Open DNS sometimes not working at all, and even when it is, some sites still get through

Comments

14 comments

  • Avatar
    rotblitz

    When the problem reoccurs, copy & paste the complete plain text output of the following diagnostic commands to here:

    nslookup -type=txt debug.opendns.com. 208.67.220.220
    nslookup -type=txt which.opendns.com.
    nslookup whoami.akamai.net.
    nslookup domain that I know should be blocked.
    netsh interface ipv4 show config

     

    0
    Comment actions Permalink
  • Avatar
    lotsofjoy

    are these Terminal commands? 

    0
    Comment actions Permalink
  • Avatar
    lotsofjoy

    It was actually working last night. Blocking everything I think it should be blocking. But this morning when I checked again, I get the "OOPS!" message on the test page. NOTHING has changed that I know of.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Yes, these are terminal commands, the last one for Windows only.  The Mac OSX or Linux is: ifconfig -a

    0
    Comment actions Permalink
  • Avatar
    lotsofjoy

    Today it's not showing OpenDNS as active, though it was active last night and I haven't changed anything... 

    will the terminal commands show helpful info if it isn't working at all? 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Yes.

    0
    Comment actions Permalink
  • Avatar
    lotsofjoy

    Ok then :)

    Here it is:

    Renee-2016:~ reneeb$ nslookup -type=txt debug.opendns.com. 208.67.220.220

    Server: 208.67.220.220

    Address: 208.67.220.220#53

     

    Non-authoritative answer:

    debug.opendns.com text = "server m37.sea"

    debug.opendns.com text = "flags 20 0 50 39504007C0000080040"

    debug.opendns.com text = "originid 111082678"

    debug.opendns.com text = "actype 2"

    debug.opendns.com text = "bundle 10506650"

    debug.opendns.com text = "source 73.37.91.45:33644"

     

    Authoritative answers can be found from:

     

    Renee-2016:~ reneeb$ nslookup -type=txt which.opendns.com.

    Server: 2601:1c1:8b01:898b:9272:40ff:fe09:5f41

    Address: 2601:1c1:8b01:898b:9272:40ff:fe09:5f41#53

     

    Non-authoritative answer:

    which.opendns.com text = "I am not an OpenDNS resolver."

     

    Authoritative answers can be found from:

     

    Renee-2016:~ reneeb$ nslookup whoami.akamai.net.

    Server: 2601:1c1:8b01:898b:9272:40ff:fe09:5f41

    Address: 2601:1c1:8b01:898b:9272:40ff:fe09:5f41#53

     

    Non-authoritative answer:

    Name: whoami.akamai.net

    Address: 69.252.228.139

     

    Renee-2016:~ reneeb$ nslookup www.pornhub.com

    Server: 2601:1c1:8b01:898b:9272:40ff:fe09:5f41

    Address: 2601:1c1:8b01:898b:9272:40ff:fe09:5f41#53

     

    Non-authoritative answer:

    www.pornhub.com canonical name = pornhub.com.

    Name: pornhub.com

    Address: 31.192.120.36

     

    Renee-2016:~ reneeb$ netsh interface ipv4 show config

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    You're not using OpenDNS, but your IPS's DNSv6 service:

    Server: 2601:1c1:8b01:898b:9272:40ff:fe09:5f41
    Address: 2601:1c1:8b01:898b:9272:40ff:fe09:5f41#53

    Configure your IPv6 settings from the following list of addresses on the same device where you have configured also the OpenDNS IPv4 addresses:
    ::ffff:d043:dede   ::ffff:d043:dcdc   ::ffff:d043:dedc   ::ffff:d043:dcde

    I cannot tell you where this is, because you did not post the last command output:
    ifconfig -a
    But it could be on your Airport Extreme.

    0
    Comment actions Permalink
  • Avatar
    lotsofjoy

    Thank you!

    Sorry to be obtuse. But do I just put ifconfig -a  in terminal? or does it need something else with it? 

     

     

    0
    Comment actions Permalink
  • Avatar
    lotsofjoy

    Is this where the codes you posted go? 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Yes, the command is just: ifconfig -a    (in terminal, and then press Enter, of course)

    Also, I'm baffled.  I see that the DNSv6 server addresses on your router are grayed out.  Can they not be edited?  If they can, then two of the four addresses I listed have to be entered there.

    Further, I see the IPv6 DNS server on the router is e.g. 2001:558:feed::1, but from your former outputs I see 2601:1c1:8b01:898b:9272:40ff:fe09:5f41, so the latter must have been configured manually, most likely on your Mac.  Or it has been automatically obtained from another DHCP server in your network.

    No matter what, you must get your systems (router, computer, etc.) to use the OpenDNS DNSv6 resolver addresses I listed, be it by configuring the IPv6 settings on the router or on the computer.  Alternatively you had to disable IPv6 connectivity altogether.  Then you are not able to reach the IPv6 internet anymore.

    If you are not able to perform any of these measures, you cannot block and filter with OpenDNS what you want, because you would use OpenDNS at best randomly, as you have seen.

    0
    Comment actions Permalink
  • Avatar
    lotsofjoy

    Oddly, even though it's gray, I can edit them. So I've put in the first 2 addresses in those fields and restarted the router. would it still be helpful to have the info from  ifconfig -a ?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    If all your problems are solved, then I don't need to see the command output, else I need to see the output of all commands again.

    0
    Comment actions Permalink
  • Avatar
    lotsofjoy

    So far it's working. Hoping it will stay that way. 

     

    THANK YOU for your help!! 

    0
    Comment actions Permalink

Please sign in to leave a comment.