Can't get Netgear Live Parental Controls to work

Comments

25 comments

  • Avatar
    rotblitz

    Ensure that you don't use OpenDNS Home at the same time.  Especially, delete any network from https://dashboard.opendns.com/settings/, do not run an Updater, and do not manually configure OpenDNS resolver addresses.

    Your LPC dashboard is only at https://netgear.opendns.com/

    If you're still having problems after having corrected your configuration, copy & paste the complete plain text output of the following diagnostic command to here:

    nslookup -type=txt debug.opendns.com.

    (Depending on the outcome, I may ask for other command outputs too.)

  • Avatar
    clchase80

    I am having the same issue. I have also configure the IPv6 DNS server but I am still able to load anything.

    C:\Users\clcha>nslookup -type=txt debug.opendns.com
    Server: resolver1.ipv6-sandbox.opendns.com
    Address: 2620:0:ccc::2

    Non-authoritative answer:
    debug.opendns.com text =

    "server m53.dfw"
    debug.opendns.com text =

    "flags 20 0 0 3800000000000000000"
    debug.opendns.com text =

    "originid 0"
    debug.opendns.com text =

    "actype 0"
    debug.opendns.com text =

    "source [2602:100:blahblahblah]:54332"

  • Avatar
    clchase80

    I have also flushed the DNS cache

  • Avatar
    rotblitz

    No, you do not have the same issue, because you do not have Netgear Live Parental Controls enabled which are this forum section and thread about.

    These IPv6 resolver addresses do not come with content filtering.  If you need more help, open your own thread in another category.

  • Avatar
    clchase80

    Actually, I do have the Netgear Live Parental Controls enabled and set to Moderate. That is why I posted here because the title of this thread meets my problem. Please dont assume that I am stupid. I have checked my DNS settings, IPv4 DNS setting matched correctly with OpenDNS. I was still getting porn content. Thats when I realized that my 6rd Tunnel still had default DNS and so I looked up on the Open DNS site for IPv6 DNS support which the results said you do support and said that the DNS should be set to above settings. By the way, I will screenshot my Parental Control settings for you if you dont believe that it is turned on and set to Moderate.

  • Avatar
    rotblitz (Edited )

    The OpenDNS system even doesn't recognize that you have LPC enabled.

    Your instructions are here: https://kb.netgear.com/25687/

    I do not see anything related to configuring IPv4 or IPv6 DNS server addresses, so don't do it.  You also don't have to check your DNS settings.  This is all done by LPC.

    And again, the OpenDNS IPv6 sandbox addresses do not come with any content filtering.
    From https://www.opendns.com/about/innovations/ipv6/ :

    Note: IPv6 support in the OpenDNS Sandbox is limited to standard recursive DNS initially. Additional functionality, like Web content filtering, malware and botnet protection, phishing protection, and more will be available on different IPs when IPv6 support is added to the OpenDNS Dashboard. We have no plan to ever shut down or change the default features for the sandbox IPs.

    So, how could you assume to get content filtering with this?

    My suggestion is to start over with LPC.  Not sure if IPv6 works at all with LPC, but rather not.  You had to ask Netgear.  It's their router, not OpenDNS'.  You may have to disable IPv6 connectivity altogether.

  • Avatar
    clchase80 (Edited )

    Honestly, I didnt read the whole article. I only ready what i wanted to see which was, yes we support IPv6, and then i went straight for the IP. I also didnt know what recursive meant when it comes to DNS. Heres that link:

    https://support.opendns.com/hc/en-us/articles/227986667-Does-OpenDNS-support-IPv6-


    I understand that LPC should auto configure the DNS, which it did. A manual check of this can be done by logging into the router GUI and going to internet settings. DNS setting should be automatically changed from Get Auto From ISP, to manually entered and then the OpenDNS DNS IPv4 addresses are prefilled in. I was able to verify this was done automatically.

    I have found my problem to be that I have IPv6 configured through a 6rd tunnel on my router and many devices today are designed to prefer IPv6 over IPv4 so my DNS was routing through IPv6. I refuse to turn IPv6 off because I have multiple game consoles in my home and NAT is an issue which IPv6 fixes well (which is why multiple PS4s on a router will have NAT issues, they dont support IPv6, a reason I refuse to buy them) I will just have to not use OpenDNS. Thank you for your help.

  • Avatar
    rotblitz

    It may well be that you can use Netgear LPC nevertheless, with IPv6 to prevent from NAT.  As I have pointed out already, you may refer to Netgear Support to ask them whether or not LPC supports also IPv6.  But before you do, simply try this:

    Instead of configuring 2620:0:ccc::2 and 2620:0:ccd::2, configure from the following address list at the same location:
    ::ffff:d043:dede   ::ffff:d043:dcdc   ::ffff:d043:dedc   ::ffff:d043:dcde

    This solution helps in most cases with OpenDNS Home, so it may be able to help also with Netgear LPC.  The command output will verify the success.

    nslookup -type=txt debug.opendns.com.

    Good luck!

  • Avatar
    clchase80

    I did try those 2 addresses already bit the router says that they need to be link local addresses. I will contact Netgear to see if they can help. The crappy thing is that the support site for the LPC links to OpenDNS.

  • Avatar
    rotblitz

    "I did try those 2 addresses already bit the router says that they need to be link local addresses."

    What a crap!  Also 2620:0:ccc::2 and 2620:0:ccd::2 are not link-local addresses, and you could still enter them, right?

    "The crappy thing is that the support site for the LPC links to OpenDNS."

    That is correct for LPC.  But your problem is not of an LPC nature, but router/firmware or Genie related.  You can visit Netgear's Support site and Netgear's Community site, the latter a forum similar to this here.

  • Avatar
    clchase80

    That was my thought exactly. Yes those 2 global addresses did work. Im thinking that the router doesnt like that the IP starts with 0....so it doesnt fit any definition. Maybe I should try FE80::FFFF:d043:dede lol just kidding

  • Avatar
    epidemic890

    Hello. I also can't get the Parental Controls to work. I have Netgear Genie installed and followed the instructions to set up Parental Controls. I have set the LPC to moderate by default and that is reflected both in the Genie program and when I login to my LPC dashboard. I tested a couple of well known porn sites and everything is still getting through, unfortunately.

    As per your instructions above, I checked that I don't have any networks in OpenDNS Home. I ran the nslookup command you specified above with the following output. I appreciate any advice you can provide. Thank you for your time.

    C:\Windows\system32>nslookup -type=txt debug.opendns.com
    1.1.168.192.in-addr.arpa
            primary name server = localhost
            responsible mail addr = nobody.invalid
            serial  = 1
            refresh = 600 (10 mins)
            retry   = 1200 (20 mins)
            expire  = 604800 (7 days)
            default TTL = 10800 (3 hours)
    Server:  UnKnown
    Address:  192.168.1.1

    Non-authoritative answer:
    debug.opendns.com       text =

            "server m25.yvr"
    debug.opendns.com       text =

            "device 0000B477208DF949"
    debug.opendns.com       text =

            "flags 422 0 70 7950800000000000000"
    debug.opendns.com       text =

            "originid 0"
    debug.opendns.com       text =

            "actype 0"
    debug.opendns.com       text =

            "source 24.79.157.185:37664"




  • Avatar
    rotblitz

    The output looks perfect for LPC.  Post the following command outputs too:

    nslookup whoami.akamai.net.
    nslookup www.exampleadultsite.com.

     

  • Avatar
    clchase80 (Edited )

    Try entering the following command into the prompt.
    Ipconfig /flushdns
    Then clear all  browser history/cache

    It is possible that DNS has already resolved for those site IPs and has them stored in the dnscache and then you may also be loading cached webite data from within the browser. The 2 previous steps will take care of this.

  • Avatar
    epidemic890

    Thank you for replying so quickly. I've cleared my browser history. And here are the results of the DNS flush and the two nslookup commands you suggested above:

    C:\Windows\system32>ipconfig /flushdns

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    C:\Windows\system32>nslookup whoami.akamai.net.
    1.1.168.192.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial = 1
    refresh = 600 (10 mins)
    retry = 1200 (20 mins)
    expire = 604800 (7 days)
    default TTL = 10800 (3 hours)
    Server: UnKnown
    Address: 192.168.1.1

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 67.215.85.66


    C:\Windows\system32>nslookup www.exampleadultsite.com.
    1.1.168.192.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial = 1
    refresh = 600 (10 mins)
    retry = 1200 (20 mins)
    expire = 604800 (7 days)
    default TTL = 10800 (3 hours)
    Server: UnKnown
    Address: 192.168.1.1

    Non-authoritative answer:
    Name: www.exampleadultsite.com
    Address: 67.215.92.210

     

  • Avatar
    rotblitz (Edited )

    Your problem has nothing to do with caching or such.  OpenDNS returns the real IP address of www.exampleadultsite.com.  In case of "moderate" it should return another IP address (hit-adult.opendns.com).  Your account must be checked.  Therefore raise a ticket with OpenDNS, "Submit a request" above.

    You may later come back with the solution, so that it can help other users.

    Edit:
    One thing you still can check.  OpenDNS/LPC says that your device ID (MAC address) is B4:77:20:8D:F9:49.  In case this is not correct, then you may have the wrong router/device registered with your account.

  • Avatar
    epidemic890

    Thank you, rotblitz. I will check that MAC address when I get home. I do have two routers: the cable modem/router from the cable company as well as the NetGear R8500 that I just bought. I followed the NetGear installation instructions and have all devices plugged in to the NetGear router; the only thing plugged in to the cable modem is the NetGear router, and the NetGear router is in "router" mode, not "access point" mode.

  • Avatar
    clchase80

    Does your ISPs device have routing capabilities? If so, you will want to log into it and put it into Bridge Mode.

  • Avatar
    epidemic890

    Hello again. I think you are on to something, rotblitz. The MAC address of my NetGear R8500 router is A0:04:60:81:2D:8C, not B4:77:20:8D:F9:49 as indicated above. So, as you say, apparently I have the wrong device registered with my account. Do you know how to fix this problem? If it helps, the IP address on my network of my NetGear router is 192.168.1.1 and my ISP's cable modem's IP address on my network is 192.168.0.1. I checked the network map via NetGear Genie and there is no device with the B4:77:20:8D:F9:49 MAC address. I checked the cable modem/router from my ISP and it has a tag on it showing that it has two MAC addresses (RF and WAN) and neither is anything close to B4:77:20:8D:F9:49.

    Thanks for your reply, also, chchase80. The cable modem from my ISP does indeed have routing capabilities. Unfortunately, I'm not able to log into it as admin to change it to Bridge Mode. If that becomes necessary, I will call my ISP and endure the queue to try to find out the admin password (if they'll give it to me).

  • Avatar
    clchase80

    What is the manufacturer of your ISPs unit?

  • Avatar
    epidemic890

    SMC Networks

  • Avatar
    clchase80 (Edited )

    Best way is to hardwire to the SMC, try one of the following IPs in a browser address bar.
    192.168.2.1
    192.168.0.1
    192.168.1.1(netgear unplugged because it has the same IP)
    One of these should open a user interface. Try leaving the username blank, pw= password
    Or user= admin, pw= password, user= admin pw= admin
    SMCs have several that they use. Im thinking the 2.1 should work with blank and password though.

    Having 2 routers can cause IP conficts because there is 2 DHCP servers. By putting the SMC in bridge mode, you are disabling the router function and turning it into a modem. This will not fix the DNS issue though.

  • Avatar
    clchase80

    By the way, the OUI B4:77:20 does not match with any known vender. That is a ghost MAC meaning that it doesnt belong to any device.

  • Avatar
    rotblitz (Edited )

    @epidemic890

    The MAC address I listed came from your output of "device 0000B477208DF949".  This is what OpenDNS sees from your LPC DNS lookup.  Is this the same device ID being listed at https://netgear.opendns.com/ ?  Most likely not, because this would need to be registered with LPC at OpenDNS for your settings like "moderate" taking effect.

    "apparently I have the wrong device registered with my account. Do you know how to fix this problem?"

    As I said above, raise a ticket with OpenDNS, "Submit a request" above.  Staff must check and correct your account.  See at https://support.opendns.com/hc/en-us/articles/227987587 what information they expect to see from you.  Explain also the SMC device, or provide a link to this thread here.  They also will know if this device needs to be switched to bridged mode to work with LPC.

  • Avatar
    epidemic890

    Thank you. I will log a ticket.

Please sign in to leave a comment.