The idea of DNS redirection isn’t new by any means.  Yesterday’s announcement by Google that they were redirecting their DNS entry for Google.cn to Google.com.hk is a perfect example of how users and content can be easily directed across the net.

That brought up the question last night of how effective DNS is at content restriction which is the ultimate goal of the Chinese regulators.  Over the last year or so, I’ve moved both my home and work DNS provider to OpenDNS.com.  For those who haven’t looked at this service, it is a very simple and effective way to filter content on your network.  While there are commercial products such as NetNanny, CyberFilter, Cyber Control and others, they all require a certain amount of infrastructure, deployment resources and management.  OpenDNS has the virtue of being truly in the cloud.

That is sort of important as we move towards a virtual architecture with staff located everywhere.  Most of the other products require that you redirect all your traffic to your host network via VPN for filtering, or install a heavyweight client that does the local filtering.  Traffic redirection sort of defeats the purpose and slows down things for users who are mobile.  These solutions also fail to work well with IPhones, Blackberries and other mobile devices.

By simply assigning a fixed DNS provider for all your devices, you can essentially filter any type of content.   Best of all since the content filtering is crowd sourced, you gain access to the latest site lists in real time.  OpenDNS is not limited to porn filtering.  Based on a number of distinct categories, you can essentially filter content by user group on a wide variety of subjects.  While most of your users may not need access to Bit-torrent sites, there may be a few of your IT staff who do.  Same with file sharing sites that may be of interest to your executive or sales staff.  Best of all is the phishing and live malware filters.  Even if a workstation gets compromised, you can prevent the malware from ever reaching the command-and-control site that would launch or receive the payload.

While not for every use case, the ability to setup and effectively start offering content filtering to your users in under 5 minutes, for free, sort of makes this a no brainer.  Highly recommended.