My mom gave my First Grader a Windows laptop for Christmas so I have now joined the club of parents wondering how to keep my child save on the web. There is a lot to consider here, not the least of which is whether a 6-year-old should even have access to the web or a PC. We have some grave doubts but like most other parenting issues we are approaching it with foolish optimism that we can somehow manage it to her benefit and still retain our sanity.

We have a little experience with this from a previous mom-purchased Kano kids computer on which our daughter went straight to YouTube and the video for Meghan Trainor’s “All About That Bass”, which we consider inappropriate for our six and two year olds. Unfortunately, we didn’t figure that out until after the lyrics had been imprinted and the two-year-old no requests daddy to play, “Ba Ba Ba Bass” on the radio pretty much every day. There is a lesson here that ANY unsupervised exposure can lead quickly to what Mr. Banks from Mary Poppins would refer to as, “disorder, catastrophe, anarchy. In short you have a ghastly mess.

Whitelisting / Blacklisting

There are two general strategies for locking down a computer, the most common is Blacklisting which identifies undesirable sites and prevents access to them. The other strategy is Whitelisting, which, conversely, identifies acceptable sites and allow access ONLY to those sites. Whitelisting is considerably more restrictive and in my opinion more desirable but is significantly harder to implement and manage. For practical reasons my technical approach is to use Blacklisting but I am setting it up in a way that has the effect of Whitelisting.


I don’t care for adding extra software to the computer. There are a number of good products out there for this, I’ve used Covenant Eyes before and I think it’s pretty good, there are others. But adding software to the computer means that I have to manage it if it breaks and it’s just one extra thing to go wrong on a Windows 10 computer which you really don’t need. So, instead, I decided to use OpenDNS VIP Home. Let me tell you right now that this is bloody hard to set up. The interface for the home version appears to be the same as for the business version of the product so they drop you into an interface where they expect you to be an IT professional. Non-IT-centric parents might prefer the OpenDNS Family Shield which is free and should require less set-up.

What OpenDNS does is control where a computer can go on the internet by controlling the addresses that the computer is able to look up. For example, if you put “” into your browser’s address bar, your computer first goes out to something called a DNS Server and asks it to convert to an address the computer understands. That address looks something like,  “”. The DNS Server sends this number to your computer and then it takes you to that address, which is the Google site and now you’re on Google. The computer does this for every website and URL that you try to reach. Using OpenDNS, I can control what addresses are returned by the DNS Server, so if my daughter types in “”, OpenDNS will return a proper machine-readable address and she can watch Caillou for as long as I can stand hearing him in the background. But if she types, which is on the restricted list, all she gets is a page that says that address is restricted.

Initially, I tried to do this all with Whitelising, which the VIP Home version allows you to do. But, there are problems with that because you can’t necessarily see all the web addresses that a site uses. For example PBS Kids uses and and some other ones as well.Iif you don’t whitelist every single URL used, the website won’t work correctly and figuring out all the ones it uses is tedious. I have up on that. Instead, I’m using the most restricting Blacklisting choice that OpenDNS offers and have added a few Whitelisted sites.

Changing DNS Servers

Now, to make this work, you have to make sure the machine you are restricting uses OpenDNS. The default on every computer is to use your ISPs DNS Server (Time Warner or Windstream in this market), so I had to change away from the default. There are 2 ways to do this, either in your router or on the target computer. Doing it in the router is generally considered more secure because it’s easier to prevent your child from changing it. However, my First Grader is not too tech-savvy yet, and I did not really want to extend these draconian restrictions to my computer and my wife’s so I only changed it in my daughter’s computer. Here is a good explanation on how to change your DNS Server.

My Walled Garden

Finally, after I had the DNS Blacklisting sorted out, I set up my Whitelisting as a sort of Walled Garden on the desktop. This involves taking advantage of my First Grader’s technical naivety, it will not work indefinitely and so I’ll eventually need a better approach. I created 4 icons on her desktop that lead to four websites that she is allowed to go to, PBS Kids, National Geographic Kids, a kids video site that I’ve forgot the name of right now, and the site for her school and online homework. As far as she knows, these are the sites that she can get to, I think it will take her a while to experiment with the limits of this.

From a practical perspective, my daughter can still type “Frozen” in the URL address bar, that will still trigger a Google search with a YouTube result, however, if she clicks on that result, the OpenDNS blacklist will prevent her from getting on YouTube.

I believe that has our environment sufficiently locked-down for now. Once school starts again, I’ll implement some time restrictions which can be done in the computer or on the router. I’ll be doing this in my router as I have found Windows 10 Parental Controls to be suspiciously intrusive, just like the rest of Windows 10.