Porn not being blocked

Comments

28 comments

  • Avatar
    hung2b

    blocking porn is like the War on Drugs: neither will be successful until the desire is stopped

    > mixing different DNS services produces inconsistent random results

    No.  This comes down to the client machine using sequential or parallel resolving.  Know your boxes.

     

    1
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Are you using OpenDNS at all?  Check at http://welcome.opendns.com/

    Also, copy & paste the complete plain text output of the following diagnostic commands to here:

    nslookup -type=txt debug.opendns.com. 208.67.220.220
    nslookup -type=txt which.opendns.com.
    nslookup www.exampleadultsite.com.
    nslookup whoami.akamai.net.
    netsh interface ipv4 show config (Windows only)
    ifconfig -a -v (Mac-OSX and Linux only)

    When I look at these outputs, I may be able to see what your problem is...

    0
    Comment actions Permalink
  • Avatar
    craigflynn1

    Yes im looking at my dashboard and get a big green tick when accessing the welcome page. 

    nslookup -type=txt debug.opendns.com. 208.67.220.220
    Server: 208.67.220.220
    Address: 208.67.220.220#53

    Non-authoritative answer:
    debug.opendns.com text = "server m45.lon"
    debug.opendns.com text = "flags 20 0 70 7950800000000000000"
    debug.opendns.com text = "originid 0"
    debug.opendns.com text = "actype 0"
    debug.opendns.com text = "source xx.xx.xxx.xx:49783" (My external IP)

     

    nslookup -type=txt which.opendns.com

    Server: 192.168.1.254
    Address: 192.168.1.254#53

    Non-authoritative answer:
    which.opendns.com text = "m25.lon"

    Authoritative answers can be found from:

     

    nslookup pornhub.com
    Server: 192.168.1.254
    Address: 192.168.1.254#53

    Non-authoritative answer:
    Name: pornhub.com
    Address: 31.192.120.36

     

    nslookup xhamster.com
    Server: 192.168.1.254
    Address: 192.168.1.254#53

    Non-authoritative answer:
    Name: xhamster.com
    Address: 88.208.18.30
    Name: xhamster.com
    Address: 88.208.29.24

     

    nslookup whoami.akamai.net
    Server: 192.168.1.254
    Address: 192.168.1.254#53

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 208.69.34.69

     

    ifconfig -a -v
    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 index 1
    eflags=11000000<ECN_ENABLE,SENDLIST>
    options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    nd6 options=201<PERFORMNUD,DAD>
    link quality: 100 (good)
    state availability: 0 (true)
    timestamp: disabled
    qosmarking enabled: no mode: none
    gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 index 2
    eflags=1000000<ECN_ENABLE>
    state availability: 0 (true)
    qosmarking enabled: no mode: none
    stf0: flags=0<> mtu 1280 index 3
    eflags=1000000<ECN_ENABLE>
    state availability: 0 (true)
    qosmarking enabled: no mode: none
    XHC20: flags=0<> mtu 0 index 4
    eflags=41000000<ECN_ENABLE,FASTLN_ON>
    state availability: 0 (true)
    qosmarking enabled: yes mode: none
    en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 index 5
    eflags=41000080<TXSTART,ECN_ENABLE,FASTLN_ON>
    options=60<TSO4,TSO6>
    ether 4a:00:07:7c:38:10
    media: autoselect <full-duplex>
    status: inactive
    type: Ethernet
    state availability: 0 (true)
    scheduler: FQ_CODEL
    qosmarking enabled: yes mode: none
    en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 index 6
    eflags=41000080<TXSTART,ECN_ENABLE,FASTLN_ON>
    options=60<TSO4,TSO6>
    ether 4a:00:07:7c:38:11
    media: autoselect <full-duplex>
    status: inactive
    type: Ethernet
    state availability: 0 (true)
    scheduler: FQ_CODEL
    qosmarking enabled: yes mode: none
    en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 index 7
    eflags=412008c0<ACCEPT_RTADV,TXSTART,ARPLL,NOACKPRI,ECN_ENABLE,FASTLN_ON>
    ether c4:b3:01:cd:f3:c7
    inet6 fe80::8ec:e370:71d5:f4e1%en0 prefixlen 64 secured scopeid 0x7
    inet 192.168.1.217 netmask 0xffffff00 broadcast 192.168.1.255
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
    type: Wi-Fi
    link quality: 100 (good)
    state availability: 0 (true)
    scheduler: FQ_CODEL (driver managed)
    uplink rate: 23.16 Mbps [eff] / 53.95 Mbps
    downlink rate: 23.16 Mbps [eff] / 53.95 Mbps [max]
    qosmarking enabled: yes mode: none
    p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304 index 8
    eflags=41000080<TXSTART,ECN_ENABLE,FASTLN_ON>
    ether 06:b3:01:cd:f3:c7
    media: autoselect
    status: inactive
    type: Wi-Fi
    state availability: 0 (true)
    scheduler: FQ_CODEL (driver managed)
    link rate: 10.00 Mbps
    qosmarking enabled: yes mode: none
    awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484 index 9
    eflags=413e0080<TXSTART,LOCALNET_PRIVATE,ND6ALT,RESTRICTED_RECV,AWDL,NOACKPRI,ECN_ENABLE,FASTLN_ON>
    ether 2e:e4:30:52:7d:f1
    inet6 fe80::2ce4:30ff:fe52:7df1%awdl0 prefixlen 64 scopeid 0x9
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
    type: Wi-Fi
    state availability: 0 (true)
    scheduler: FQ_CODEL (driver managed)
    link rate: 10.00 Mbps
    qosmarking enabled: yes mode: none
    bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 index 10
    eflags=41000000<ECN_ENABLE,FASTLN_ON>
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether 4a:00:07:7c:38:10
    Configuration:
    id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
    maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
    root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
    ipfilter disabled flags 0x2
    member: en1 flags=3<LEARNING,DISCOVER>
    ifmaxaddr 0 port 5 priority 0 path cost 0
    hostfilter 0 hw: 0:0:0:0:0:0 ip: 0.0.0.0
    member: en2 flags=3<LEARNING,DISCOVER>
    ifmaxaddr 0 port 6 priority 0 path cost 0
    hostfilter 0 hw: 0:0:0:0:0:0 ip: 0.0.0.0
    nd6 options=201<PERFORMNUD,DAD>
    media: <unknown type>
    status: inactive
    state availability: 0 (true)
    qosmarking enabled: yes mode: none
    utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000 index 11
    eflags=5002080<TXSTART,NOAUTOIPV6LL,ECN_ENABLE,CHANNEL_DRV>
    options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
    inet6 fe80::17dc:5053:d970:3661%utun0 prefixlen 64 scopeid 0xb
    netif: 9090B4B1-96F8-4975-B637-A9B5A6459455
    multistack: 9FD74D63-3B6A-42D0-85AE-49E246F0108D
    nd6 options=201<PERFORMNUD,DAD>
    agent domain:ids501 type:clientchannel flags:0xc3 desc:"IDSNexusAgent ids501 : clientchannel"
    state availability: 0 (true)
    scheduler: FQ_CODEL
    qosmarking enabled: no mode: none
    utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 index 12
    eflags=5002080<TXSTART,NOAUTOIPV6LL,ECN_ENABLE,CHANNEL_DRV>
    options=6403<RXCSUM,TXCSUM,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
    inet6 fe80::bd09:e340:497d:d89b%utun1 prefixlen 64 scopeid 0xc
    netif: 3237118D-0A7C-491E-BEDE-324349219B95
    multistack: AD607DF3-2C37-4948-9FFF-396597686824
    nd6 options=201<PERFORMNUD,DAD>
    state availability: 0 (true)
    scheduler: FQ_CODEL
    qosmarking enabled: no mode: none

     

    Double checked dashboard settings for my added network and even added pornhub and hamster to the blocked list manually, the dashboard relayed a message saying i was adding sites already covered by my chosen settings  but added them as a new rule anyway, still accessible. 

    I only changed this three days ago as I had previously set my main DNS to openDNS and my secondary to a Symantec IP which blocked all the sites I don't want my child seeing but the Symantec one kept going down.

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    "Double checked dashboard settings for my added network"

    No, you didn't.  You have overseen that you didn't register your IP address xx.xx.xxx.xx with your network at https://dashboard.opendns.com/settings/ and maybe that you don't run an updater to keep it current.  Therefore OpenDNS has no way to associate your DNS lookups with your dashboard settings, and your settings cannot take effect.

    "the dashboard relayed a message saying i was adding sites already covered by my chosen settings"

    Yes, you can safely remove these entries.  They just eat up your 25 slots.

    Btw, there's a much easier way to block porn even without the dashboard.  You configure the FamilyShield addresses 208.67.222.123 and 208.67.220.123 instead of the normal ones.

    0
    Comment actions Permalink
  • Avatar
    craigflynn1 (Edited )

    I XX'd out my external IP address.

    But I now see my current external IP address is not the same as the one configured, I can only guess we had a power cut and I was allocated a  new IP address when the router reconnected. 

    Sites are now blocked after running the DNSupdater. A lot of sites are not showing the openDNS block page though they are showing as connection is not private ? You cannot access them so all is ok, why would it be showing that and not the blocked page out of interest ?

    I may use the family shield IP's but I like the dashboard, it gives me an easy way to see what my son is up to. Would one of each work for me ? Perhaps configure openDNS as primary and family shield as secondary ? This would be similar to how I had it set up before with one OpenDNS and one Symantec.

     

    Thank you for your help

    0
    Comment actions Permalink
  • Avatar
    wintronics_99

    Did you perform an ipconfig/flushdns on each machine? Also do an ipconfig/release, ipconfig/renew on your machines. That should pull the new dns info from your router to the pc.

    0
    Comment actions Permalink
  • Avatar
    wintronics_99

    Also, per your last post, I saw that too, if you proceed anyway, you will get the open dns msg.

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    @craigflynn1

    "I may use the family shield IP's but I like the dashboard"

    Why "but"?  You can use the dashboard with the FamilyShield addresses.  Did someone say you can't?  It's just that the FamilyShield addresses block adult content generally, no matter if you use the dashboard for additional things or not.  However, you cannot whitelist domains at the dashboard which are being blocked by FamilyShield.

    "Perhaps configure openDNS as primary and family shield as secondary ?"

    I thought you have leaned that mixing different DNS services produces inconsistent random results?  ("I had previously set my main DNS to openDNS and my secondary to a Symantec")  And now you will fall back to this bad scenario?  Better not!  If you want consistent results, you must not mix DNS services, even if supplied by the same provider.  Primary and secondary do not work as you expect them to work, but work randomly, just as the programmers on the computer or router thought it should work.

    "A lot of sites are not showing the openDNS block page though they are showing as connection is not private ?"

    Yes, sure.  Very well documented: https://support.opendns.com/hc/en-us/articles/227988787 
    This happens if a domain is blocked, and you want to access it with HTTPS.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I know my boxes, and they use the resolver addresses in random order.

    0
    Comment actions Permalink
  • Avatar
    will200

    I had the same problem. Using the default OpenDNS server address, I had been able to block porn and stuff for over a year, then it stopped working.   I used the Family Shield addresses and "poof" all is good.  I wonder why the other address stopped doing it's job? 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Don’t wonder, but read it above. Your current IP address is not registered at your dashboard.

    0
    Comment actions Permalink
  • Avatar
    will200

    For those of us who don't work with this day in and day out, what are the steps to register the IP that has now become unregistered?  And OpenDNS updater is running. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Or simply click the green arrow icon at https://dashboard.opendns.com/settings/ if it appears.  And investigate why your Updater doesn’t do it’s job.

    0
    Comment actions Permalink
  • Avatar
    will200 (Edited )

    Still doesn't block porn even with the settings to do so.

    1) deleted old account and created a new one

    2) selected my IP address

    3) selected lable as "mine"

    4) selected dynamic IP

    5) ran CMD in admin mode: ipconfig /flushdns

    6) Verified IPV4 DNS server settings showed up in Ethernet properties. 

    7) Selected porn filtering from shown categories on my Dashboard

    8) went to https://support.opendns.com/hc/en-us/articles/227986567-How-to-Test-for-Successful-OpenDNS-Configuration- to verify configuration.  The first two confirmed, but the third one did not. 

    9) Went to the most popular porn sites and non were blocked. 

    10) OpenDNS updated doesn't show my IP address and says "looks like there is no internet connectivity"

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    You did in fact nothing. You are still where you were.

    Copy & paste the complete plain text output of the following diagnostic commands to here:

    nslookup -type=txt debug.opendns.com.
    nslookup www.exampleadultsite.com.
    nslookup whoami.akamai.net.

    0
    Comment actions Permalink
  • Avatar
    will200 (Edited )

    I just itemized the steps on how I redid everything.  I have more important things to do than to waste your time or mine.  It's more likely than not, what I did did not change anything.

    C:\WINDOWS\system32>nslookup -type=txt debug.opendns.com.
    Server: cdns01.comcast.net
    Address: 2001:558:feed::1

    opendns.com
    primary name server = auth1.opendns.com
    responsible mail addr = noc.opendns.com
    serial = 1611426324
    refresh = 16384 (4 hours 33 mins 4 secs)
    retry = 2048 (34 mins 8 secs)
    expire = 1048576 (12 days 3 hours 16 mins 16 secs)
    default TTL = 2560 (42 mins 40 secs)

    C:\WINDOWS\system32>nslookup www.exampleadultsite.com.
    Server: cdns01.comcast.net
    Address: 2001:558:feed::1

    Non-authoritative answer:
    Name: www.exampleadultsite.com
    Address: 146.112.255.155


    C:\WINDOWS\system32>nslookup whoami.akamai.net.
    Server: cdns01.comcast.net
    Address: 2001:558:feed::1

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 69.252.244.129

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Redoing everything was good for nothing. You still do not use OpenDNS, but

    Server: cdns01.comcast.net
    Address: 2001:558:feed::1

    Configure your IPv6 settings with DNS server addresses from the following list:
    ::ffff:d043:dedc ::ffff:d043:dcde ::ffff:d043:dede ::ffff:d043:dcdc

    0
    Comment actions Permalink
  • Avatar
    will200

    Clearly it was good for nothing, since nothing was achieved. 

    And how exactly do I add this to an Arris SBG6700? I don't see any place to insert these for IPv6, like there was for the IPv4. This is all that I see:

    https://ibb.co/DkpjWn4

    Honestly I don't remember having this much trouble when I first did this a year ago. It just worked. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Guess what, I have a different router and cannot help. An alternative would be to disable IPv6 connectivity. And yes, Comcast may have added IPv6 support just recently for you.

    0
    Comment actions Permalink
  • Avatar
    will200 (Edited )

    So I went back and added the address for the Family shield and porn is blocked and the OpenDNS updater shows both my IP address and an internet connection.

    Changed it back to the Home OpenDNS server and nothing is blocked porn or otherwise. The updater doesn't show my IP address and  says there is no internet connection 

    Can't edit the IPv6 in my router.  Makes no since to edit it on my PC when everyone has  a device connected to the WiFi. 

    No one from Cisco support has responded.  My ISP says they haven't changed anything on their end. 

    It just doesn't make any sense that it  is working one day, and not the next.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    It seems your router is not optimal for what you will be doing. It works flawlessly with my router.

    0
    Comment actions Permalink
  • Avatar
    will200

    What's your router? I don't have time for this.  I'll just go to Best Buy

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I have a FRITZ!Box.
    https://en.avm.de/products/fritzbox/

    0
    Comment actions Permalink
  • Avatar
    will200

    Well I almost bought a new router/modem until I determined the cause was something I downloaded.  And sure enough. I downloaded Agent video surveillance software that apparently acted as a VPN and provided remote viewing of my camera, even though I didn't explicitly allow it. 

    After disconnecting it, OpenDNS is back to doing it's thing and blocking stuff. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Yes, VPNs normally prevent OpenDNS from working. No matter what, you still must configure or disable IPv6.

    0
    Comment actions Permalink
  • Avatar
    will200

    No matter what, you still must configure or disable IPv6.

    Why? It's blocking all sites across all devices. What will disabling IPv6 achieve any further? 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Does it block as expected? Great!

    0
    Comment actions Permalink

Please sign in to leave a comment.