Make your house an instagram-free zone

Copyright © 2024 J. M. Spivey
Jump to navigation Jump to search

These notes are for my own reference, so are unnecessarily specific in many places, but possibly not detailed enough to be followed by others.

The idea is to provide an alternative DNS server where certain domain names such as are redirected to, then use DHCP to point clients at that DNS server. It's quite easy for the well-informed to get round the restriction by manually setting their DNS server to another one, but the usual fix – shouting "Dad, the internet isn't working" – doesn't help.

1. Set up a Raspberry Pi (with the minimal, non-gui setup) and install dnsmasq. Give the Pi the fixed IP address by editing /etc/networks/interfaces so that you can conveniently connect to it with SSH later.

2. The dnsmasq configuration can be as follows, with all other options retaining their default values.

# Never forward plain names (without a dot or domain part)                     
# Never forward addresses in the non-routed address spaces.                    

# Set this (and domain: see below) if you want to have a domain                
# automatically added to simple names in a hosts-file.                         

# Set the domain for dnsmasq.

# Enable DHCP service                                                                     

# Omicron =                                                        

# Printer                                                                      

# Powerline network                                                            

# Delays sending DHCPOFFER and proxydhcp replies for at least the specified number of seconds.                                                               

# Override the default route supplied by dnsmasq.                              

It's convenient to give printers and other servers a fixed IP address by listing them here.

3. Put hosts you don't want to be accessed in /etc/hosts. I used the following, with each list of names on one line.       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes                                                   
ff02::2         ip6-allrouters                                                 

4. Activate dnsmasq on the Pi (with systemctl enable dnsmasq.service) and disable DHCP on the router. Disable IPv6 on the router too, in case some clients continue to use it for DNS via that route.

Privileged members of the household can be shown how to set their DNS server manually to (or, etc.) in order to get round the restriction.