09-20-2023 04:58 PM
I have a google wifi point. (https://support.google.com/googlenest/answer/6280668#zippy=%2Cgoogle-wifi-point). I'm interested in controlling FQDN access at specific times. For example, let's say I want to allow minecraft between the hours of 8-9 PM only. What is the easiest way to do this?
09-21-2023 06:58 AM
Hello @daa0
That's a really interesting question. When Google WiFi is used as your network's router+firewall, it uses DHCP to assign internal IP addresses to local devices that aren't statically configured (this will be important later). The DHCP configuration includes telling the local device which DNS server it should use to resolve host names. For Google/Nest WiFi, it always configures local devices to use itself (the Google/Nest WiFi router+firewall) as the DNS server. In the Google Home app, you can then configure which actual DNS server you want to use, and the Google/Nest router+firewall will forward requests that it hasn't cached to that server for resolution. By default, it may use either your ISP's DNS server, Google's (8.8.8.8), or something you configure yourself. That could be a DNS server you have running inside your network. Such a server could, in theory, block resolution of certain domain names during certain hours. However, on a cursory search, I haven't found a DNS server that already does that (there are some that block entirely, and some that block conditionally on the requesting IP address – but in this case, the requesting IP address will always be the Google/Nest WiFi router+firewall, not the client; in any case, it doesn't appear to be time-based anyway). So, you'd have to write something to do this (unless it already exists and I just didn't find it). All of that said, it will be a little fragile – remember earlier about DHCP being used for only those clients that aren't statically configured? Working around a system like this would be pretty easy by simply reconfiguring the client device to use static configuration instead of DHCP. Or even keep DHCP but just statically configure a DNS server to override the one provided via DHCP. At the end of the day, this kind of thing is hard to solve at the network level. It may be easier to solve at the client level using parental control software. Microsoft Family may be able to limit when certain apps can be used, and that would likely be a lot more effective than going down the route you're asking about here. Good luck!
09-23-2023 07:46 AM
Thanks for the detailed answer. So are you recommending microsoft family home. In our home we have multiple apple, computers microsoft computers , iphones.
09-23-2023 08:13 AM
Yeah, I had to do something similar when my son was younger since we had Windows, Xbox, iPhone, Mac, and iPad to deal with. Apple Screen time plus Microsoft Family were a good tool. But nothing is perfect. Honestly, the best thing we did was just not allow any electronic devices in bedrooms at night. But I know that's not an option for everyone.