DNS Safe Search
DNS Safe Search
Introduction
DNS Safe Search is a feature designed to enhance content filtering on firewalls by automatically enforcing safe search mode on popular search engines. This feature ensures that inappropriate or adult-oriented content is filtered out when users perform web searches. DNS Safe Search is currently available on firewalls and not yet supported on security routers.
How DNS Safe Search Works
DNS Safe Search works by intercepting DNS queries from client devices and redirecting them to safe search versions of search engine websites. This process ensures that the safe search feature cannot be disabled by the client browser.
Types of Safe Search
There are two primary types of safe search implementations:
- DNS Safe Search:
- Mechanism: Intercepts and spoofs DNS queries of search engines to redirect users to safe search domains.
- Supported Engines: Google, YouTube, and Bing.
- SSL Inspection Safe Search:
- Mechanism: Uses SSL inspection to modify HTTPS responses from search engines, adding safe search parameters to the URL.
- Implementation: Found on on-premise firewalls.
Advantages and Disadvantages
DNS Safe Search
Advantages:
- Minimal Performance Impact: Enabling DNS Safe Search does not significantly affect network performance.
- Ease of Implementation: Requires no additional setup on end devices.
- Automatic Redirection: Users are automatically redirected to safe search domains.
Disadvantages:
- Requires Unencrypted DNS Queries: Cannot intercept encrypted DNS queries (DNS over TLS or HTTPS).
- Limited Search Engines: Currently supports only Google, YouTube, and Bing.
SSL Inspection Safe Search
Advantages:
- Intercepts Encrypted DNS Queries: Can intercept and modify encrypted DNS queries.
- Comprehensive Filtering: Can apply safe search settings more broadly.
Disadvantages:
- Performance Impact: SSL inspection can reduce network performance.
- Complex Setup: Requires importing valid certificates on end devices to avoid browser warnings.
Enabling DNS Safe Search
To enable DNS Safe Search, follow these steps:
- Navigate to Content Filtering: Go to the content filtering section in your firewall's configuration interface.
- Create a Profile: Click on the "Add" button to create a new content filter profile.
- Enable DNS Safe Search: In the profile settings, enable the DNS Safe Search option. Optionally, enable "Restrict YouTube Access" to set YouTube to strict or moderate safe search.
- Select Categories: At least one content filtering category must be selected for the profile to be active. Avoid selecting "Streaming Media" if testing YouTube safe search to prevent blocking YouTube.
- Bind Profile to Security Policy: Apply the content filter profile to a security policy to enforce DNS Safe Search on specified traffic.
Additional Information
Handling Advanced Users
- Static DNS Configuration: Even if a user manually sets a static DNS server, the firewall intercepts all DNS queries that pass through it, ensuring safe search enforcement.
Verification
- Testing Safe Search: Perform a search using terms like "porn" to verify that explicit content is filtered out. The search engine should display a message indicating that safe search settings are controlled by an administrator.
Conclusion
DNS Safe Search is a powerful feature that enhances content filtering by ensuring safe search settings are enforced across supported search engines. This feature is easy to implement, has minimal performance impact, and significantly improves network safety by filtering inappropriate content.
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight