OpenDNS, a free and useful layer of defence for your Mac

Many people switch to Macs simply because they’re fed up with the constant fight against viruses, trojans, spyware and the like on their Windows PC, and it’s fair to say that as a general rule Macs aren’t yet the victims of such attacks (notwithstanding recent reports of trojan infected pirate copies of Adobe CS4 and iWork ’09). However, more and more computer criminals are switching to different ways to try and part hapless users from their money, or at least their data and ‘phishing’ scams are proliferating everywhere.

Add to this the increasing amount of stuff on the internet you’d like to avoid, or perhaps protect your kids from, and you start to feel that a little help in this department might not go amiss. Ok, now here’s a quick techie lesson – the whole ‘internet access’ thing revolves around something called DNS (Domain Naming System) and it’s basically some behind the scenes trickery that translates web addresses that you and I can understand (and even remember) into the strings of numbers that computers use to find each other. So, you type in and DNS translates that into something like 123.456.789.012. Doesn’t matter what web address you enter, DNS will translate it (if it exists) and you’ll get your web page. Now the important thing here is – DNS isn’t fussy. It doesn’t care if you have young children in the house, it doesn’t care if some crook sets up a spoof website to trick you out of your ATM card PIN number, it just lets you see the web – warts and all!



So it stands to reason that if this DNS service is helping you get these web pages, then it could also help you by filtering out web pages that you don’t really want to see. Now there are various ways to do this, but by far the easiest way is to use a DNS service that already knows about all sorts of web pages that people might want to avoid. Enter OpenDNS. It’s a free service that already knows about tens of thousands of web sites and has categorized them into ones that are ‘safe’ or are associated with the not so nice side of the web, like… phishing sites, sites loaded with trojans and other malware, pornography sites, the list goes on. The principle is that you use OpenDNS and you tell it what categories of things you want to avoid. It then makes sure that if you deliberately or even unintentionally enter a web address that falls into one of your chosen categories, it politely blocks the request and lets you know. Result – you don’t stumble upon something you’d rather not see.

So how do you get your Mac to use OpenDNS rather than your ISP’s own DNS? Well there are two ways – you either tell your Mac to use OpenDNS (in which case it’s only the Mac you configure that’s protected), or better still, you tell your router to use OpenDNS. If you choose the router option, then every Mac (or PC or even Linux machine) can be protected in one go. Here’s how to set up the two options in a little more detail:

Configuring your Airport Extreme Base Station to use OpenDNS

  1. Go to your Utilities folder and launch the Airport utility.
  2. You’ll be greeted with an initial screen showing you your Airport Base Station (or a list if you’ve got more than one).
  3. Select your Airort device and click on the Manual Setup button.
  4. Click on the Internet tab.
  5. In the two boxes to the right of where it says DNS server(s) make a note of any values currently shown (just in case it doesn’t work).
  6. Now enter the following values in those two boxes. Enter in the first box, and in the second box.
  7. Finally click on the Update button and once the Airport has restarted itself you’re done.

Note, take no notice of the other settings you see on my Airport Extreme configuration screen, I’m currently using mine in ‘Bridge’ mode so my other settings may well be very different to yours.

Configuring an individual Mac to use OpenDNS

  1. Go to System Preferences and click on Network.
  2. Now choose the network interface that you use to connect to the web. This might be either a wired ethernet connection called something like ‘Ethernet 1’ or a wireless connection called ‘Airport’.
  3. If there’s already a value in the box next to where it says DNS Server, make a note of it, then delete it.
  4. Now click on the Advanced button and then choose the DNS tab.
  5. Under the large white box below the label DNS servers, click on the ‘+‘ sign and enter then hit Enter.
  6. Click the ‘+’ sign again and enter the second DNS server address as and hit Enter again.
  7. Finally click on the Apply button and close your System Preferences.

Don’t worry if all this sounds a bit daunting or if you’ve got a different router. The principles are the same and the OpenDNS web site has examples of how to change the DNS settings for a wide variety of routers.

Airport OpenDNS settings

Airport OpenDNS settings

Now you’ve configured your router or your Mac to use OpenDNS, the only task that remains is to tell OpenDNS what sort of websites you’d like filtered out. For this you go to the OpenDNS website and you’ll need to create a free account. Having done that, you log in to the OpenDNS website and choose Dashboard and then Settings. On the settings screen it is all pretty intuitive. You can chose from various pre-configured settings (High, Moderate, Low, etc.) or you can create your own custom settings and choose to block certain categories of website, or even individual websites. Once done, just save your settings.

Individual Mac OpenDNS settings

Individual Mac OpenDNS settings

Now you’ve set up your Mac or router to use OpenDNS, and you’ve told OpenDNS what you don’t want to see, but there’s

one final piece in the jigsaw puzzle. If you don’t have a static IP address, then how does OpenDNS know where you are and how to apply your settings to you? Well you could just log in to the OpenDNS website when you start your Mac but that would be a bit of a pain. Why not run a little utility that does it all for you? I use a free utility called OpenDNS Updater and I put it in my Login Items so that it launches every time I switch on my Mac. Just give it your login details for OpenDNS and it does the rest.

At this point you’re probably thinking his sounds too good to be true and that there’s got to be a catch. Well no, there isn’t. Does it slow down access to the web? No, not as far as I can see. What about cost – is OpenDNS really free? Well the free home service is paid for by sponsored links, but you’ll only ever see them if you enter a non-existent web address and then all you see is an OpenDNS page telling you the website doesn’t exist rather than a default page telling you the same thing.

The only time you'll ever see sponsored links is if you enter a non-existent web address

The only time you'll ever see sponsored links is if you enter a non-existent web address

So there you have it. It’s safe, it’s free, it’s unobtrusive and it works with Macs, Windows PCs and even Linux PCs, so here’s to safer surfing!

One Response

  1. I’ve been using OpenDNS for well over a year now and really love it! We have almost 10 PCs on our home network and it protects every single one of them…for free! Good work here!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: