Jim mentioned OpenDNS as a possible fix for the DNS vulnerability.
I've been using OpenDNS for the past several months on my laptop, but not just as an alternate domain name server but to test its filtering capabilities. Yes, OpenDNS also offers free internet filtering. Once you set up an account, you can go into Dashboard - Settings and either go with one of their pre-selected filtering levels or customize your own.I was running a fairly restrictive version for quite a while and only had it block two sites - South Park and blip.tv - both as adult themed sites. The description provided by OpenDNS warns you to only choose Adult Themes if you want to be very restrictive on your network.
One nice feature is that you get a customizable block page that tells you why the site was blocked. You can give patrons information about how to get the site unblocked. This is an important feature for 1st amendment considerations.Yesterday, I thought that as long as I was changing DNS settings for my new ISP, I might as well set my router to OpenDNS and see how the filtering works on a network. I discovered that it filters every device on my wireless network including my iPod Touch. So, how do you turn it off? You go into your dashboard and remove whatever restrictions you choose. It's pretty easy to turn on and off but because the filtering takes place at remote servers, it takes a few minutes to deactivate and reactivate the filtering. In the meantime, your entire network is unfiltered. If you're interested only in complying with CIPA for public library E-Rate purposes, and want to avoid potential problems, I'd suggest being very selective in what you choose to filter, particularly for adult patrons.
We'll be talking about this more at the E-Rate session at Fall Workshop.