Live Parental Controls is not filtering

August 25, 2017 16:31

Live Parental Controls is not filtering on more than one router. It appears there is a problem with the service. Anyone else seeing this?

Comments

8 comments

rotblitz August 25, 2017 16:43
Copy & paste the complete plain text output of the following diagnostic commands to here, from a computer connected to an affected router:
```
nslookup -type=txt debug.opendns.com.
nslookup whoami.akamai.net.
nslookup www.exampleadultsite.com.
nslookup www.internetbadguys.com.
```
0

Permalink
kmc1976 September 06, 2017 22:14

Netgear WNDR4500v2, firmware V1.0.0.64_1.0.40, with (OpenDNS) Live Parental Controls enabled and filtering set to high (without customization) is NOT blocking/filtering. Router's DNS servers: 208.67.222.222 / 208.67.220.220.

$ nslookup -type=txt debug.opendns.com.
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can't find debug.opendns.com.: NXDOMAIN

$ for h in whoami.akamai.net. www.exampleadultsite.com. www.internetbadguys.com. www.pornhub.com. www.twitter.com. www.facebook.com. ; do nslookup ${h} ; done
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: whoami.akamai.net
Address: 69.241.93.151

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: www.exampleadultsite.com
Address: 67.215.92.210

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: www.internetbadguys.com
Address: 67.215.92.210

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
www.pornhub.com canonical name = pornhub.com.
Name: pornhub.com
Address: 31.192.120.36

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
www.twitter.com canonical name = twitter.com.
Name: twitter.com
Address: 104.244.42.1
Name: twitter.com
Address: 104.244.42.129

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
www.facebook.com canonical name = star-mini.c10r.facebook.com.
Name: star-mini.c10r.facebook.com
Address: 157.240.18.35

0

Permalink
rotblitz September 07, 2017 07:18
"Router's DNS servers: 208.67.222.222 / 208.67.220.220."

You didn't configure this manually, did you? This is in no way part of the instructions.
https://kb.netgear.com/25687/

"** server can't find debug.opendns.com.: NXDOMAIN"

Your DNS traffic does not go to OpenDNS, therefore OpenDNS have no way to apply your settings.

Instead your DNS traffic seems to go via Comcast. Address: 69.241.93.151

I need to see more. Disable LPC on the router, and then post the following command output:
```
nslookup -type=txt debug.opendns.com. 208.67.220.220
```
0

Permalink
greatlakesacademy September 07, 2017 13:17

Both routers started working again a few hours after I posted.

I guess there was a hiccup somewhere that was corrected.

Thanks for you help!

0

Permalink
kmc1976 September 07, 2017 21:59 (Edited September 07, 2017 21:59)

"Router's DNS servers: 208.67.222.222 / 208.67.220.220."

yes, the router itself is configured for openDNS (not the ISP). The router provides DHCP and DNS to the (W)LAN:

$ cat /etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.1

yet still the internal (W)LAN is not filtered:

$ nslookup -type=txt debug.opendns.com.
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can't find debug.opendns.com: NXDOMAIN

please have a look at open ticket #355632 which contains relevant screen shots.

thanks in advance.

0

Permalink
kmc1976 September 07, 2017 22:09

$ cat /etc/resolv.conf
#
# Mac OS X Notice
#
# This file is not used by the host name and address resolution
# or the DNS query routing mechanisms used by most processes on
# this Mac OS X system.
#
# This file is automatically generated.
#
nameserver 192.168.1.1

LPC enabled

$ nslookup -type=txt debug.opendns.com.
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can't find debug.opendns.com.: NXDOMAIN

LPC disabled

$ sudo dscacheutil -flushcache

$ nslookup -type=txt debug.opendns.com.
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can't find debug.opendns.com.: NXDOMAIN

0

Permalink
kmc1976 September 07, 2017 22:17

smells like bug.

On a hunch I changed filtering level (from high) to none, saved, then re-enabled filtering (to high), saved. OpenDNS's filtering is now working as expected.

nslookup -type=txt debug.opendns.com.
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
debug.opendns.com text = "server m25.chi"
debug.opendns.com text = "device 0000A375013AF190"
debug.opendns.com text = "flags 422 0 8010 39400027F00F1189EF3"
debug.opendns.com text = "originid 31294629"
debug.opendns.com text = "actype 1"
debug.opendns.com text = "bundle 31294629"
debug.opendns.com text = "source 68.34.215.35:32770"

Authoritative answers can be found from:

for h in whoami.akamai.net. www.exampleadultsite.com. www.internetbadguys.com. www.pornhub.com. www.twitter.com. www.facebook.com. ; do nslookup ${h} ; done
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: whoami.akamai.net
Address: 208.69.36.66

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: www.exampleadultsite.com
Address: 146.112.61.106

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: www.internetbadguys.com
Address: 146.112.61.108

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: www.pornhub.com
Address: 146.112.61.106

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: www.twitter.com
Address: 146.112.61.106

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: www.facebook.com
Address: 146.112.61.106

hopefully this is useful to some other community member(s).

0

Permalink
rotblitz September 08, 2017 07:39 (Edited September 08, 2017 07:43)

"yes, the router itself is configured for openDNS (not the ISP)."

This is wrong if you did it manually. It is not part of the LPC instructions. LPC does this for you.

"The router provides DHCP and DNS to the (W)LAN:"

Yes, this is what a router with DHCP server does, but it is unrelated to what you configured or not configured on the WAN side of your router.

"please have a look at open ticket #355632 which contains relevant screen shots."

I'm a user like you and cannot look at your tickets. You'll have to wait for staff looking at it.

"On a hunch I changed filtering level (from high) to none"

Your dashboard settings are irrelevant as long as you don't use OpenDNS at all, as was the case. You care about your settings as last.

debug.opendns.com text = "originid 31294629"
debug.opendns.com text = "actype 1"
debug.opendns.com text = "bundle 31294629"
debug.opendns.com text = "source 68.34.215.35:32770"

It seems your IP address 68.34.215.35 is also registered for OpenDNS Home use which leads to inconsistent results. Ensure that you have deleted any network at https://dashboard.opendns.com/settings/. Your dashboard is only at https://netgear.opendns.com/

If there's no network at https://dashboard.opendns.com/settings/, then your IP address is registered with another OpenDNS user's network which can be sorted by OpenDNS staff only.

0

Permalink

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?