Netgear Live Parental Controls - OpenDNS Not working consistently

Comments

13 comments

  • Avatar
    rotblitz

    It seems you're trying to use both, OpenDNS Home and Live Parental Controls (LPC), and mixed up and used the configuration steps for both.  These services are incompatible.  You can use either the one or the other, else the results are inconsistent.  What service do you want to use?

  • Avatar
    hgpilot

    @rotblitz - maybe I'm confused about this - I thought OpenDNS was the tool Netgear uses to "power" LPC?  On the Netgear side - when you select the Parental Controls function it takes you to a screen where you login to OPENDNS (see screenshot).  If I run LPC do I need to run the OPENDNS Updater?

  • Avatar
    rotblitz

    It seems you want to use LPC.  Then you have to do the following:

  • Avatar
    hgpilot

    Thanks @rotblitz - I think I'm getting closer.  re: the 3rd point - how do I know if I've got a resolver address configured?  I've followed the other 3 suggestions.

  • Avatar
    rotblitz

    You may have followed https://support.opendns.com/hc/en-us/articles/228006447 or the instructions for your end user devices before.  You have to undo it, because these are for OpenDNS Home.

  • Avatar
    hgpilot (Edited )

    @roblitz - I think I've discovered the issue - and I'm not sure you're gonna buy it.  But here goes.

    Opened a case with Netgear and got a level 2 support person - she was super sharp and with me being an IT professional we started looking for a pattern.  I had a Windows Server 2012 backup machine on my wired home network and as a test I tried that - OPENDNS worked correctly.  I then tried with a work laptop that was fully updated - it didn't block.  So I gathered up all the devices in my house (I have no Macs or Non-windows 10 PC's and here were my results)

    1. Windows Server 2012 version 6.2 / OS Build 9200 – successfully blocks using IPC (wired only)
    2. Windows 10 Pro version 1511 / OS Build 10586.545 – successfully blocks using IPC (wireless only)
    3. Windows 10 Pro version 1511 / OS Build 10586.1007 – successfully blocks using IPC (wireless only)
    4. Windows 10 Pro version 1607 / OS Build 14393.953 – successfully blocks using IPC (wireless only)
    5. Windows 10 Pro version 1703 / OS Build 15063.332 – successfully blocks using IPC (wireless only)
    6. Windows 10 Pro version 1703 / OS Build 15063.413 – does NOT block (does not block wired or wireless)
    7. Windows 10 Pro version 1703 / OS Build 15063.483 – does NOT block (wired only)
    8. iPad iOS 10.3.1 (14E304) – successfully blocks using IPC (Safari)
    9. iPad iOS 10.3.2 (14F89) – successfully blocks using IPC (Safari)

    These tests are all using the same IPC / OPENDNS settings and using the same adult test site.

    My guess is that something with one of the more recent updates of Windows 10 is causing the problem - and it doesn't make sense unless there was a security update hard-wiring a different DNS address that isn't showing up when I do an IPCONFIG / all?  Perhaps bypassing the OPENDNS settings on my router?  I've submitted this list to Netgear and they are going to test on a fully updated Windows 10 machine.  Not sure I mentioned this but OPENDNS has been successfully blocking adult content for over 19 months with a custom setting of "pornography" only.  I noticed it wasn't blocking sometime in mid-May when a friend of my son was over here and started to investigate.  As an IT professional I tend to patch my primary machines fairly often and remember making the "Creators Update" in late April - possibly that's the issue.  Your thoughts?

  • Avatar
    rotblitz

    DNS is unrelated to OSes.

    Copy & paste the complete plain text outputs of the following diagnostic commands to here, from the PCs where it does not work.

    nslookup -type=txt debug.opendns.com.
    nslookup whoami.akamai.net.
    netsh interface ipv4 show config

     

  • Avatar
    hgpilot

    Normally I would agree - except for the DNS is configured on the PC via each adapter type - in my case - onboard Ethernet ipv4 (set to automatically obtain).  ipv6 is unchecked on all machines.  And the router is set to OPENDNS servers.  Clearly my setup is unusual in that on 9 different devices (7 of which are Windows 10 Professional PC's) I get different results - where the OS type is essentially the only thing that makes them different.  The 5 PC's that block correctly haven't been updated since mid-April but the ones I'm having problems with (the most important ones) were updated just a few days ago.  Like I said - it doesn't make any sense unless Microsoft's latest release is hard coding DNS entries deep on the backside of things?  I've also scanned these 2 PC's for Malware - clean.

    Attached are the results you asked for - on the affected machine. Does this shed any light?  I really appreciate your help.


  • Avatar
    rotblitz

    Disable the "Real Site" (or Secure DNS) option in your Avast appliance, else you will use Avast's DNS service, not LPC.

  • Avatar
    hgpilot

    YES!!!!  That was it!!!!  (although using AVG / not AVAST)

    Funny - I'm running AVG on all other PC's as well - but like Windows they aren't the latest release.

    So this setting redirects www traffic to AVG's DNS server and not the OPENDNS?

    (I'm an IT professional but not a Network professional)

    Regardless - problem solved (just want to understand why)

  • Avatar
    rotblitz

    Regardless, you used the Avast DNS service.  It may be that AVG partnered with Avast for this service.  And yes, this service hi-jacks all DNS traffic to redirect it to it.  This is well documented. 
    https://support.opendns.com/hc/en-us/articles/227988967

  • Avatar
    hgpilot

    Thanks again @rotblitz - all works great.  I see it's well-documented - I would suggest also adding it to this - which was the first place I tried.

    https://support.opendns.com/hc/en-us/articles/227988707-Why-OpenDNS-is-Only-Working-on-One-or-Some-of-my-Computers-Devices

    It's sort of there already under Avast but since it also happens with AVG (as in my case) it might make sense to include that as well.

    Thanks again.

  • Avatar
    rotblitz

    Only OpenDNS staff can change this.  I as user do not have access.

Please sign in to leave a comment.