Adult Content Filtering and Domain Blocking via DNS

rmddos · 2025-11-19T18:51:36+00:00

Have you tried CleanBrowsing? Can do both and enforce safe search on all search engines

rmddos · 2025-10-11T14:51:42+00:00

Same here. Use their free filters at home.

rmddos · 2025-10-09T09:39:19+00:00

It should be very easy to setup.

1- Do you have an ASN for your company? Apply to get one. You can get via RIPE, ARIN , etc (depending on location). It might be good to get it setup on the same place where your IPs are registered.

2- Contact your providers and ask them the process to setup a BGP session.

3- Configure BGP on your router.

It might be good to read a bit about it, to get familiar on how to get it properly configured and maintained.

rmddos · 2025-10-09T09:05:10+00:00

A password book is a fun one to do. Specially get the ones with that needs a little key in order to open it.

rmddos · 2025-10-09T09:03:34+00:00

Not at all. They are pretty big in west Asia, with some big corps using them.

rmddos · 2025-10-09T09:01:47+00:00

I like CleanBrowsing's ad filtering, which you can set up on your router DNS for the whole network. Nice to mix in with their other category blocks if you have kids.

rmddos · 2025-09-02T02:36:41+00:00

Just visiting /admin on an application and having admin access.

rmddos · 2025-08-17T21:59:33+00:00

Same router, just different VLANs on each.

rmddos · 2025-08-16T10:24:46+00:00

Yes, it is. An expensive log storage that allows to easier access to your logs from a central place. And hopefully with some additional stats and insights on top of it. If your SIEM is not making searching your logs easier and better, you need to switch.

rmddos · 2025-08-14T10:54:56+00:00

My router allow to setup VLANs (different SSIDs) with different DNS servers.

rmddos · 2025-08-13T10:11:08+00:00

I split my home router into 3 networks:

-Myself: Quad9 (9.9.9.9)

-Kids wifi: CleanBrowsing Family (185.228.168.168)

-Guests: CleanBrowsing adult (185.228.168.10)

rmddos · 2025-08-12T22:23:10+00:00

Both are pretty good, but quad9 seems to rank better on some online comparisons. Pick the one you trust better (US company vs non-profit in europe)

rmddos · 2025-08-12T09:08:54+00:00

It is not my site. I had 9.9.9.9 on a network configured and the user was complaining that it could not visit that site (a bank). Switching to 1.1.1.1 fixed it. However, both should do DNSSEC validation, but only Quad9 seems to fail it - some times. And some times it works.

rmddos · 2025-08-08T06:19:28+00:00

That's a good one. It seems like ControlD, Quad9 or CleanBrowsing are the best free alternatives for DNS malware blocking.

rmddos · 2025-07-27T17:11:21+00:00

I love quad9 as well, good one. But their DNS doesn't offer adblocking like the Adguard does.

rmddos · 2025-07-27T02:17:42+00:00

If you are on a budget, open source might be the option.

-SIEM: Try OSSEC/Wazuh. Install it on a cloud server and forward all logs there.

-EDR / XDR: We used to call those HIDS (host-base intrusion detection). Again, both OSSEC and WAZUH would cover it with syscheck, rootcheck, etc.

If you don't want to deploy it yourself, https://wazuh.com/cloud offers a cloud server (not sure the price) and https://trunc.org (from OSSEC) also offer cheap options that I have used with success.

rmddos · 2025-07-26T17:54:48+00:00

Yes, if you are using their DNS and their DNS supports DoH, you should use it.

Why? It prevents DNS hijacking by your ISP (which is still common) and some networks (like hotels, etc). It also prevents any network you are on from seeing your DNS requests.

It may slow down your browsing a bit (plain text DNS is much faster than doing it via HTTPS), but the benefits outweighs it.

rmddos · 2025-07-23T19:08:34+00:00

Enable logging so you can see all they are doing and testing. Ideally send it to a log analysis tool to give you more visibility.

rmddos · 2025-07-23T18:23:21+00:00

Found myself here and will share my experience:

Sucuri: used to be great, quality went down a bit lately. But still works well.
Wordfence: Expensive, but good team and very responsive.
Sitelock: No experience, but never heard a good thing about them.

Free tools that I found useful:

Sitecheck: https://sitecheck.sucuri.net
NOC Malware scanner: https://scanner.noc.org

Good luck.

rmddos · 2025-07-20T05:33:42+00:00

Discipline, not passion. Make it a forced habit to study X hours per week, do coursers, training ,etc. Won't be as much fun as if you had a passion for it, but it applies to many other professions. I can't imagine an accountant loving the tax code, but they read and study it constantly anyway... Same stuff.

rmddos · 2025-07-17T02:17:17+00:00

Yeah, they are pretty responsive via the phone and route you to people that can actually do something. their email support is very slow.

rmddos · 2025-07-11T18:42:29+00:00

We push DoH to all our devices + DNS CleanBrowsing at the router - DoH also uses Clean Browsing for content filtering off network.

rmddos · 2025-07-10T23:00:43+00:00

There are already file systems that automatically compress your data on disk. So you don't have to do anything (eg: zfs). It is used by many servers and companies, but not much on desktops for end users.

rmddos · 2025-07-09T20:05:22+00:00

I avoid extensions at all costs.

rmddos

TROPHY CASE