Hi - I manage my small children's internet access using the client + group assignment feature.
Whenever my children ask me for unrestricted internet access (eg to play a game online), I have to manually change the group their client has been assigned to.
Life would be much simpler if I could automate such changes whereby I could tell to my children that they have unrestricted access from 5-6pm and only at that time.
Examples of automation:
- allow CRON system script to change groups (personally preferred as all required flexibility is already there)
- build such a feature within pi-hole
Many thanks in advance for your consideration!
Your request is somewhat broader, but as you mention your kids:
DNS blocks can play a (minor) part in parental control strategies, but they do not exactly lend themselves to time-based controls, and they won't obsolete other network-wide and on-device measures - and certainly neither non-technical, more important educational measures.
Specifically, by-passing your blocks is as easy as changing the DNS server on the device (or switching to mobile data if its a smartphone).
Kids tend to find out how to do that sooner or later.
Even if Pi-hole is in place as DNS server, a client may cache sucessfully resolved DNS records until that record's TTL expires.
Your block then won't be effective until it does and a client requests DNS again.
TTLs vary by domain individually and may be minutes, hours, days,...
And even if a TTL is as short as five minutes, it doesn't mean a client will request DNS resolution again once the record expires. All that happens is that the DNS record will be removed from your device's cache.
It's the software on a client that decides when it requests a domain to be resolved, e.g. if a game would only use a domain once to load a complete level, it may have no reason to request DNS resolution again until another level is needed.
Meanwhile, your kids may happily play through that level for hours.
You'll have a somewhat hard time exercising time-based access control by DNS means only.
Agree on the theory, which I’m familiar with.
From an empirical PoV, after years using pi-hole, I have concluded that the approach, while technically imperfect, just works. When I ‘cut’ the internet, my kids notice (and alert me) almost immediately, whether using a laptop, tablet, mobile or console.
I could and probably will need to install a firewall at some point but until then I can deal with the simple effectiveness of DNS filtering.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.