OpenDSN servers wont work with Network or Netgear Router.
I've tried both manually entering the OpenDNS IP's in my network setting properties and setting them up in my Netgear wnr2000v3 router, but they still won't work.
Perhaps the problem is because I'm using a Chinese router to get my internet (from an Chinese ISP, as I live in China) and then I have my Netgear, which creates my home network, connected to that? In the Chinese router setup, it looks like the DNS is permanent and the user is unable to change it.
I thought using the Netgear, and configuring the DNS in it's setup, would get around that though, am I wrong? So if the Chinese modem disabled DNS changes, does that mean I'm SOL?
I've flushed DNS and cleared cache to no avail. What other options do I have?
Thanks.
-
Hi, thanks for the quick response! Here's the complete plain text output that you requested.
C:\Users\RJ>nslookup -type=txt debug.opendns.com. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220DNS request timed out.
timeout was 2 seconds.
*** Request to resolver2.opendns.com timed-outC:\Users\RJ>nslookup -type=txt debug.opendns.com.
Server: UnKnown
Address: 10.0.0.1DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-outC:\Users\RJ>nslookup whoami.akamai.net.
Server: UnKnown
Address: 10.0.0.1Non-authoritative answer:
Name: whoami.akamai.net
Address: 218.85.157.5
C:\Users\RJ> -
You seem to have a lousy internet connection, because, as you can see, your first two requests timed out, or something is blocked by your ISP or your government. Currently you're using your ISP's DNS service, to be seen from 218.85.157.5 (CHINANET Fujian province network).
Post a variation of the command outputs again, these:
nslookup -timeout=16 -type=txt debug.opendns.com. 208.67.220.220
nslookup -timeout=16 -type=txt which.opendns.com.
tracert 208.67.220.220If you still get timeouts with the first two commands, try these variations:
nslookup -timeout=12 -port=443 -type=txt debug.opendns.com. 208.67.220.220
nslookup -timeout=12 -port=5353 -type=txt debug.opendns.com. 208.67.220.220
nslookup -timeout=12 -port=443 -vc -type=txt debug.opendns.com. 208.67.220.220
nslookup -timeout=12 -port=5353 -vc -type=txt debug.opendns.com. 208.67.220.220 -
Hi, thanks for the help! I do believe my ISP is blocking me from changing DNS servers. That's one thing I'd like to verify (since changing DNS in my router or network doesn't seem to work either), and if it's true, what options I have.
Here are the outputs:
C:\Users\RJ>nslookup -timeout=16 -type=txt debug.opendns.com. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220DNS request timed out.
timeout was 16 seconds.
*** Request to resolver2.opendns.com timed-outC:\Users\RJ>nslookup -timeout=16 -type=txt which.opendns.com.
Server: UnKnown
Address: 10.0.0.1DNS request timed out.
timeout was 16 seconds.
*** Request to UnKnown timed-outC:\Users\RJ>tracert 208.67.220.220
Tracing route to resolver2.opendns.com [208.67.220.220]
over a maximum of 30 hops:1 <1 ms <1 ms <1 ms 10.0.0.1
2 1 ms <1 ms <1 ms 192.168.1.1
3 53 ms 34 ms 2 ms 100.64.0.1
4 5 ms 2 ms 2 ms 117.30.26.253
5 3 ms 2 ms 3 ms 61.154.236.29
6 25 ms 22 ms 21 ms 202.97.47.181
7 * 19 ms 19 ms 202.97.57.25
8 22 ms 19 ms 19 ms 202.97.90.33
9 45 ms 47 ms 47 ms 202.97.61.58
10 44 ms 44 ms 45 ms 202.97.121.218
11 84 ms 83 ms 82 ms TenGE0-1-0-0.br02.sin01.pccwbtn.net [63.218.162.186]
12 82 ms 82 ms 82 ms TenGE0-1-0-0.br02.sin01.pccwbtn.net [63.218.162.186]
13 82 ms 82 ms 82 ms 63-218-163-246.static.pccwglobal.net [63.218.163.246]
14 82 ms 82 ms 82 ms resolver2.opendns.com [208.67.220.220]Trace complete.
C:\Users\RJ>nslookup -timeout=12 -port=443 -type=txt debug.opendns.com. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220DNS request timed out.
timeout was 12 seconds.
*** Request to resolver2.opendns.com timed-outC:\Users\RJ>nslookup -timeout=12 -port=5353 -type=txt debug.opendns.com. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220DNS request timed out.
timeout was 12 seconds.
*** Request to resolver2.opendns.com timed-outC:\Users\RJ>nslookup -timeout=12 -port=443 -vc -type=txt debug.opendns.com. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220Non-authoritative answer:
debug.opendns.com text ="server m17.sin"
debug.opendns.com text ="flags 30 0 70 7950800000000000000"
debug.opendns.com text ="originid 0"
debug.opendns.com text ="actype 0"
debug.opendns.com text ="source 106.122.239.160:7697"
C:\Users\RJ>nslookup -timeout=12 -port=5353 -vc -type=txt debug.opendns.com. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220Non-authoritative answer:
debug.opendns.com text ="server m37.sin"
debug.opendns.com text ="flags 30 0 70 7950800000000000000"
debug.opendns.com text ="originid 0"
debug.opendns.com text ="actype 0"
debug.opendns.com text ="source 106.122.239.160:8197"
I hope those help.
-
Yes, these help a lot! Your ISP blocks any DNS traffic to the OpenDNS servers (DC Singapore) via ports UDP/53, UDP/443 and UDP/5353, but not so via ports TCP/443 and TCP/5353.
If you install and run a local DNS proxy like https://dnscrypt.org/ or http://delegate.org/delegate/ on the router or on the computer, and you configure it to send your DNS traffic out via TCP/443 or TCP/5353, then you can overcome your ISP's restrictions regarding DNS. Simply entering the OpenDNS resolver addresses on the router or computer is to no avail in your case.
Also, your IP address 106.122.239.160 is not yet registered with a network at https://dashboard.opendns.com/settings/
So, even if you would use OpenDNS (which you don't yet), your dashboard settings would not take effect. -
Ah, so it is an ISP issue. Thought so.
So now, thanks to you, I see I must run a DNS program on my computer (I'd have no idea how to set it up on my router). In your opinion, do these slow down page open speed much? I've been hesitant to use them because of that. Although I suppose I can use it and make up my own opinion as well. :)
You're indeed right about the IP address not being registered. And that's because I use a VPN, so my IP changes several times a day in fact. I also thought OpenDNS allowed one to use the DNS servers without actually registering, so I didn't think registering one's network was an absolute necessity to get it working.
Such being the case, with my constantly changing IP due to a VPN (thus making it somewhat moot to register an IP), will those program (dnscrypt or delegate) not function as needed?
Thanks again for the advice, truly appreciated!
-
"In your opinion, do these slow down page open speed much?"
No, these programs are lightweight and do not have influence on speed or performance, same as DNS in general does not have influence on upload/download speed. DNS is the phone book of the internet, not the phone lines. And DNS is not related to web traffic ("page open speed") which latter is over the "phone lines". However, I expect OpenDNS to be a bit slower regarding the DNS responses ("phone book") for the following reasons:
- Your next OpenDNS data center is in Singapore (maybe Hongkong), whereas your ISP's DNS service is certainly much closer to you. The geographical distance from the DNS service can be important for both, DNS performance and resolution to geolocation based services. It may be that you even do not become aware of this, given the latency of 82ms against the OpenDNS server.
- You are forced to use TCP when using OpenDNS, because the usual and faster UDP is being blocked by your ISP. This may add a bit to the DNS response times, but only minimal.
"And that's because I use a VPN"
Do you? VPNs normally use their own DNS service, not the one you have explicitly or implicitly configured unless you configure the VPN's virtual NIC accordingly.
"I also thought OpenDNS allowed one to use the DNS servers without actually registering,"
This is correct. You'll be using their default settings then, not your individual settings.
"Such being the case, with my constantly changing IP due to a VPN (thus making it somewhat moot to register an IP), will those program (dnscrypt or delegate) not function as needed?"
These DNS proxy programs have nothing to do with your IP address, so yes, they function.
-
OK, I see, only if I want to use particular OpenDNS servers, not the two main public ones, I would need to register and have my IP noted in the OpenDNS dashboard, right? Using the two public ones, as well as any other DNS servers, in the two third party programs you mentioned should otherwise work just fine.
In answer to your question about my VPN, my VPN has OpenWeb mode and Stealth mode. The OpenWeb mode only portal web traffic, but does not impact DNS at all. If I switch to Stealth mode, then it will use it's own DNS as 100% of all traffic will pass through it. But I prefer OpenWeb mode because I can very quickly and easily switch servers or with the VPN on or off that way. OpenWeb is a bit more inconvenient for those tasks. So if the dashboard on OpenDNS records my IP, it might chance depending on what VPN server I'm using at any given time.
So OK, as far as i can tell, the only way for me to use other non-ISP DNS Servers is to use https://dnscrypt.org/ or http://delegate.org/delegate/ (any one you recommend over the other?) and configure them with the OpenDNS public servers (the ones that don't need a registered IP in the dashboard). Please correct me if I've misunderstood something.
A world of thanks for your help btw. I don't think I would have figured this out otherwise.
-
"only if I want to use particular OpenDNS servers, not the two main public ones, I would need to register and have my IP noted in the OpenDNS dashboard, right?"
No, these considerations are totally wrong. You cannot determine particular OpenDNS servers. There are just these six (or eight with IPv6) global Anycast resolver addresses, and the routing configured for them by the ISPs and network carriers defines at what OpenDNS data center you will be landing.
https://www.opendns.com/data-center-locations/The purpose of registering your IP address at your dashboard is solely for your settings to take effect. Without this your dashboard settings are irrelevant.
"Using the two public ones, as well as any other DNS servers"
There are six (or eight) resolver addresses I know of and which you call "public", and there are none otherwise.
Normal: 208.67.222.222; 208.67.220.220; 208.67.222.220; 208.67.220.222
FamilyShield: 208.67.222.123; 208.67.220.123 (adult domains and proxy/anonymizer blocked)
IPv6 resolvers: 2620:0:ccc::2; 2620:0:ccd::2 (no content filtering, no dashboard in use, pure DNSv6)All these resolvers listen on ports 53, 443 and 5353, UDP + TCP, at any of their many data centers.
"The OpenWeb mode only portal web traffic, but does not impact DNS at all."
This would need to be proved when you started to use OpenDNS. Visit http://welcome.opendns.com/ when you have OpenWeb mode (and OpenDNS) enabled to see if you still use OpenDNS.
"So if the dashboard on OpenDNS records my IP, it might chance depending on what VPN server I'm using at any given time."
The dashboard does not record your IP address. You must run an Updater to send your IP address information changes to OpenDNS for registering with your dashboard. If this Updater sees a new public IP address for you, it will send an update to OpenDNS.
"any one you recommend over the other"
Try with DNSCrypt first. This is a bit easier than DeleGate and concentrates on DNS, whereas with DeleGate you can do a lot of other things too which you might not be interested in to do.
-
Hi Rotblitz,
Sorry it took awhile to reply. Weekends are always the busiest for me. Anywho, once again, thanks a ton.
I'm still a bit unclear about the "The purpose of registering your IP address at your dashboard is solely for your settings to take effect. " Aren't the settings the actual utilization the OpenDNS IPs? If I don't register on the dashboard, they will not work, no? That was my understanding. Otherwise, what exactly will "take effect" only by registering my IP address?
As far as I can tell, I have proved OpenDNS doesn't work with my VPN's OpenWeb mode. I have OpenDNS IPs both on my network card and in my routers DNS, but welcome.opendns.com still shows I'm not using OpenDNS, nor does internetbadguys.com and dnsleaktest.com. So that's why I think I have no choice but to try a 3rd party client.
Thanks for your suggestion on DNSCrypt. I'll look for it now.
Rj
-
So I've got Simple DNSCrypt up and working (kinda). IPv6 disabled. Set my primary resolver to Cisco OpenDNS and secondary to SecureDNS. In advanced settings, I enabled Transport Settings to use TCP port 443 instead of UDP port 443, and enabled both services.
Funny thing is, welcome.opendns.com and http://www.internetbadguys.com/ both report that I'm not using OpenDNS, but dnstestleak.com shows I am (I think):
Am I missing something?
-
"If I don't register on the dashboard, they will not work, no? "
If you don't register your IP address at the dashboard, the OpenDNS defaults will take effect, not your individual dashboard settings (as you don't have any individual settings then).
"...and secondary to SecureDNS."
This was wrong! You use then also SecureDNS beside OpenDNS, and your results cannot be consistent if you mix different DNS services. You use OpenDNS at best randomly.
"Funny thing is, welcome.opendns.com and http://www.internetbadguys.com/ both report that I'm not using OpenDNS"
Not funny, because you seem to use SecureDNS instead of OpenDNS.
-
Sure, my pleasure, here you go. I hope it's useful! I ran those commands with DNSCrypt configured like this:
C:\Users\RJ>nslookup -type=txt debug.opendns.com.
1.0.0.127.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 127.0.0.1Non-authoritative answer:
debug.opendns.com text ="server m33.sin"
debug.opendns.com text ="flags 30 0 70 7950800000000000000"
debug.opendns.com text ="originid 0"
debug.opendns.com text ="actype 0"
debug.opendns.com text ="source 106.122.241.198:2327"
debug.opendns.com text ="dnscrypt enabled (713156774457306E)"
C:\Users\RJ>nslookup whoami.akamai.net.
1.0.0.127.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 127.0.0.1Non-authoritative answer:
Name: whoami.akamai.net
Address: 67.215.80.67
C:\Users\RJ>netsh interface ipv4 show configConfiguration for interface "Astrill SSL VPN"
DHCP enabled: Yes
IP Address: 198.18.7.107
Subnet Prefix: 198.18.0.0/21 (mask 255.255.248.0)
InterfaceMetric: 1
Statically Configured DNS Servers: 208.67.222.222
208.67.220.220
Register with which suffix: Primary only
WINS servers configured through DHCP: NoneConfiguration for interface "Ethernet"
DHCP enabled: Yes
IP Address: 10.0.0.2
Subnet Prefix: 10.0.0.0/24 (mask 255.255.255.0)
Default Gateway: 10.0.0.1
Gateway Metric: 0
InterfaceMetric: 35
Statically Configured DNS Servers: 127.0.0.1
Register with which suffix: Primary only
WINS servers configured through DHCP: NoneConfiguration for interface "Loopback Pseudo-Interface 1"
DHCP enabled: No
IP Address: 127.0.0.1
Subnet Prefix: 127.0.0.0/8 (mask 255.0.0.0)
InterfaceMetric: 75
Statically Configured DNS Servers: None
Register with which suffix: None
Statically Configured WINS Servers: None
C:\Users\RJ>netstat -nao | find ":53 "
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 12100
TCP 127.0.0.1:53 127.0.0.1:49187 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:49544 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:49663 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:49747 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:50143 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:50463 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:50895 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:50936 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:52068 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:52338 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:52762 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:52829 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:53201 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:53950 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:54001 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:54140 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:54318 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:54979 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:55146 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:55150 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:55152 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:55158 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:55160 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:55162 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:55494 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:57050 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:57629 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:57683 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:58110 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:58354 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:58665 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:59121 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:59292 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:59293 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:59496 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:59506 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:59803 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:59989 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:60186 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:60506 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:61247 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:62303 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:63178 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:63890 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:64067 TIME_WAIT 0
TCP 127.0.0.1:53 127.0.0.1:65067 TIME_WAIT 0
TCP 127.0.0.1:55150 127.0.0.1:53 TIME_WAIT 0
TCP 127.0.0.1:55152 127.0.0.1:53 TIME_WAIT 0
TCP 127.0.0.1:55158 127.0.0.1:53 TIME_WAIT 0
TCP 127.0.0.1:55160 127.0.0.1:53 TIME_WAIT 0
TCP 127.0.0.1:55162 127.0.0.1:53 TIME_WAIT 0
TCP 127.0.0.1:60186 127.0.0.1:53 TIME_WAIT 0
UDP 127.0.0.1:53 *:* 12100C:\Users\RJ>
-
The issue is with the "Astrill SSL VPN" interface where you have the OpenDNS resolver addresses configured. This is wrong, because these addresses are blocked by your ISP, as you know, or the VPN provider ignores your DNS settings.
In order to hopefully use OpenDNS via DNSCrypt also with the "Astrill SSL VPN" interface, you configure it with 127.0.0.1 as the only one DNS server address. This 127.0.0.1 (localhost) is where DNSCrypt is listening on to capture your DNS traffic.
-
Ah, so it's because I didn't have the settings taking affect under the Astrill VPN Network Card's section. OK, I turned it on (that is, clicked it, so now a "check" appears on the box).
When you said "you can configure it with..." was "it" referring to DNSCrypt or Astrill? As far as I can tell, DNSCrypt is already configured with that (at least that's what it says to the right of "Primary Resolver").
But the results are all the same as before (internetbadguys and welcome.opendns show no OpenDNS in use, opendnsleak shows Singapore OpenDNS).
So then I thought maybe you meant I had to configure the 127.0.0.1 in Astril - which I did, i entered it under the proxy settings, but then nothing worked, so I was probably wrong with that assumption.
These are my current settings:
What's next? And thanks as always. -
"When you said "you can configure it with..." was "it" referring to DNSCrypt or Astrill?"
I meant the "Astrill SSL VPN" interface.
You need to configure 127.0.0.1 where currently is configured:
Statically Configured DNS Servers: 208.67.222.222
208.67.220.220As I have mentioned earlier, it may be a challenge to use another DNS service when using a VPN.
-
Thanks again. Sorry to be a bother, but where are these Statically configured DNS servers? Do you mean in my Network adapter settings?
If so, to confirm, under the astrill adapter, I should configure the DNS as 127.0.0.1. Funnily enough, I opened the Astrill and the Ethernet adapter settings and found 127.0.0.1 was already set as the preferred DNS for both. I didn't do that myself, so I guess DNSCrypt must have. That's what you were to have me do, right? So that's has been set the the whole time.
Anything else I can try?
-
Yes, the DNS settings are always in the network adapter properties settings of the related interface. And yes, your Simple DNSCrypt configures the DNS settings to be 127.0.0.1, at least for the "Ethernet" interface, else the DNS proxy would not work at all.
See with the following command if you have any other DNS server address than 127.0.0.1 configured.
netsh interface ipv4 show dns
If in both interfaces, "Ethernet" and "Astrill SSL VPN", 127.0.0.1 is configured, you cannot do anything anymore. The OpenWeb mode of your VPN may circumvent your settings, so try with the Stealth mode to see if it works then. Also try without VPN to see if it works.
-
Thanks. These are the results of the netsh command:
C:\Users\RJ>netsh interface ipv4 show dns
Configuration for interface "Astrill SSL VPN"
Statically Configured DNS Servers: 127.0.0.1
Register with which suffix: Primary onlyConfiguration for interface "Ethernet"
Statically Configured DNS Servers: 127.0.0.1
Register with which suffix: Primary onlyConfiguration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: None
Register with which suffix: NoneIs this the result that basically means there's nothing I can do? It's weird that OpenWeb mode of Astrill would circumvent me using custom IPs, considering the entire reason an app like that is build. Especially because the OpenWeb mode doesn't use any custom DNS IPs, so it just defaults to the ISP's DNS.
Stealth mode I know for a fact uses it's on DNS Servers, as I am able to choose which DNS I want to use in Stealth mode. I was just hoping I could use custom ones (OpenDNS) in normal OpenWeb mode, which as far as I knew, didn't affect DNS at all.
Does this also mean that dnsleaktest.com results, showing I'm using OpenDNS servers, are unreliable?
Thanks a million
-
"Especially because the OpenWeb mode doesn't use any custom DNS IPs, so it just defaults to the ISP's DNS. "
No, even not the ISP's DNS. As I said initially, VPNs tend to use their own DNS service, being configured on the remote VPN server. Although you have configured 127.0.0.1 (for DNSCrypt) in the "Astrill SSL VPN" interface, this doesn't mean that the VPN client regards your settings, but may ignore it to do its own thing. You simply do not seem to have control over it.
"I was just hoping I could use custom ones (OpenDNS) in normal OpenWeb mode, which as far as I knew, didn't affect DNS at all."
It obviously does affect DNS.
"Does this also mean that dnsleaktest.com results, showing I'm using OpenDNS servers, are unreliable?"
No, it tells you that your operating system is configured correctly to use OpenDNS, but your browser and its VPN plugin do their own thing.
I would think that the following command shows that your OS uses OpenDNS now, with DNSCrypt enabled:
nslookup -type=txt debug.opendns.com.
Whereas your browser with VPN does not: http://welcome.opendns.com/
I occasionally use some VPN services where one can use OpenDNS with. You may consider to use a different VPN service where you can use OpenDNS as well. These also create such a virtual network interface like yours, but if you configure DNS there, it does work.
-
Ah, I see, thank you. But if OpenWeb mode did affect DNS, why would it still just point to my ISP's DNS servers? Funny it would force that.
I ran the nslook up you mentioned, this is the result:
C:\Users\RJ>nslookup -type=txt debug.opendns.com.
Server: UnKnown
Address: 10.0.0.1DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-outFirst time I saw 10.0.0.1 there. Could that be the problem?
I just bought a 2 year Astrill plan, ha, so it'll be awhile before I can switch up (affordably). But if we've finally hit a wall here, I'll go ahead and contact there support about incorporating some kind of custom DNS servers in their OpenWeb mode, since it seems like that's my last resort right now. So that means DNSCrypt basically isn't working either right? I'll go ahead and turn it off if it's not actually doing anything, ha.
Thanks again for taking the trouble to walk me through all this.
-
"But if OpenWeb mode did affect DNS, why would it still just point to my ISP's DNS servers?"
Does it? I doubt it! It either points at DNSCrypt now or at the VPN.
"First time I saw 10.0.0.1 there. Could that be the problem?"
No, it's definitely not the first time. Look at your first two comments above from 8-9 days ago where you already see this 10.0.0.1 as DNS server. At this time I thought it is your router's IP address, because I didn't know that you used a VPN, but now this 10.0.0.1 seems to be your VPN gateway and DNS server address when using the VPN.
This is apparently your VPN program setting DNS (and maybe the gateway) to 10.0.0.1. As I said, you'll have a hard time using OpenDNS and VPN at the same time. I'm not sure why you want to use OpenDNS at all if you use a VPN. This is artificially forcing and creating a DNS leak.
If you repeated some of the commands from above, you would see what interface this 10.0.0.1 is related to. If you cannot change this permanently to 127.0.0.1, then you cannot use OpenDNS via DNSCrypt at the same time as the VPN.
"So that means DNSCrypt basically isn't working either right?"
It does perfectly work, but possibly not at the same time when using this VPN and this 10.0.0.1 DNS server takes priority. DNSCrypt only proxies your DNS traffic to OpenDNS if the DNS traffic goes to 127.0.0.1, not if it goes to 10.0.0.1.
Going back to the begin of all of this:
OpenDSN servers wont work with Network or Netgear Router.
This statement is clearly wrong. Instead it should read:
OpenDNS wont work with a certain VPN.
-
Just looking through this thread again, I see that this 10.0.0.1 is in fact your router and the "Ethernet" interface, likely not the VPN. There must be something, be it the Simply DNSCrypt or the VPN client which changes the DNS server address from 127.0.0.1 to 10.0.0.1 and vice versa. If you can prevent from these changes taking effect, in the "Ethernet" interface and in the "Astrill SSL VPN" interface, then you should be sorted.
-
Right, 10.0.0.1 is my router which is hooked up to my ISP's modem. Also, the reason I know, or presume, OpenWeb mode doesn't affect DNS is because when I set OpenDNS IPs to my ethernet adapter, astrill adapter, and my router configuration, none of those IPs took, and it still went to my ISP's DNS (according to dnsleaktest, which showed it was using Chinese DNS IPs, the ones my ISP provides).
I'm trying to look for where the 10.0.0.1 is coming from, but so far I can't find anything. My ethernet and astrill adapter right now both have the DNS servers set to 127.0.0.1, Simple DNSCrypt is using a primary resolver of 127.0.0.1:53 (pointing to Cisco OpenDNS). I went through my router's entire settings and the only mention of 10.0.0.1 was in regard to it's own IP address.
Any idea where I can look to hunt down the culprit changing my DNS server from 127.0.0.1 to 10.0.0.1? If only I knew where that change originated, perhaps it's get me a step closer to preventing it.
Either way, thanks for all the help!
-
"Any idea where I can look to hunt down the culprit changing my DNS server from 127.0.0.1 to 10.0.0.1?"
I don't know either.
As I said before, try without using any VPN, ensure that the DNS servers in the interfaces are set to 127.0.0.1 for DNSCrypt, and see if you're using OpenDNS then:
http://welcome.opendns.com/ -
Oh, sorry, I had forgot to mention that I tried it without VPN on. I tried awhile ago in fact, which is what led me to presume that my ISP doesn't let me change my DNS.
At that time though, I wasn't using DNS Crypt, so I tried again and did as you said, as viola, OpenDNS servers are shown!
Isn't that strange then, that using the VPN OpenWeb mode forces my connection to use my ISP's DNS? Seems quite counter productive. I assume this proves it's a problem I must take up with Astrill, and there's probably not much else I can do, since you've already spent a lot of time in helping me to get the root of the issue.
I gotta say Rotblitz, your awesome. I truly appreciate you taking the time (all this time over two weeks) to help me like this. Wish there was someway I could repay the favor. Thanks again and again.
Please sign in to leave a comment.
Comments
30 comments