diligence. Keep posting new updates with us.

    Offshore dedicated server

    ReplyDelete

Post a Comment