XII. Firewall/Security Features

Restrict YouTube content on your network using LAN DNS

Products:
Vigor 2620Ln
Vigor 2760
Vigor 2762
Vigor 2765
Show all

Keywords:
content filter
content filtering
google
lan dns
Show all

DrayTek routers with firmware 3.8.0 and later have improved LAN DNS facilities, which allow for the use of wildcards and CNAMEs (Canonical Name Record, pointing one DNS hostname to another).

This can be used with Youtube to enforce Youtube's Restricted Mode stop restricted or adult content being viewed at the network level, so that any devices connecting through a DrayTek router configured to enforce this, will use it regardless of the configuration of the device connecting to the internet through the DrayTek router and any wireless access points connected to it.

The way this works is that Youtube has a specific hostname configured to enforce Youtube's Restricted Mode; "restrict.youtube.com". Access to this hostname stops Youtube from serving restricted content to this network, whether the client browser / device has Youtube's Restricted Content option enabled or disabled.

DrayTek routers with 3.8.0 and later firmware can use a CNAME to link access to one hostname to another, in this example, all access to "www.youtube.com" and other Youtube hostnames will be linked to "restrict.youtube.com" so that adult or restricted content cannot be viewed on Youtube.

Please note that this method enforces Restricted Mode on Youtube for all devices on the network attached to the DrayTek router. This facility operates at the DNS level of the router and because of the DNS proxy of the router, the enforcement of this will work with any DNS server set on the client machine.


This requires making five LAN DNS entries, with the following DNS hostnames:

  • www.youtube.com
  • m.youtube.com
  • youtubei.googleapis.com
  • youtube.googleapis.com
  • www.youtube-nocookie.com

To configure this, go to [Applications] > [LAN DNS / DNS Forwarding]:

Select an un-used Index entry on that page by clicking the number link.


In the first LAN DNS entry (LAN DNS Entry 1):

  • Tick Enable
    • Profile Name: Youtube1 (or any other suitable name, this is only for reference)
    • Domain Name: www.youtube.com
    • Click the Add button to make the CNAME field appear and set:
    • CNAME (Alias Domain Name): restrict.youtube.com

Click OK to save that LAN DNS Entry.

Create the remaining LAN DNS Entries with these settings:

  • LAN DNS Entry 2
    • Profile Name: Youtube2 (or any other suitable name, this is only for reference)
    • Domain Name: m.youtube.com
    • Click the Add button to make the CNAME field appear
    • CNAME (Alias Domain Name): restrict.youtube.com
  • LAN DNS Entry 3
    • Profile Name: Youtube3 (or any other suitable name, this is only for reference)
    • Domain Name: youtubei.googleapis.com
    • Click the Add button to make the CNAME field appear
    • CNAME (Alias Domain Name): restrict.youtube.com
  • LAN DNS Entry 4
    • Profile Name: Youtube4 (or any other suitable name, this is only for reference)
    • Domain Name: youtube.googleapis.com
    • Click the Add button to make the CNAME field appear
    • CNAME (Alias Domain Name): restrict.youtube.com
  • LAN DNS Entry 5
    • Profile Name: Youtube5 (or any other suitable name, this is only for reference)
    • Domain Name: www.youtube-nocookie.com
    • Click the Add button to make the CNAME field appear
    • CNAME (Alias Domain Name): restrict.youtube.com

Once completed, the list of LAN DNS entries should look like this:


With the router's LAN DNS configured in this way, any new DNS lookups for Youtube will apply the restriction. If this does not take effect, try clearing the DNS cache on the device / PC.

When accessing Youtube, the settings at the bottom of the Youtube page should show this indication that Restricted Content cannot be displayed by devices and PCs connected to the DrayTek Vigor router's network:

How do you rate this article?

1 1 1 1 1 1 1 1 1 1