XII. Firewall/Security Features

How to enforce Google SafeSearch on your network using LAN DNS

Vigor 2620Ln
Vigor 2760
Vigor 2762
Vigor 2765
Show all

content filtering
lan dns

DrayTek routers with firmware 3.8.0 and later have improved LAN DNS facilities, which allow for the use of wildcards and CNAMEs (Canonical Name Record, pointing one DNS hostname to another).

This can be used with Google's network to enforce Google's SafeSearch facility at the network level, so that any devices connecting through a DrayTek router configured to enforce SafeSearch, will use it regardless of the configuration of the device connecting to the internet through the DrayTek router and any wireless access points connected to it.

The way this works is that Google has a specific hostname configured to enforce SafeSearch; "forcesafesearch.google.com". Access to this hostname enforces SafeSearch on all Google searches and ignores whether the client browser / device has SafeSearch enabled or disabled.

DrayTek routers with 3.8.0 and later firmware can use a CNAME to link access to one hostname to another, in this example, all access to "www.google.*" will be linked to "forcesafesearch.google.com" so that all Google searches will have SafeSearch enforced.
Using a wildcard in the hostname makes it possible to enforce SafeSearch without needing to make a CNAME entry for every single Google Top Level Domain such as "www.google.co.uk" or "www.google.com", otherwise there would need to be a LAN DNS entry for all TLDs such as "www.google.co.uk", "www.google.co.jp" etc. This stops the SafeSearch enforcement being bypassed by using a different country's TLD.

Please note that this method enforces SafeSearch for all devices on the network attached to the DrayTek router. This facility operates at the DNS level of the router and because of the DNS proxy of the router, the enforcement of SafeSearch will work with any DNS server set on the client machine.

To set this up, go to [Applications] > [LAN DNS / DNS Forwarding]:

Select an un-used Index entry on that page by clicking the number link.

In the LAN DNS entry, tick Enable, give the Profile a suitable name and set the Domain Name to "www.google.*".

The wildcard facility is used so that we can use a single entry for all of the different Google Top Level Domains.

Click the Add button to make the CNAME field appear:

In that field, enter "forcesafesearch.google.com". The LAN DNS entry should now look like this:

Click OK to save the LAN DNS entry and it will take effect immediately when accessing Google.

Users accessing Google through a DrayTek router configured to enforce Google's SafeSearch will see this notification when accessing the Google. The end user will still have the option in Search Settings to disable SafeSearch but SafeSearch will remain enabled while they are connected to the DrayTek's network.

How do you rate this article?

1 1 1 1 1 1 1 1 1 1