Can't get Netgear Live Parental Controls to work
I have set up Netgear Live parental controls. I can't get it to work, even though it is on high. Everything is still coming through.
-
Ensure that you don't use OpenDNS Home at the same time. Especially, delete any network from https://dashboard.opendns.com/settings/, do not run an Updater, and do not manually configure OpenDNS resolver addresses.
Your LPC dashboard is only at https://netgear.opendns.com/
If you're still having problems after having corrected your configuration, copy & paste the complete plain text output of the following diagnostic command to here:
nslookup -type=txt debug.opendns.com.
(Depending on the outcome, I may ask for other command outputs too.)
-
I am having the same issue. I have also configure the IPv6 DNS server but I am still able to load anything.
C:\Users\clcha>nslookup -type=txt debug.opendns.com
Server: resolver1.ipv6-sandbox.opendns.com
Address: 2620:0:ccc::2Non-authoritative answer:
debug.opendns.com text ="server m53.dfw"
debug.opendns.com text ="flags 20 0 0 3800000000000000000"
debug.opendns.com text ="originid 0"
debug.opendns.com text ="actype 0"
debug.opendns.com text ="source [2602:100:blahblahblah]:54332"
-
Actually, I do have the Netgear Live Parental Controls enabled and set to Moderate. That is why I posted here because the title of this thread meets my problem. Please dont assume that I am stupid. I have checked my DNS settings, IPv4 DNS setting matched correctly with OpenDNS. I was still getting porn content. Thats when I realized that my 6rd Tunnel still had default DNS and so I looked up on the Open DNS site for IPv6 DNS support which the results said you do support and said that the DNS should be set to above settings. By the way, I will screenshot my Parental Control settings for you if you dont believe that it is turned on and set to Moderate.
-
The OpenDNS system even doesn't recognize that you have LPC enabled.
Your instructions are here: https://kb.netgear.com/25687/
I do not see anything related to configuring IPv4 or IPv6 DNS server addresses, so don't do it. You also don't have to check your DNS settings. This is all done by LPC.
And again, the OpenDNS IPv6 sandbox addresses do not come with any content filtering.
From https://www.opendns.com/about/innovations/ipv6/ :Note: IPv6 support in the OpenDNS Sandbox is limited to standard recursive DNS initially. Additional functionality, like Web content filtering, malware and botnet protection, phishing protection, and more will be available on different IPs when IPv6 support is added to the OpenDNS Dashboard. We have no plan to ever shut down or change the default features for the sandbox IPs.
So, how could you assume to get content filtering with this?
My suggestion is to start over with LPC. Not sure if IPv6 works at all with LPC, but rather not. You had to ask Netgear. It's their router, not OpenDNS'. You may have to disable IPv6 connectivity altogether.
-
Honestly, I didnt read the whole article. I only ready what i wanted to see which was, yes we support IPv6, and then i went straight for the IP. I also didnt know what recursive meant when it comes to DNS. Heres that link:
https://support.opendns.com/hc/en-us/articles/227986667-Does-OpenDNS-support-IPv6-
I understand that LPC should auto configure the DNS, which it did. A manual check of this can be done by logging into the router GUI and going to internet settings. DNS setting should be automatically changed from Get Auto From ISP, to manually entered and then the OpenDNS DNS IPv4 addresses are prefilled in. I was able to verify this was done automatically.I have found my problem to be that I have IPv6 configured through a 6rd tunnel on my router and many devices today are designed to prefer IPv6 over IPv4 so my DNS was routing through IPv6. I refuse to turn IPv6 off because I have multiple game consoles in my home and NAT is an issue which IPv6 fixes well (which is why multiple PS4s on a router will have NAT issues, they dont support IPv6, a reason I refuse to buy them) I will just have to not use OpenDNS. Thank you for your help.
-
It may well be that you can use Netgear LPC nevertheless, with IPv6 to prevent from NAT. As I have pointed out already, you may refer to Netgear Support to ask them whether or not LPC supports also IPv6. But before you do, simply try this:
Instead of configuring 2620:0:ccc::2 and 2620:0:ccd::2, configure from the following address list at the same location:
::ffff:d043:dede ::ffff:d043:dcdc ::ffff:d043:dedc ::ffff:d043:dcdeThis solution helps in most cases with OpenDNS Home, so it may be able to help also with Netgear LPC. The command output will verify the success.
nslookup -type=txt debug.opendns.com.
Good luck!
-
"I did try those 2 addresses already bit the router says that they need to be link local addresses."
What a crap! Also 2620:0:ccc::2 and 2620:0:ccd::2 are not link-local addresses, and you could still enter them, right?
"The crappy thing is that the support site for the LPC links to OpenDNS."
That is correct for LPC. But your problem is not of an LPC nature, but router/firmware or Genie related. You can visit Netgear's Support site and Netgear's Community site, the latter a forum similar to this here.
-
Hello. I also can't get the Parental Controls to work. I have Netgear Genie installed and followed the instructions to set up Parental Controls. I have set the LPC to moderate by default and that is reflected both in the Genie program and when I login to my LPC dashboard. I tested a couple of well known porn sites and everything is still getting through, unfortunately.
As per your instructions above, I checked that I don't have any networks in OpenDNS Home. I ran the nslookup command you specified above with the following output. I appreciate any advice you can provide. Thank you for your time.
C:\Windows\system32>nslookup -type=txt debug.opendns.com
1.1.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
debug.opendns.com text =
"server m25.yvr"
debug.opendns.com text =
"device 0000B477208DF949"
debug.opendns.com text =
"flags 422 0 70 7950800000000000000"
debug.opendns.com text =
"originid 0"
debug.opendns.com text =
"actype 0"
debug.opendns.com text =
"source 24.79.157.185:37664" -
Try entering the following command into the prompt.
Ipconfig /flushdns
Then clear all browser history/cacheIt is possible that DNS has already resolved for those site IPs and has them stored in the dnscache and then you may also be loading cached webite data from within the browser. The 2 previous steps will take care of this.
-
Thank you for replying so quickly. I've cleared my browser history. And here are the results of the DNS flush and the two nslookup commands you suggested above:
C:\Windows\system32>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Windows\system32>nslookup whoami.akamai.net.
1.1.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.1.1Non-authoritative answer:
Name: whoami.akamai.net
Address: 67.215.85.66
C:\Windows\system32>nslookup www.exampleadultsite.com.
1.1.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.1.1Non-authoritative answer:
Name: www.exampleadultsite.com
Address: 67.215.92.210 -
Your problem has nothing to do with caching or such. OpenDNS returns the real IP address of www.exampleadultsite.com. In case of "moderate" it should return another IP address (hit-adult.opendns.com). Your account must be checked. Therefore raise a ticket with OpenDNS, "Submit a request" above.
You may later come back with the solution, so that it can help other users.
Edit:
One thing you still can check. OpenDNS/LPC says that your device ID (MAC address) is B4:77:20:8D:F9:49. In case this is not correct, then you may have the wrong router/device registered with your account. -
Thank you, rotblitz. I will check that MAC address when I get home. I do have two routers: the cable modem/router from the cable company as well as the NetGear R8500 that I just bought. I followed the NetGear installation instructions and have all devices plugged in to the NetGear router; the only thing plugged in to the cable modem is the NetGear router, and the NetGear router is in "router" mode, not "access point" mode.
-
Hello again. I think you are on to something, rotblitz. The MAC address of my NetGear R8500 router is A0:04:60:81:2D:8C, not B4:77:20:8D:F9:49 as indicated above. So, as you say, apparently I have the wrong device registered with my account. Do you know how to fix this problem? If it helps, the IP address on my network of my NetGear router is 192.168.1.1 and my ISP's cable modem's IP address on my network is 192.168.0.1. I checked the network map via NetGear Genie and there is no device with the B4:77:20:8D:F9:49 MAC address. I checked the cable modem/router from my ISP and it has a tag on it showing that it has two MAC addresses (RF and WAN) and neither is anything close to B4:77:20:8D:F9:49.
Thanks for your reply, also, chchase80. The cable modem from my ISP does indeed have routing capabilities. Unfortunately, I'm not able to log into it as admin to change it to Bridge Mode. If that becomes necessary, I will call my ISP and endure the queue to try to find out the admin password (if they'll give it to me).
-
Best way is to hardwire to the SMC, try one of the following IPs in a browser address bar.
192.168.2.1
192.168.0.1
192.168.1.1(netgear unplugged because it has the same IP)
One of these should open a user interface. Try leaving the username blank, pw= password
Or user= admin, pw= password, user= admin pw= admin
SMCs have several that they use. Im thinking the 2.1 should work with blank and password though.Having 2 routers can cause IP conficts because there is 2 DHCP servers. By putting the SMC in bridge mode, you are disabling the router function and turning it into a modem. This will not fix the DNS issue though.
-
The MAC address I listed came from your output of "device 0000B477208DF949". This is what OpenDNS sees from your LPC DNS lookup. Is this the same device ID being listed at https://netgear.opendns.com/ ? Most likely not, because this would need to be registered with LPC at OpenDNS for your settings like "moderate" taking effect.
"apparently I have the wrong device registered with my account. Do you know how to fix this problem?"
As I said above, raise a ticket with OpenDNS, "Submit a request" above. Staff must check and correct your account. See at https://support.opendns.com/hc/en-us/articles/227987587 what information they expect to see from you. Explain also the SMC device, or provide a link to this thread here. They also will know if this device needs to be switched to bridged mode to work with LPC.
-
Just an update.... I logged a ticket with OpenDNS and they checked that the correct MAC address is associated with my account. They suggested that there must be an issue with the NetGear Genie or the router firmware. So, I logged a ticket with NetGear and they think the same thing. They've advised me to factory reset the router and try again. If the problem persists they suggest that I should downgrade the firmware, factory reset and try to set up LPC a third time. Sigh...it sucks when stuff doesn't work. I'm spending way too much time on this. I thought buying the expensive router would save me from this hassle.
-
Why not simply using OpenDNS Home instead of LPC?
https://support.opendns.com/hc/en-us/articles/228007787
Unlike LPC, this comes even with stats and logs.
Please sign in to leave a comment.
Comments
32 comments