BretFisher/gist:1790821

## gistfile1.txt
I'm a big fan of Dyn.com's free [Internet Guide][1] which takes all the work out of a content filter. NO SOFTWARE ON YOUR SERVERS.  I consider them a very trustworthy company since I've been buying their products for over a decade with no issues to speak of.

1. create an account on their site
2. setup a policy using their Barracuda engine for which categories you want to block
3. tell them your external static router IP so they know who you are
4. Change the forwarders on your internal DNS server (or router) to use their DNS IP's for lookups
5. All clients are blocked at the DNS level and it only took you an hour (at most) to setup

A savy user could change their DNS to use another Internet DNS but you could block that access on port 53 if your firewall has egress filtering.

A savy user could also access websites by IP but that would be a edge case that I wouldn't worry about.


  [1]: http://www.dyndns.com/services/dynguide/
	I'm a big fan of Dyn.com's free [Internet Guide][1] which takes all the work out of a content filter. NO SOFTWARE ON YOUR SERVERS. I consider them a very trustworthy company since I've been buying their products for over a decade with no issues to speak of.

	1. create an account on their site
	2. setup a policy using their Barracuda engine for which categories you want to block
	3. tell them your external static router IP so they know who you are
	4. Change the forwarders on your internal DNS server (or router) to use their DNS IP's for lookups
	5. All clients are blocked at the DNS level and it only took you an hour (at most) to setup

	A savy user could change their DNS to use another Internet DNS but you could block that access on port 53 if your firewall has egress filtering.

	A savy user could also access websites by IP but that would be a edge case that I wouldn't worry about.


	[1]: http://www.dyndns.com/services/dynguide/