Menu
Reply
  • 3
  • 0
  • 0
Elephant890
Joining in
4,424 Views
Message 1 of 7
Flag for a moderator

Kids bypassing child safe by altering dns

Hi there. After help pls, and as simple as poss as I'm a tech dummy!
Git virgin 3.0 hub. Logged in. Changed passwords. All family devices a reconnected. Now kids change dns settings on iphone and iPads to 8.8.8.8, they don't even have to re enter a password and straight away they can bypass child safe. When they set it back, again they don't need to re enter password for wifi so they can switch back and to as and when they chose.
Any suggestions at either device level or (preferably) router level that I can. Implement to preens them being able to change dns so that in effect they are forced down channel if being blocked??! Thank you!
0 Kudos
Reply
  • 1.24K
  • 64
  • 218
Adduxi
Knows their stuff
4,419 Views
Message 2 of 7
Flag for a moderator

Re: Kids bypassing child safe by altering dns

Sounds like you will have to implement some sort of Parental Controls on the iPhones and iPads. ?

This would, I assume as I don't have any Apple products, stop unauthorised changes to DNS on the local devices.

0 Kudos
Reply
  • 3
  • 0
  • 0
Elephant890
Joining in
4,413 Views
Message 3 of 7
Flag for a moderator

Re: Kids bypassing child safe by altering dns

There is an option on iPhones for restrictions but it doesn't prevent changes to wifi. And for a few reasons I was hoping just t be able to do it at router level to block them all in one go as they are always swapping and changing gadgets, plus friends gadgets etc. So thought router level would mean all done in one. Thanks for the reply.
0 Kudos
Reply
  • 1.24K
  • 64
  • 218
Adduxi
Knows their stuff
4,382 Views
Message 4 of 7
Flag for a moderator

Re: Kids bypassing child safe by altering dns

If the DNS settings are changed on the local device, e.g. iPad, any DNS settings on the Router will be ignored.

Local DNS has priority over the DNS settings in the Router.

  • 8.24K
  • 512
  • 2.26K
Superuser
Superuser
4,364 Views
Message 5 of 7
Flag for a moderator

Re: Kids bypassing child safe by altering dns

If they know enough to change DNS settings to route round your block, they likely know enough to use other means. Blocking it at router OR device level is unlikely to work.

Time for a sit down and explanation that internet access is a privilege not a right, and if they abuse it it will be withdrawn. And talk about what you find to be acceptable use.

I would then put some lightweight monitoring in place and let them know its there to keep an eye if you feel you need to. Education and enforcement is ALWAYS better than prohibition IMHO.

 

 


  • 39
  • 0
  • 6
BaldrickBravo
On our wavelength
4,298 Views
Message 6 of 7
Flag for a moderator

Re: Kids bypassing child safe by altering dns

I'd put a firewall in - you can block DNS traffic to any servers other than your designated DNS servers. And that's for starters.

But, I think it's much netter to give kids enough rope to hang themselves with, otherwise they never learn. The firewall should record every IP they visit and could even be configured to go further, capturing requests etc.

Setting up a firewall can be done for relatively little outlay. It's the knowledge you need that's the tricky part. It's not rocket science or brain surgery - how much spare time do you have to set this up? Better still, how old are the kids? It is something they could be involved in...

0 Kudos
Reply
  • 4
  • 0
  • 0
Willott
Joining in
4,250 Views
Message 7 of 7
Flag for a moderator

Re: Kids bypassing child safe by altering dns

I'm going to leave this suggestion here for the Forum Team to pick up and put forwards as a suggested development:

You already have some form of internet security - could I suggest that when kids safe (or whatever it's called) is turned on, it blocks outbound access to DNS as well (done at network level upstream means end users don't need to become technical), with an option to turn just DNS blocking off or kids safe off completely (which would turn off DNS blocking as well).

As others have suggested, communication with your kids is a good start - what are they wanting to go on that is blocked, and discuss discuss why it may be blocked. As others have said it's quite difficult to block kids accessing through various other means, and logging IPs only gives part of the picture - you really would be looking at an appliance capable of HTTPS interception, web filtering based on content and url, Application layer filtering, Firewall, etc etc all of which take processing power, data storage, and a lot of administration.

0 Kudos
Reply