Skip to main content

How To Enforce Google Safe Search And YouTube Restricted Mode On Your Network

 

How To Enforce Google Safe Search And YouTube Restricted Mode On Your Network

Updated: 27 Aug 2025

With the release of Technitium DNS Server v5, a new feature called ANAME resource record has been introduced. ANAME resource record implementation is similar to the IETF draft with respect to its core functionality that allows adding a CNAME like functionality to the zone root. Essentially, ANAME is similar to CNAME except that the authoritative DNS server resolves the A or AAAA records by itself and returns them.

The new release also adds Conditional Forwarder feature that can be combined with the ANAME feature to enforce Google's Safe Search or YouTube's Restricted Mode.

To configure Google's Safe Search, you need to add a new "google.com" Conditional Forwarder zone with "Use This DNS Server" option enabled. The "Use This DNS Server" option tells the DNS Server to forward all the queries to itself so that you do not need to configure any other DNS server as a forwarder. This option is useful in scenarios like the current one where you just need to override a few records for a particular zone but still wish that the other records in the zone to be resolvable as usual.

Add New Conditional Forwarder Zone

Once you have added the zone, you need to add a CNAME record that points "www.google.com" to "google.com" and another ANAME record that points "google.com" to "forcesafesearch.google.com". Check the screenshot below to know how the records should look like.

Enforcing Google Safe Search

You can now test this by clicking on the DNS Client tab and querying for "www.google.com". Now open "www.google.com" in your web browser and try doing a search and notice the Safe Search option on the top right corner.

Similarly, to configure YouTube's restricted mode, you need to add a new "youtube.com" Conditional Forwarder zone with "Use This DNS Server" option enabled. Once the new zone is added, you need to add a CNAME record that points "www.youtube.com" to "youtube.com" and another ANAME record that points "youtube.com" to "restrict.youtube.com". This will enforce "Strict Restricted Mode".  To enforce "Moderate Restricted Mode" you need to point your ANAME record to "restrictmoderate.youtube.com" instead. Once you have configured the records, they should look as shown the screenshot below.

Enforcing YouTube Strict Restricted Mode

To enforce restricted mode for YouTube mobile app, you need to ensure that the domain names "m.youtube.com", "youtubei.googleapis.com" and "youtube.googleapis.com" too resolves the same way as explained above. For "m.youtube.com", add a "m" CNAME record similar to "www" record in the same forwarder zone. For the others, create a new Conditional Forwarder zone for "googleapis.com" and configure it similar to the "youtube.com" Conditional Forwarder zone with a ANAME record that points to "restrict.youtube.com" and add CNAME records for them.

You can now test this too with the DNS Client tab by querying "www.youtube.com". You can open "www.youtube.com" in your web browser and check if the restricted mode is working by searching with any keyword.

The Conditional Forwarder zone is quite useful that not only you can forward queries to one or more DNS providers by adding one or more FWD records, you can override records that you wish and have the zone resolve as usual for other records.

https://blog.technitium.com/2020/07/how-to-enforce-google-safe-search-and.html

Comments

Post a Comment

Popular posts from this blog

CLI Populer di OLT GPON ZTE

  ## cek onu belum terdaftar ZTE C300 # show gpon onu uncfg interface gpon-olt_1/9/1 onu 1 type ZTE-F609 sn ZTEGC86CCB88 exit ## Config interface onu yang baru interface gpon-onu_1/9/1:1   name NAME   description DESCRIPTION   sn-bind enable sn   tcont 1 name HSI profile 100M   tcont 2 name HOT profile 100M   gemport 1 name HSI unicast tcont 1 dir both   gemport 1 traffic-limit upstream UP100M downstream DW100M   gemport 2 name HOT unicast tcont 2 dir both   gemport 2 traffic-limit upstream UP100M downstream DW100M   switchport mode hybrid vport 1   switchport mode hybrid vport 2   service-port 1 vport 1 user-vlan 1200 vlan 1200   pppoe-plus enable sport 1   pppoe-plus trust true replace sport 1 exit ## config onu pon-onu-mng gpon-onu_1/9/1:1   service HSI type internet gemport 1 cos 0 vlan 1200   wan-ip 1 mode pppoe username PPPoE_USERNAME password PPPoeE_PASSWORD vlan-profile PPPoE host 1   secur...
1 comment
SelengkapNya ^_^

OLT ZTE C300/320 di ONT Mode Port: Vlan_Translate, QinQ, Trunk & Access

  Contoh Config  1. Vlan Translate QinQ To Access: OLT-ZTE-C320#show run interface gpon-onu_1/4/1:21 Building configuration... ! interface gpon-onu_1/4/1:21   name RSO0766   description Customer_Vlan-Translate   tcont 6 name Internet_Vlan-Translate profile UP-100M   gemport 6 name Internet_Vlan-Translate unicast tcont 6 dir both   switchport mode hybrid vport 6   service-port 6 vport 6 user-vlan 1490 vlan 1490 svlan 1479  ! end OLT-ZTE-C320#show onu running config gpon-onu_1/4/1:21 pon-onu-mng gpon-onu_1/4/1:21   service Internet_Vlan-Translate gemport 6 vlan 1490   vlan port eth_0/4 mode tag vlan 1490   dhcp-ip ethuni eth_0/4 from-internet ! 2. Vlan QinQ Access: OLT-ZTE-C320#show run interface gpon-onu_1/2/5:22 Building configuration... ! interface gpon-onu_1/2/5:22   name Internet-QinQ-Access   description QinQ-Access   tcont 1 name Acsata profile UP-200M   tcont 1 gap mode2   gemport 1...
Post a Comment
SelengkapNya ^_^

How to login Huawei Rectifier TP series (smu02B)?

  Dear All, In b/m steps how to login HCR to adjust its setting 1-login SMU of HCR with username admin & password 000001 2-get IP of HCR 3-Adjust your laptop IP in the subnetmask of HCR   (IP of HCR +1) 4-Open web browser prefereed IE and in address write IP of HCR (Note u should use http not https) 5-Enter username admin & Password changeme 6-Now u can adjust all rectifer setting B/M photos for clearafication
Post a Comment
SelengkapNya ^_^