Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Creating CNAME Using Orbi to Enforce Google.com SafeSearch

SparkyNuts
Aspirant
Aspirant
‎2023-02-20 08:16 AM
‎2023-02-20 08:16 AM

Creating CNAME Using Orbi to Enforce Google.com SafeSearch

I saw a couple older posts from 2017/2018 saying the following was not possible.

 

Is it still impossible, using Orbi, to force  all devices on my home network to go to forcesafesearch.google.com?

 

 

https://support.opendns.com/hc/en-us/articles/227986807-How-to-Enforcing-Google-SafeSearch-YouTube-a... 

 

1. Add a new CNAME record on your local DNS server for your local Google domain(s) pointing to forcesafesearch.google.com. For this example, we will be using www.google.com. Create a CNAME record for www.google.com that points to forcesafesearch.google.com.

 

2. Clear your DNS cache of the saved www.google.com record.

 

3. Make a new search and you should be prompted that SafeSearch is enabled. As long as this CNAME record is in place, SafeSearch will be enforced on the network.

 

An example configuration on Windows Server 2012 can be seen below for the A-Record equivalent. For the CNAME, create a CNAME record pointing www.google.com to forcesafesearch.google.com. 

You may need to add a www.google.com zone and provide an A record override for www.google.com to 216.239.38.120 (forcesafesearch.google.com) depending on your DNS server setup. 

SparkyNuts_0-1676909621857.jpeg

 

**If you have a Virtual Appliance or Roaming Clients, you must also add www.google.com to the internal domains list**

That's it. Your network is now configured to enforce SafeSearch for all computers utilizing your local DNS server. To confirm it's active, the first time you visit google.com, a message will appear on the top of the screen confirming SafeSearch is force enabled. 

Message 1 of 3
0 Kudos
Reply
microchip8
Master
Master
‎2023-02-20 08:59 AM
‎2023-02-20 08:59 AM

Re: Creating CNAME Using Orbi to Enforce Google.com SafeSearch

it's not possible.

CNAME is a feature of multicast DNS servers, not of router DNS "servers" that just pass on the request to the specified, real DNS server upstream.

If you're talking about Window's DNS server, this is out of scope on this support forum.

Message 2 of 3
Reply
CrimpOn
Guru Guru
Guru
‎2023-02-20 01:05 PM
‎2023-02-20 01:05 PM

Re: Creating CNAME Using Orbi to Enforce Google.com SafeSearch

My sense is that nothing has changed about the way Orbi routers process DNS.  There is no method for the user to create DNS definitions for devices on the LAN or to create a CNAME entry.

 

All the user can do is specify which DNS services the Orbi will forward DNS queries to. OpenDNS, for example, has a "free" feature which allows users to specify search criteria. https://www.opendns.com/home-internet-security/ 

CrimpOn_0-1676926831713.png

Modern web browsers have settings to regulate content.

 

Some Orbi owners report implementing Pi-hole (or pfSense) servers to handle DNS. Both of these are capable of creating the DNS entries described in those articles.  The Orbi DNS is pointed to Pi-hole to resolve DNS and Pi-hole takes it from there.

 

The key in all this is that any user can simply modify the network settings on any specific device to use whatever DNS service they want.  And thus by-pass these controls.

Message 3 of 3
Reply
Top Contributors
See All
Discussion stats
  • 2 replies
  • ‎2023-02-20 08:16 AM
  • 629 views
  • 2 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7