Forcing restricted mode for youtube and google search

[TheLyppardMan]

Excellent. Thank you.

 

[TheLyppardMan]

Unfortunately, it's not working. I've tried restarting dnsmasq and also rebooting the router, but no diifference. I'm uploading some images so you can see what I have added.

 

[Martineau]

Unfortunately, it's not working. I've tried restarting dnsmasq and also rebooting the router, but no diifference.

So check the contents of '/etc /dnsmasq.conf ' before and after you have issued 'service restart_dnsmasq' (No need to reboot!) to see if the contents of the dnsmasq.conf.add exist, and if file /etc /hosts contains the contents of hosts.add.

NOTE: Due to posting restriction, I have deliberately put a space in '/etc /hosts' so ignore the space in the directory tree if using the command line, but in WinSCP it won't matter!

 

[TheLyppardMan]

So check the contents of '/etc /dnsmasq.conf ' before and after you have issued 'service restart_dnsmasq' (No need to reboot!) to see if the contents of the dnsmasq.conf.add exist, and if file /etc /hosts contains the contents of hosts.add.

NOTE: Due to posting restriction, I have deliberately put a space in '/etc /hosts' so ignore the space in the directory tree if using the command line, but in WinSCP it won't matter!

Yes, they are all there (at the bottom of the original list).

 

[TheLyppardMan]

I've found the answer - I needed to make some additional changes: 1) Put the OpenDNS settings in on the WAN page; 2) Change the Parental Control settings to use "router." It's working now.

 

[Martineau]

Yes, they are all there (at the bottom of the original list).

OK, so I did the test as described in https://github.com/RMerl/asuswrt-merlin/wiki/Enforce-Safesearch

nslookup www.google.com

Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain
Name:      www.google.com
Address 1: 2a00:1450:4009:800::2004 lhr25s11-in-x04.1e100.net
Address 2: 62.24.208.147 host-62-24-208-147.as13285.net
Address 3: 62.24.208.185 host-62-24-208-185.as13285.net
Address 4: 62.24.208.177 host-62-24-208-177.as13285.net
Address 5: 62.24.208.173 host-62-24-208-173.as13285.net
Address 6: 62.24.208.172 host-62-24-208-172.as13285.net
Address 7: 62.24.208.162 host-62-24-208-162.as13285.net
Address 8: 62.24.208.187 host-62-24-208-187.as13285.net
Address 9: 62.24.208.166 host-62-24-208-166.as13285.net
Address 10: 62.24.208.170 host-62-24-208-170.as13285.net
Address 11: 62.24.208.151 host-62-24-208-151.as13285.net
Address 12: 62.24.208.143 host-62-24-208-143.as13285.net
Address 13: 62.24.208.181 host-62-24-208-181.as13285.net
Address 14: 62.24.208.158 host-62-24-208-158.as13285.net
Address 15: 62.24.208.155 host-62-24-208-155.as13285.net
Address 16: 62.24.208.157 host-62-24-208-157.as13285.net

You can try my method...

i.e. make sure hosts.add is empty and replace the CNAME junk in dnsmasq.conf.add with this:

# Google Safe Search but you need to add ALL of the possible country codes e.g. .fr,.de etc. :-(
address=/www.google.co.uk/216.239.38.120
address=/www.google.com/216.239.38.120

Bounce dnsmasq

service restart_dnsmasq
Done.

Redo the test..

nslookup www.google.com

Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain
Name:      www.google.com
Address 1: 216.239.38.120 any-in-2678.1e100.net

Simples!

 

[bennettg]

I've found the answer - I needed to make some additional changes: 1) Put the OpenDNS settings in on the WAN page; 2) Change the Parental Control settings to use "router." It's working now.

I am having the same trouble as you. Can you be more specific as to your answer......do you have a screen shot of how to put the OpenDNS settings in on the WAN page? Which tab on WAN? I see a tab for internet connection, etc. and within each tab, what field to I complete with opendns settings?

Likewise, how did you change the parental control setttings to use 'router"? I see tabs for parental controls and dns filtering...is it dns filtering and if so, what field in dns filtering? a screen shot would be helpful, thanks.

 

[Zirescu]

I am having the same trouble as you. Can you be more specific as to your answer......do you have a screen shot of how to put the OpenDNS settings in on the WAN page? Which tab on WAN? I see a tab for internet connection, etc. and within each tab, what field to I complete with opendns settings?

Yes, Internet connection - Under WAN DNS Setting, change Connect to DNS Server automatically to No and enter in the OpenDNS DNS settings in DNS Server 1 and 2. Click Apply.

Likewise, how did you change the parental control setttings to use 'router"? I see tabs for parental controls and dns filtering...is it dns filtering and if so, what field in dns filtering? a screen shot would be helpful, thanks.

Yes, DNS Filtering. Set the Enable DNS Filtering to ON. Change Global Filtering to Router. Click Apply.

 

[bennettg]

Yes, Internet connection - Under WAN DNS Setting, change Connect to DNS Server automatically to No and enter in the OpenDNS DNS settings in DNS Server 1 and 2. Click Apply.


Yes, DNS Filtering. Set the Enable DNS Filtering to ON. Change Global Filtering to Router. Click Apply.

Does this work if the user enters "https" instead of "http" when going to google, youtube, etc?

Thank you for your help.

 

[Zirescu]

yes - the DNS request will happen before the encryption.

 

[bennettg]

yes - the DNS request will happen before the encryption.

Thanks....I tried these settings and it is still not working. I flushed DNS on each device as well and it didnt make a difference. Is there more information I can provide to see if folks have other thoughts? If so, what information would be helpful. Thank you

 

[TheLyppardMan]

Thanks....I tried these settings and it is still not working. I flushed DNS on each device as well and it didnt make a difference. Is there more information I can provide to see if folks have other thoughts? If so, what information would be helpful. Thank you

Here are a some screenshots of how I have set mine up. I'm not sure whether I needed to use the "execute" command, but I did it anyway and then rebooted the router, after which everything was working fine (once I had put in the OpenDNS settings in the WAN tab and changed the DNS settings to use "router"). Note: I originally opted for the more complicated setup (explained further up this thread), but I have since opted for the simpler one file solution, but both worked equally well.

 

[bennettg]

Still no luck. My admin gui on the router looks slightly different than yours. For example, I dont have an option for "WAN IP Setting/GET the WAN IP Automatically" what version of merlin are you using?

 

[Zirescu]

That page should be there as it's been there for at least 3 or more years. @bennettg - can you post a screenshot of your WAN->Internet Connection tab?

 

[bennettg]

That page should be there as it's been there for at least 3 or more years. @bennettg - can you post a screenshot of your WAN->Internet Connection tab?

Yes. Attached here. Thank you.

 

[Zirescu]

Only difference is because of the Wan Connection Type setting, you've got it set to Automatic IP which is fine. TheLyppardMan is using PPoE so this is why he has the other settings visible. How are you testing?

 

[eric777]

This seems what you want https://github.com/RMerl/asuswrt-merlin/wiki/Enforce-Safesearch
Sent from my iPhone using Tapatalk

Does this trick still work with current firmware?

 

[JDB]

Is this trick Stiller work with current firmware?

Yea it should do. Though I personally am not using it so cannot say for definite.


Sent from my iPhone using Tapatalk

 

[eric777]

I have finally tested on the 384.8 firmware. It does not work for me.

RT-AC88U-C1E8:/jffs/configs# cat dnsmasq.conf.add
no-resolv
strict-order
server=208.67.222.123
server=208.67.220.123
address=/www.google.com/216.239.38.120
address=/www.google.fr/216.239.38.120
address=/explicit.bing.net/216.239.38.120
address=/www.yahoo.com/216.239.38.120
RT-AC88U-C1E8:/jffs/configs# service restart_dnsmasq
ok

RT-AC88U-C1E8:/jffs/configs# ping www.google.com
PING www.google.com (216.239.38.120): 56 data bytes
64 bytes from 216.239.38.120: seq=0 ttl=54 time=3.640 ms
64 bytes from 216.239.38.120: seq=1 ttl=54 time=3.553 ms
^C
--- www.google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 3.553/3.596/3.640 ms

DIEU@RT-AC88U-C1E8:/jffs/configs# ping www.google.fr
PING www.google.fr (216.239.38.120): 56 data bytes
64 bytes from 216.239.38.120: seq=0 ttl=54 time=3.717 ms
^C
--- www.google.fr ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.717/3.717/3.717 ms

RT-AC88U-C1E8:/jffs/configs#

on the router it works but not on the PC.

Here is the setting of the router:

 

[dave14305]

I have finally tested on the 384.8 firmware. It does not work for me.

on the router it works but not on the PC.

Is your PC configured to use the router IP as its DNS server?