Live Parental Controls is not filtering

Comments

8 comments

  • Avatar
    rotblitz

    Copy & paste the complete plain text output of the following diagnostic commands to here, from a computer connected to an affected router:

    nslookup -type=txt debug.opendns.com.
    nslookup whoami.akamai.net.
    nslookup www.exampleadultsite.com.
    nslookup www.internetbadguys.com.

     

    0
    Comment actions Permalink
  • Avatar
    kmc1976

    Netgear WNDR4500v2, firmware V1.0.0.64_1.0.40, with (OpenDNS) Live Parental Controls enabled and filtering set to high (without customization) is NOT blocking/filtering. Router's DNS servers: 208.67.222.222 / 208.67.220.220.

    $ nslookup -type=txt debug.opendns.com.
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    ** server can't find debug.opendns.com.: NXDOMAIN

    $ for h in whoami.akamai.net. www.exampleadultsite.com. www.internetbadguys.com. www.pornhub.com. www.twitter.com. www.facebook.com. ; do nslookup ${h} ; done
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 69.241.93.151

    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    Name: www.exampleadultsite.com
    Address: 67.215.92.210

    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    Name: www.internetbadguys.com
    Address: 67.215.92.210

    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    www.pornhub.com canonical name = pornhub.com.
    Name: pornhub.com
    Address: 31.192.120.36

    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    www.twitter.com canonical name = twitter.com.
    Name: twitter.com
    Address: 104.244.42.1
    Name: twitter.com
    Address: 104.244.42.129

    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    www.facebook.com canonical name = star-mini.c10r.facebook.com.
    Name: star-mini.c10r.facebook.com
    Address: 157.240.18.35

     

     

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "Router's DNS servers: 208.67.222.222 / 208.67.220.220."

    You didn't configure this manually, did you?  This is in no way part of the instructions.
    https://kb.netgear.com/25687/

    "** server can't find debug.opendns.com.: NXDOMAIN"

    Your DNS traffic does not go to OpenDNS, therefore OpenDNS have no way to apply your settings.

    Instead your DNS traffic seems to go via Comcast.  Address: 69.241.93.151

    I need to see more.  Disable LPC on the router, and then post the following command output:

    nslookup -type=txt debug.opendns.com. 208.67.220.220

     

    0
    Comment actions Permalink
  • Avatar
    greatlakesacademy

    Both routers started working again a few hours after I posted.

    I guess there was a hiccup somewhere that was corrected.

    Thanks for you help!

    0
    Comment actions Permalink
  • Avatar
    kmc1976 (Edited )

    "Router's DNS servers: 208.67.222.222 / 208.67.220.220."

    yes, the router itself is configured for openDNS (not the ISP). The router provides DHCP and DNS to the (W)LAN:

    $ cat /etc/resolv.conf 

    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 192.168.1.1

    yet still the internal (W)LAN is not filtered:

     

    $ nslookup -type=txt debug.opendns.com.
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    ** server can't find debug.opendns.com: NXDOMAIN

    please have a look at open ticket #355632 which contains relevant screen shots.

    thanks in advance.

     

    0
    Comment actions Permalink
  • Avatar
    kmc1976

     

    $ cat /etc/resolv.conf
    #
    # Mac OS X Notice
    #
    # This file is not used by the host name and address resolution
    # or the DNS query routing mechanisms used by most processes on
    # this Mac OS X system.
    #
    # This file is automatically generated.
    #
    nameserver 192.168.1.1

     

    LPC enabled

    $ nslookup -type=txt debug.opendns.com.
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    ** server can't find debug.opendns.com.: NXDOMAIN

     

    LPC disabled

    $ sudo dscacheutil -flushcache

    $ nslookup -type=txt debug.opendns.com.
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    ** server can't find debug.opendns.com.: NXDOMAIN

    0
    Comment actions Permalink
  • Avatar
    kmc1976

    smells like bug.

    On a hunch I changed filtering level (from high) to none, saved, then re-enabled filtering (to high), saved. OpenDNS's filtering is now working as expected.

     

    nslookup -type=txt debug.opendns.com.
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    debug.opendns.com text = "server m25.chi"
    debug.opendns.com text = "device 0000A375013AF190"
    debug.opendns.com text = "flags 422 0 8010 39400027F00F1189EF3"
    debug.opendns.com text = "originid 31294629"
    debug.opendns.com text = "actype 1"
    debug.opendns.com text = "bundle 31294629"
    debug.opendns.com text = "source 68.34.215.35:32770"

    Authoritative answers can be found from:

     

    for h in whoami.akamai.net. www.exampleadultsite.com. www.internetbadguys.com. www.pornhub.com. www.twitter.com. www.facebook.com. ; do nslookup ${h} ; done
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 208.69.36.66

    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    Name: www.exampleadultsite.com
    Address: 146.112.61.106

    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    Name: www.internetbadguys.com
    Address: 146.112.61.108

    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    Name: www.pornhub.com
    Address: 146.112.61.106

    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    Name: www.twitter.com
    Address: 146.112.61.106

    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    Name: www.facebook.com
    Address: 146.112.61.106

     

     

    hopefully this is useful to some other community member(s).

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    "yes, the router itself is configured for openDNS (not the ISP)."

    This is wrong if you did it manually.  It is not part of the LPC instructions.  LPC does this for you.

    "The router provides DHCP and DNS to the (W)LAN:"

    Yes, this is what a router with DHCP server does, but it is unrelated to what you configured or not configured on the WAN side of your router.

    "please have a look at open ticket #355632 which contains relevant screen shots."

    I'm a user like you and cannot look at your tickets.  You'll have to wait for staff looking at it.

    "On a hunch I changed filtering level (from high) to none"

    Your dashboard settings are irrelevant as long as you don't use OpenDNS at all, as was the case.  You care about your settings as last.

    debug.opendns.com text = "originid 31294629"
    debug.opendns.com text = "actype 1"
    debug.opendns.com text = "bundle 31294629"
    debug.opendns.com text = "source 68.34.215.35:32770"

    It seems your IP address 68.34.215.35 is also registered for OpenDNS Home use which leads to inconsistent results.  Ensure that you have deleted any network at https://dashboard.opendns.com/settings/.  Your dashboard is only at https://netgear.opendns.com/

    If there's no network at https://dashboard.opendns.com/settings/, then your IP address is registered with another OpenDNS user's network which can be sorted by OpenDNS staff only.

    0
    Comment actions Permalink

Please sign in to leave a comment.