Please try to understand this service is free and shall always remain free as in freedom. With this promise in mind it makes it difficult to host everything by myself and serve millions of requests with the growing demand. This is not a complain, but only a reminder of how hard it is to try making the world a better place, when everywhere is all about money and profit. Please read those frequently asked questions as they may answer most of your questions.
Who is hosting this service?
My name is Cristian Anghel and I am an orthodox priest of Romanian Orthodox Church. Even though my main job is to teach others belief in God, I am also passionate for information technology. I never officially studied IT in some faculty, I studied from books, tutorials, online videos, and so on. As an orthodox priest I simply can not take money for profit, so everything I learn in computing I shall try to implement for free use, because I believe in a world where people love each other and make this world a better place (rock and universe included).
Why is this service free?
As stated, I can not think of profit, even though this world feels like it is all about money. I care about my family and children, while protecting other persons in such a harsh environment as internet where everyone wants a piece of others privacy. This service is free mostly for kids and families, but all people are invited to use it and protect their devices online.
Is this supported by advertising or donations?
No. No donations are required. No advertising is made through KidProtect. I intend not to ask anyone money for this free service. Nobody pays this service anything. Nobody donates to this anything. If someone asks you money for using KidProtect, please ignore any of those messages. Nobody from KidProtect will ever ask you money for this service. All costs are supported from my pocket, and that is exactly how I like it, not because I am rich, but because I believe in a better world together.
Could it be used in protecting business?
Indeed, KidProtect can be used to protect business, even though it was not designed with profit in mind; so feel free to use it for any devices in your firm/company. Please try to keep attention on technical limitations listed below and then configure it for your company private network.
May I duplicate KidProtect? May I have a copy of it?
Yes, feel free to create a project better than KidProtect, however you may not have a full copy of this project, simply because such information would give away configurations and possible exploitable issues I may have overlooked (I am not perfect). So please do not contact me to give away designs, sell this project or it's information.
Multiple concurrent connections are allowed with TCP?
Multiple connections from same source IP are allowed with KidProtect. Because this is a private DNS service, packets are mostly received with UDP, however KidProtect is also configured for TCP packets over DNS. If you are running special software, or if you are application designer trying to test KidProtect, feel free to use TCP as DNS protocol for more security.
What are you doing to mitigate amplification attacks?
This is the biggest problem of recursive DNS servers. Because of amplification attacks KidProtect is limiting requests from source IP. First burst of packets are accepted from same source IP, but if a source IP is considered offending, it will be blacklisted automatically and routers will DROP packets from it. As there may be a compromised machine behind that IP, everything is reset on a daily basis, just in case the owner of that terminal fixed issues.
May I use KidProtect on router to my home/business?
Yes, you may configure KidProtect on your router. Please keep in mind that, depending on the size of your network, too many requests through your router will result in a blacklisting of your IP. For example: if you have a router serving 1000 clients, all connected at the same time, will mean 1000 DNS requests from a single IP (of router) to KidProtect servers. This can easily be considered as online flood, so please make sure to request a whitelist of your IP from KidProtect project, or request special dedicated servers with custom protection.
Can I use KidProtect as recursor on my own DNS server?
Yes and No. Yes because everybody can use KidProtect for free. No because it has limitation from same source IP. In your private network, DNS requests can flow easily because your recursor can distinguish every source IP in your network. But KidProtect can not make this difference as it's only source IP is your designed recursive server, so your server will be marked as flooding if it makes too many requests per second. It actually depends on how many clients in your network are using your server; more clients = more requests from your server = more requests of same IP from KidProtect. Make sure to contact KidProtect project for a whitelist of your recursive server, or for special dedicated servers with custom protection.
I have a dedicated server, could I use it for protection?
Yes, but this would mean you want to hire me to take care of it for you. I am available for hire in any country if the salary is right because I have a family with children to take care of, so any source of income is welcome; but this project is private, and not for sale.