YouTube has some fantastic educational resources, but it also has lots of content you probably don’t want appearing in your school.
Most Web Filtering systems (such as OpenDNS that we can provide) are only capable of blocking YouTube entirely, which may not be desirable.
Fortunately YouTube provide us with a restricted site that can be forced on your network with a little DNS trickery.
It is documented here https://support.google.com/a/answer/6214622?vid=0-468510624466-1481296277158
However it doesn’t give much guidance on the implementation.
Below is a step by step guide to implementing this on a basic windows network, where DNS resolution is provided by a windows server.
From the windows server, start DNS manager.
Step 1. Expand out server and forward lookup zones. Right click forward lookup zones and select new zone.
This will start a little wizard – hit next.
On the next page select primary zone and store in AD (they will probably be set to this by default.
Then Next again.
Then on the following screen enter the zone name as: www.youtube.com and once again hit next
Hit next on the following screen, accepting the defaults.
And finally you’ll get a screen confirming the creating on the new screen.
At this stage, Youtube will probably stop working altogether on your network. Don’t worry.
Next up navigate to the new zone as below, right click on www.youtube.com and select ‘new alias (CNAME)’
Leave the alias blank, and enter restrict.youtube.com as the FQDN
Click on OK.
If you’ve done it right, you should be able to start up a command prompt on the server and ping www.youtube.com
Note that when you try and ping it, it will come back with restrict.youtube.com
If it doesn’t do this – either the zones been setup wrong, or alternately it’s stuck in the dns cache. Restarting the DNS service and running an ipconfig /flushdns will clear it.
Now if you visit www.youtube.com you’ll see the ‘clean’ version of the site with no dubious search results.
You just now need to repeat the above procedure and create 4 more zones with the same CNAME record. This will stop the more enterprising kids finding ways round it with alternate urls.