Easy Way to Block Adult Sites use DNS in Mikrotik

Blocking Adult Sites Easy in Mikrotik
Creating a healthy internet atmosphere is important. Especially if the stout client of our network is children or school children who can not access adult content. The problem is, a lot of adult sites are circulating on the internet. This will make a headache if we have to block his site one by one.

To be able to block certain sites or content on the internet on Mikrotik can be done by:
1. Web Proxy
2. Static DNS
3. Firewall

Blocking certain sites using Web Proxy I’ve discussed here:
How to Block a Site Using Web Proxy MikroTik

So also with blocking sites with Mikrotik Firewall.
Blocking Facebook using Layer 7 Mikrotik Protocol

Both should include a list of sites that will be blocked manually one by one. This would be very inconvenient if the number of sites to be blocked to hundreds or even thousands. Another obstacle is we do not know what sites should be blocked.

Well, therefore the suitable solution is to use DNS Static. In this case, we can use Free DNS from Nawala or OpenDNS that has filtered malicious content. So we no longer need to bother with manual filter all the malicious sites.

The trick is very easy, please log in to Mikrotik via Winbox.

1. If you are using DHCP Client, for example using internet from speedy or GSM modem then you should disable the ” Use Peer DNS ” feature
Go to IP menu -> DHCP Client -> Open its DHCP client -> uncheck ” Use Peer DNS ”

2. Go to IP menu -> DNS -> Enter the DNS Server in the Servers field -> check Allow Remote Request

– Newsletter DNS (free without registers):
180.131.144.144
180.131.145.145
– DNS OpenDNS (free register first) -> opendns . com

The difference is if using DNS Newsletter if logged in to a blocked site message appears but can not be replaced. As if OpenDNS can we enter a specific message as desired in the first picture above.

In addition, if we use DNS Nawala we cannot add or subtract blocked sites, whereas if using DNS OpenDNS can be set any sites that want to be blocked. But if using OpenDNS must register first.

3. After replacing its DNS, do not forget to Flush its DNS Cache. In the DNS Settings menu -> Cache -> Flush Cache

or can use the command:

ip dns cache flush

4. Perform flush DNS cache also on windows with command in CMD:
ipconfig / flushdns

Well, now anyone accessing adult content will be blocked by the DNS server. But the problem is, what if the client to change his DNS address manually eg page google DNS 8.8.8.8? This will make this blocking a waste.

Now the question is, how to prevent the client to change the DNS manually for example to 8.8.8.8? How to force the client to use DNS from our Mikrotik.