I have been using DDWRT for years and am making the switch to MikroTik at the recommendation of a friend. I hope to have my new router (RB951G-2HND) this week from Amazon. My main concern with kids in the house is forcing google/youtube safe search and blocking porn. Right now I use a combination of OpenDNS and DNSmasq/iptables to filter what comes into my house. I’m excited to see that MikroTik DNS entries support Regex. I am far from a Regex expert. I have read several posts here and elsewhere on accomplishing this. Much of the information is outdated and or makes no sense to me. Google’s official recommendations as of this post are these:
https://support.google.com/websearch/answer/186669?hl=en
https://support.google.com/a/answer/6214622?hl=en&visit_id=0-636443771225002587-2159657012&rd=1
If you notice the list of all TLD/subdomains is quite large. I am putting my DNS script together and was just wondering if this looks reasonable?
/ip dns static
add address=216.239.38.120 comment=safesearch regexp="^(www|images|encrypted).google(\.[a-z][a-z][a-z]?)(\.[a-z][a-z][a-z]?)?$"
add address=216.239.38.119 comment=youtubemoderaterestrict name=www.youtube.com
add address=216.239.38.119 comment=youtubemoderaterestrict name=m.youtube.com
add address=216.239.38.119 comment=youtubemoderaterestrict name=youtubei.googleapis.com
add address=216.239.38.119 comment=youtubemoderaterestrict name=youtube.googleapis.com
add address=216.239.38.119 comment=youtubemoderaterestrict name=www.youtube-nocookie.com
Also, as a warning to anyone reading this. I learned that if anyone installs DNSCrypt on their computer, they can easily bypass your DNS rules as DNSCrypt uses localhost as the DNS resolver then goes over ssl other than port 53. I use iptables to block all the known DNS resolvers https://gist.github.com/lenage/f5aaf57dd24543c7aeff239ab316a703
Teenagers are very resourceful…