Porn not being blocked
Hi,
I set up opendns yesterday and set the restrictions to block all adult/porn content but nothing is being blocked at all. I discovered this after visiting an innocent site relating to arduino programming which loaded a russian brides web site which was unexpected so I checked and the whole host of xhamster/pornhub etc load unhindered.
Could I have done something wrong ? I followed the instructions, changed the DNS IP addresses in the router and then went to the dashboard and set the filtering to moderate. The IP'si entered are 208.67.222.222 and 208.67.220.220.
-
Are you using OpenDNS at all? Check at http://welcome.opendns.com/
Also, copy & paste the complete plain text output of the following diagnostic commands to here:
nslookup -type=txt debug.opendns.com. 208.67.220.220
nslookup -type=txt which.opendns.com.
nslookup www.exampleadultsite.com.
nslookup whoami.akamai.net.
netsh interface ipv4 show config (Windows only)
ifconfig -a -v (Mac-OSX and Linux only)When I look at these outputs, I may be able to see what your problem is...
-
Yes im looking at my dashboard and get a big green tick when accessing the welcome page.
nslookup -type=txt debug.opendns.com. 208.67.220.220
Server: 208.67.220.220
Address: 208.67.220.220#53Non-authoritative answer:
debug.opendns.com text = "server m45.lon"
debug.opendns.com text = "flags 20 0 70 7950800000000000000"
debug.opendns.com text = "originid 0"
debug.opendns.com text = "actype 0"
debug.opendns.com text = "source xx.xx.xxx.xx:49783" (My external IP)nslookup -type=txt which.opendns.com
Server: 192.168.1.254
Address: 192.168.1.254#53Non-authoritative answer:
which.opendns.com text = "m25.lon"Authoritative answers can be found from:
nslookup pornhub.com
Server: 192.168.1.254
Address: 192.168.1.254#53Non-authoritative answer:
Name: pornhub.com
Address: 31.192.120.36nslookup xhamster.com
Server: 192.168.1.254
Address: 192.168.1.254#53Non-authoritative answer:
Name: xhamster.com
Address: 88.208.18.30
Name: xhamster.com
Address: 88.208.29.24nslookup whoami.akamai.net
Server: 192.168.1.254
Address: 192.168.1.254#53Non-authoritative answer:
Name: whoami.akamai.net
Address: 208.69.34.69ifconfig -a -v
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 index 1
eflags=11000000<ECN_ENABLE,SENDLIST>
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
link quality: 100 (good)
state availability: 0 (true)
timestamp: disabled
qosmarking enabled: no mode: none
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 index 2
eflags=1000000<ECN_ENABLE>
state availability: 0 (true)
qosmarking enabled: no mode: none
stf0: flags=0<> mtu 1280 index 3
eflags=1000000<ECN_ENABLE>
state availability: 0 (true)
qosmarking enabled: no mode: none
XHC20: flags=0<> mtu 0 index 4
eflags=41000000<ECN_ENABLE,FASTLN_ON>
state availability: 0 (true)
qosmarking enabled: yes mode: none
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 index 5
eflags=41000080<TXSTART,ECN_ENABLE,FASTLN_ON>
options=60<TSO4,TSO6>
ether 4a:00:07:7c:38:10
media: autoselect <full-duplex>
status: inactive
type: Ethernet
state availability: 0 (true)
scheduler: FQ_CODEL
qosmarking enabled: yes mode: none
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 index 6
eflags=41000080<TXSTART,ECN_ENABLE,FASTLN_ON>
options=60<TSO4,TSO6>
ether 4a:00:07:7c:38:11
media: autoselect <full-duplex>
status: inactive
type: Ethernet
state availability: 0 (true)
scheduler: FQ_CODEL
qosmarking enabled: yes mode: none
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 index 7
eflags=412008c0<ACCEPT_RTADV,TXSTART,ARPLL,NOACKPRI,ECN_ENABLE,FASTLN_ON>
ether c4:b3:01:cd:f3:c7
inet6 fe80::8ec:e370:71d5:f4e1%en0 prefixlen 64 secured scopeid 0x7
inet 192.168.1.217 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
type: Wi-Fi
link quality: 100 (good)
state availability: 0 (true)
scheduler: FQ_CODEL (driver managed)
uplink rate: 23.16 Mbps [eff] / 53.95 Mbps
downlink rate: 23.16 Mbps [eff] / 53.95 Mbps [max]
qosmarking enabled: yes mode: none
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304 index 8
eflags=41000080<TXSTART,ECN_ENABLE,FASTLN_ON>
ether 06:b3:01:cd:f3:c7
media: autoselect
status: inactive
type: Wi-Fi
state availability: 0 (true)
scheduler: FQ_CODEL (driver managed)
link rate: 10.00 Mbps
qosmarking enabled: yes mode: none
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484 index 9
eflags=413e0080<TXSTART,LOCALNET_PRIVATE,ND6ALT,RESTRICTED_RECV,AWDL,NOACKPRI,ECN_ENABLE,FASTLN_ON>
ether 2e:e4:30:52:7d:f1
inet6 fe80::2ce4:30ff:fe52:7df1%awdl0 prefixlen 64 scopeid 0x9
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
type: Wi-Fi
state availability: 0 (true)
scheduler: FQ_CODEL (driver managed)
link rate: 10.00 Mbps
qosmarking enabled: yes mode: none
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 index 10
eflags=41000000<ECN_ENABLE,FASTLN_ON>
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 4a:00:07:7c:38:10
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
hostfilter 0 hw: 0:0:0:0:0:0 ip: 0.0.0.0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
hostfilter 0 hw: 0:0:0:0:0:0 ip: 0.0.0.0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
state availability: 0 (true)
qosmarking enabled: yes mode: none
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000 index 11
eflags=5002080<TXSTART,NOAUTOIPV6LL,ECN_ENABLE,CHANNEL_DRV>
options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
inet6 fe80::17dc:5053:d970:3661%utun0 prefixlen 64 scopeid 0xb
netif: 9090B4B1-96F8-4975-B637-A9B5A6459455
multistack: 9FD74D63-3B6A-42D0-85AE-49E246F0108D
nd6 options=201<PERFORMNUD,DAD>
agent domain:ids501 type:clientchannel flags:0xc3 desc:"IDSNexusAgent ids501 : clientchannel"
state availability: 0 (true)
scheduler: FQ_CODEL
qosmarking enabled: no mode: none
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 index 12
eflags=5002080<TXSTART,NOAUTOIPV6LL,ECN_ENABLE,CHANNEL_DRV>
options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
inet6 fe80::bd09:e340:497d:d89b%utun1 prefixlen 64 scopeid 0xc
netif: 3237118D-0A7C-491E-BEDE-324349219B95
multistack: AD607DF3-2C37-4948-9FFF-396597686824
nd6 options=201<PERFORMNUD,DAD>
state availability: 0 (true)
scheduler: FQ_CODEL
qosmarking enabled: no mode: noneDouble checked dashboard settings for my added network and even added pornhub and hamster to the blocked list manually, the dashboard relayed a message saying i was adding sites already covered by my chosen settings but added them as a new rule anyway, still accessible.
I only changed this three days ago as I had previously set my main DNS to openDNS and my secondary to a Symantec IP which blocked all the sites I don't want my child seeing but the Symantec one kept going down.
-
"Double checked dashboard settings for my added network"
No, you didn't. You have overseen that you didn't register your IP address xx.xx.xxx.xx with your network at https://dashboard.opendns.com/settings/ and maybe that you don't run an updater to keep it current. Therefore OpenDNS has no way to associate your DNS lookups with your dashboard settings, and your settings cannot take effect.
"the dashboard relayed a message saying i was adding sites already covered by my chosen settings"
Yes, you can safely remove these entries. They just eat up your 25 slots.
Btw, there's a much easier way to block porn even without the dashboard. You configure the FamilyShield addresses 208.67.222.123 and 208.67.220.123 instead of the normal ones.
-
I XX'd out my external IP address.
But I now see my current external IP address is not the same as the one configured, I can only guess we had a power cut and I was allocated a new IP address when the router reconnected.
Sites are now blocked after running the DNSupdater. A lot of sites are not showing the openDNS block page though they are showing as connection is not private ? You cannot access them so all is ok, why would it be showing that and not the blocked page out of interest ?
I may use the family shield IP's but I like the dashboard, it gives me an easy way to see what my son is up to. Would one of each work for me ? Perhaps configure openDNS as primary and family shield as secondary ? This would be similar to how I had it set up before with one OpenDNS and one Symantec.
Thank you for your help
-
"I may use the family shield IP's but I like the dashboard"
Why "but"? You can use the dashboard with the FamilyShield addresses. Did someone say you can't? It's just that the FamilyShield addresses block adult content generally, no matter if you use the dashboard for additional things or not. However, you cannot whitelist domains at the dashboard which are being blocked by FamilyShield.
"Perhaps configure openDNS as primary and family shield as secondary ?"
I thought you have leaned that mixing different DNS services produces inconsistent random results? ("I had previously set my main DNS to openDNS and my secondary to a Symantec") And now you will fall back to this bad scenario? Better not! If you want consistent results, you must not mix DNS services, even if supplied by the same provider. Primary and secondary do not work as you expect them to work, but work randomly, just as the programmers on the computer or router thought it should work.
"A lot of sites are not showing the openDNS block page though they are showing as connection is not private ?"
Yes, sure. Very well documented: https://support.opendns.com/hc/en-us/articles/227988787
This happens if a domain is blocked, and you want to access it with HTTPS. -
-
Or simply click the green arrow icon at https://dashboard.opendns.com/settings/ if it appears. And investigate why your Updater doesn’t do it’s job.
-
Still doesn't block porn even with the settings to do so.
1) deleted old account and created a new one
2) selected my IP address
3) selected lable as "mine"
4) selected dynamic IP
5) ran CMD in admin mode: ipconfig /flushdns
6) Verified IPV4 DNS server settings showed up in Ethernet properties.
7) Selected porn filtering from shown categories on my Dashboard
8) went to https://support.opendns.com/hc/en-us/articles/227986567-How-to-Test-for-Successful-OpenDNS-Configuration- to verify configuration. The first two confirmed, but the third one did not.
9) Went to the most popular porn sites and non were blocked.
10) OpenDNS updated doesn't show my IP address and says "looks like there is no internet connectivity"
-
You did in fact nothing. You are still where you were.
Copy & paste the complete plain text output of the following diagnostic commands to here:
nslookup -type=txt debug.opendns.com.
nslookup www.exampleadultsite.com.
nslookup whoami.akamai.net. -
I just itemized the steps on how I redid everything. I have more important things to do than to waste your time or mine. It's more likely than not, what I did did not change anything.
C:\WINDOWS\system32>nslookup -type=txt debug.opendns.com.
Server: cdns01.comcast.net
Address: 2001:558:feed::1opendns.com
primary name server = auth1.opendns.com
responsible mail addr = noc.opendns.com
serial = 1611426324
refresh = 16384 (4 hours 33 mins 4 secs)
retry = 2048 (34 mins 8 secs)
expire = 1048576 (12 days 3 hours 16 mins 16 secs)
default TTL = 2560 (42 mins 40 secs)C:\WINDOWS\system32>nslookup www.exampleadultsite.com.
Server: cdns01.comcast.net
Address: 2001:558:feed::1Non-authoritative answer:
Name: www.exampleadultsite.com
Address: 146.112.255.155
C:\WINDOWS\system32>nslookup whoami.akamai.net.
Server: cdns01.comcast.net
Address: 2001:558:feed::1Non-authoritative answer:
Name: whoami.akamai.net
Address: 69.252.244.129 -
Clearly it was good for nothing, since nothing was achieved.
And how exactly do I add this to an Arris SBG6700? I don't see any place to insert these for IPv6, like there was for the IPv4. This is all that I see:
Honestly I don't remember having this much trouble when I first did this a year ago. It just worked.
-
So I went back and added the address for the Family shield and porn is blocked and the OpenDNS updater shows both my IP address and an internet connection.
Changed it back to the Home OpenDNS server and nothing is blocked porn or otherwise. The updater doesn't show my IP address and says there is no internet connection
Can't edit the IPv6 in my router. Makes no since to edit it on my PC when everyone has a device connected to the WiFi.
No one from Cisco support has responded. My ISP says they haven't changed anything on their end.
It just doesn't make any sense that it is working one day, and not the next.
-
I have a FRITZ!Box.
https://en.avm.de/products/fritzbox/ -
Well I almost bought a new router/modem until I determined the cause was something I downloaded. And sure enough. I downloaded Agent video surveillance software that apparently acted as a VPN and provided remote viewing of my camera, even though I didn't explicitly allow it.
After disconnecting it, OpenDNS is back to doing it's thing and blocking stuff.
Please sign in to leave a comment.
Comments
28 comments