Dynamic IP Addresses: Technical Details and FAQ
OpenDNS accounts work with dynamic IP addresses through Dynamic DNS (DDNS), if you use a DDNS software client.
When using OpenDNS, the purpose of dynamic DNS is to preserve your OpenDNS preferences if your ISP or network operator changes your IP address. The software client keeps your IP up to date with OpenDNS automatically.
What is dynamic DNS (DDNS)?
Many people get a dynamic Internet Protocol (IP) address assigned to them by their ISP or network operator. The alternative is a static IP address. If you're not sure which one you have, you likely have a dynamic IP address but contact your ISP to be sure.
It is difficult for public Internet resources to know how to find a webserver or mailserver or other Internet-addressable resource located at a dynamic IP address. DDNS provides a workaround, giving an individual a method of registering their current IP address with a third-party service on the web so they are publicly accessible and addressable, even as their IP address changes over time.
The below information still holds true, but DNS-O-Matic, a free service from OpenDNS, gives you an easy way to distribute your dynamic IP changes to multiple services with a single update. Keep dynamic DNS hostnames and OpenDNS updated at the same time.
How do I Configure OpenDNS on a Network with a Dynamic IP address?
OpenDNS can be configured on networks that are provisioned with dynamic IP addresses, which is typically how ISPs manage consumer and small business networks.
Please read Networks with Dynamic IP Addresses to learn how to maintain OpenDNS settings on a network where the IP address is likely to change.
What are the DNS Request Types?
The following table explains the DNS Request Types that can be collected and listed in an OpenDNS report.
DNS Lookup Type
|A||IPv4 address record||
Returns a 32-bit IP address, which typically maps a domain’s hostname to an IP address, but also used for DNSBLs and storing subnet masks
|AAAA||IPv6 address record||
Returns a 128-bit IP address that maps a domain’s hostname to an IP address
|MX||Mail exchange record||
Maps a domain name to a list of message transfer agents for that domain
|NS||Name server record||
Delegates a DNS zone to use the specified authoritative name servers
Pointer to a canonical name that returns the name only and is used for implementing reverse DNS lookups
|SOA||Start of authority record||
Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone
Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX
Carries extra data, sometimes human-readable, most of the time machine-readable such as opportunistic encryption, DomainKeys, DNS-SD, etc.
Here's how it works: When an authoritative DNS provider suffers an outage, all of the Websites it provides service for are taken offline. They are inaccessible for everyone on the Internet. But no longer for OpenDNS users. Our servers will now immediately look for the last known good address for the site in our caches, and use that to load the site. So effectively OpenDNS users will be able to access Websites that appear down for everyone else. For our millions of users at businesses, schools, and libraries around the world, saving them Internet access interruptions and the time they waste is invaluable.
Authoritative DNS outages happen frequently and can be a big problem. In March of 2009, it was reported that major authoritative DNS provider UltraDNS suffered an outage that took Salesforce.com, Amazon.com and Petco.com offline for several hours. In such a case, SmartCache fixes the inaccessibility problem and allows people to visit those sites despite the authoritative server outage.
This is just the latest in a long series of DNS innovations we've developed and passed on to you. Most recently it was blocking the Conficker worm from phoning home. By blocking the domain names the worm used, we were and continue to be able to protect people around the globe. We want our customers to know that we are committed to continually innovate and give you easy-to-use services that make your Internet experience better.
SmartCache is turned on by default for all users and only applies to queries where the authoritative server hands back a SERVFAIL response code or the query simply goes unanswered.
A list of other known DDNS clients that should work with OpenDNS:
NOTE: Support for these DDNS clients is not provided by OpenDNS or Cisco Umbrella. You can look in our community forums for assistance or contact the vendor directly for help.
|Mac, Windows||OpenDNS Updater||
OpenDNS Updater is a small AppleScript application that helps keep your Dynamic IP information up to date on the OpenDNS website.
This free service gives you an easy way to distribute your dynamic IP changes to multiple services with a single update. Keep dynamic DNS hostnames and OpenDNS updated at the same time.
A small updater program that helps keep your Dynamic IP information up to date on the OpenDNS website. Also supports DNS-O-Matic.
|Windows||HomingBeacon Dynamic DNS Update Client||
ChangeIP’s Dynamic DNS update client supports OpenDNS updates with version 18.104.22.168 and later.
|Windows||INADYN windows command line version||
The client is based on inadyn, but modified to support HTTPS (SSL) and preconfigured to use OpenDNS’s account update URL by default. Should work on Windows 2000 and later.
|Windows||INADYN source code||
Instructions contained in the ZIP file.
DynSite is a shareware, that is you can try it for free for 30 days then you have to register your copy to obtain a license code (also called a serial number) if you want to keep using it. If you decide not to register you have to uninstall the program (from Control Panel > Add or Remove Programs icon.) Add the configuration file, aka the.dns file, to the right place.
|Windows||Dynamic IP Monitor||
There is a 60-minute trial version, and a full version for US$9.95. OpenDNS is supported as a built-in option from version 3.2 on.
Download DUD file (opendns.dud) and save at C:Program FilesDirectUpdate v4dns
|Windows||myDynIPPro||Rocon Software’s dynamic DNS client supports OpenDNS updates with version 4.3.4 and later.|
Downloading Top Domains Data Greater Than 200 Records
OpenDNS provides a tool called fetchstats to enable OpenDNS Administrators to download the Top Domains log data that has been collected for a network. Fetchstats is useful when downloading data ranges that are greater than 200 records, which is the file-size limit for an online download from the OpenDNS Stats page.
The fetchstats tool is available for Linux and Microsoft operating systems and both use the following arguments:
- <username> - the email address of the OpenDNS Administrator for the network
- <network-id> - the numerical id of network; found in URL of network’s Dashboard settings page
- <YYYY-MM-DD> - the first day of the report
- [<YYYY-MM-DD>] - the optional last day of the report
For more information about using fetchstats, click or copy one of the following links:
To download the fetchstats tool click on or copy one of the following links:
Note: The OpenDNS password for the network being accessed is required to access fetchstats and to proceed with the data download.
Fetchstats is made available by OpenDNS, but is not directly supported. Use of the tool is at your own risk.
If you have received one of the following Error Messages while navigating the Internet or using OpenDNS, expand the message to understand the cause of the error and the known solutions to resolve it.
Dashboard Login Failure
If you experience problems when attempting to log in to the OpenDNS Dashboard, verify that you are accepting cookies from OpenDNS. If cookies are enabled and problems persist, try clearing the cache and the cookies of your Internet browser and retry.
The SERVFAIL error indicates that the nameserver of the requested domain is experiencing an internal error. OpenDNS servers are able to reach the domain but are unable to communicate with the specific nameserver. This can be the result of a few conditions such as unusually high traffic on that particular server. The only solution is to keep trying or try again later.
Network Already Exists / IP Address Taken by Another User / !Yours
These 3 errors are related to networks that use dynamic IP addresses, which have been or are currently registered with OpenDNS by another account holder.
The Network Already Exists error occurs when the IP address of your network was, at one time, previously registered with OpenDNS by a different account holder. Because many networks use dynamic IP addresses, the IP address is now assigned to your network, but still linked to the original OpenDNS account holder.
The Your IP Address Taken or !Yours errors usually occur when updating your network IP address with the OpenDNS client-side IP updater. The conflict arises when the IP address being updated falls into one of the following two scenarios:
- Actual address is registered to another OpenDNS account holder.
- The IP address falls in the range of a larger netblock, which is registered with another OpenDNS account holder.
When these network conflicts occurs, not all OpenDNS features can be fully configured on your network, though you will still be using OpenDNS servers and benefiting from our fast, secure and reliable Internet experience.
To resolve this issue, please contact us with details. Be sure and include the following:
- The error message
- Your full name
- The email address used to create the account
- Your current IP address, found at the top of the OpenDNS home page
DNS and HTTP IP Address Mismatch (Content Filtering Not Working)
You may receive this error if you have just configured OpenDNS and are testing your configuration at our Welcome to OpenDNS test page. Typically, this issue will rectify itself within 3-5 minutes as the OpenDNS network registers your new network.
If it appears that your Web content filtering settings are no longer being applied to your network, and you have flushed DNS cache, this error is likely the result of an IP address conflict. The error is:
Your OpenDNS settings might not work due to DNS IP address (x.x.x.x) and HTTP IP address (x.x.x.x) mismatch.
This issue is usually caused by the way your ISP handles DNS traffic, and transparent proxies that create different "egress" IPs for DNS and HTTP traffic. OpenDNS is unable to help with speific ISP related troubleshooting, but we recommend getting in touch with them and asking whether you are behind a transparent proxy.
To see if your DNS traffic IP address is indeed different from your web traffic IP address, try the following:
- To find your DNS IP address, use the command line and run "nslookup myip.opendns.com"
- To find your web IP addresss, go to this site in your browser: http://myip.dnsomatic.com/
Typically these should be the same but if you're receiving this error, they would be different.
It is your DNS IP address which must be registered at https://dashboard.opendns.com/settings/ to make the additional features of OpenDNS work (blocking by category, blocking or whitelisting individually, stats and logs).
To see why there is a mismatch, you may want to run this test to see if you're behind a proxy:
Alternatively, you can call up your ISP to find out why they route your DNS traffic differently from the rest of your traffic, and if there's a possibility to opt out from this different DNS traffic routing.
OpenDNS Configuration Test Yields: "Oops!" Message
If you have tested your OpenDNS configuration and received the Oops! message, you may actually have OpenDNS configured correctly but be experiencing a problem related to how your ISP provisions your Internet connection.
First, check with your Internet Service Provider (ISP) to determine whether they allow third-party DNS services. If they do, the next most likely explanation for failing the OpenDNS configuration tests is that your ISP uses a proxy server.
If your ISP uses proxy servers, you will not be able to take advantage of our Web-based features, but you will still benefit from a fast, secure and reliable Internet navigation experience.
If the verification results from below indicate you are using different DNS servers and you are confident that you have followed the OpenDNS configuration instructions, please contact your ISP to verify whether they allow third-party DNS.
In some cases, a work-around has been found successful by configuring both the router/modem and all computers on the network to use OpenDNS servers. For more information about how to configure OpenDNS on a computer, follow this link.
To verify that you are using OpenDNS servers for DNS lookups, please go to the following instructions according to your computer's operating system.
To verify that you are using OpenDNS servers for DNS lookups, from your computer running Windows, follow these steps:
Server: resolver1.opendns.com or resolver2.opendns.com
If the line including "Server" shows resolver1.opendns.com or resolver2.opendns.com and the associated IP addresses 22.214.171.124 or 126.96.36.199, respectively, then you are using OpenDNS for DNS lookups.
To verify that you are using OpenDNS servers for DNS lookups, from your computer running Mac OS, follow these steps:
;; <<>> DiG 9.2.4 <<>> www.opendns.com
To verify that you are using OpenDNS servers for DNS lookups, from your computer running Linux, follow these steps:
;; <<>> DiG 9.2.4 <<>> www.opendns.com