OpenDNS not working with Comcast/Xfinity

Comments

10 comments

  • Avatar
    windowsguy

    Go to Xfinity xFi app => Network =>Turn Protected Browsing 'Off' Also disable Parental Controls for individual devices.

  • Avatar
    rotblitz

    Not sure where you got these diagnostics from, but they are good for absolutely nothing.  :(

    Instead copy & paste the complete plain text outputs of the following diagnostic commands to here:

    nslookup -type=txt debug.opendns.com. 208.67.220.220
    nslookup -type=txt which.opendns.com.
    nslookup whoami.akamai.net.

     

  • Avatar
    deangp

    Not sure where you got your commands from, but mine came from  OpenDNS personnel here on the forum. 

  • Avatar
    deangp

    C:\Users\Dean_2>nslookup -type=txt debug.opendns.com. 208.67.220.220

    Alright, here are your results.  I already know that I am not getting connected to the OpenDNS Resolver.  What's my fix?

     

     

    Server: resolver2.opendns.com
    Address: 208.67.220.220

    *** resolver2.opendns.com can't find debug.opendns.com.: Non-existent domain

    C:\Users\Dean_2>nslookup -type=txt which.opendns.com.
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    which.opendns.com text =

    "I am not an OpenDNS resolver."

  • Avatar
    rotblitz (Edited )

    "Not sure where you got your commands from"

    My commands come from me, or better from the developers of Windows, Linux and Mac OS.  It's the usual method to investigate DNS problems.

    "mine came from  OpenDNS personnel here on the forum."

    Weird, OpenDNS staff normally do not provide commands on the forum here...
    Or did you mean this article?
    No matter, the outputs you provided have been irrelevant to everything.  They look like HTTP tests, not like DNS tests.

    "I already know that I am not getting connected to the OpenDNS Resolver.  What's my fix?"

    Well, you forgot to post the output from the 3rd command, so I'm not entirely sure what it is.

    I see two possibilities:

    • In case you have Avast/AVG Real Site/Secure DNS feature enabled, disable it.
    • In case your ISP redirects your DNS traffic, then https://dnscrypt.info/ may be able to circumvent this restriction.
  • Avatar
    deangp

    See what you can do with this:

    C:\WINDOWS\system32>nslookup whoami.akamai.net.
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 69.252.244.159

     

     

    DNS Crypt would be great if I hadn't already stated that I am trying to direct a router, not a client.

    What else you got?

  • Avatar
    rotblitz

    From 69.252.244.159 I see that it is your ISP (Comcast) redirecting your DNS traffic, not an AV appliance on your computer.

    It doesn't look like that you can install DNSCrypt on your D-Link DIR-655, and it seems there is apparently no alternative firmware available for this router, so you are out of luck with this router and with this ISP.

    You could contact your ISP to ask why they have imposed restrictions, preventing you from using 3rd party DNS services as you want.  If it was working before, they should be able to reset you to this state.  Be resistant, first level support lines are often lousy, and they even may not understand what you're talking about.  Insist in getting connected to their second line support.

  • Avatar
    deangp

    And THAT is exactly what I needed to confirm.  Yup, a call to Comcast is in order.  Will post results just for closure.

    Thanks.

     

  • Avatar
    agur

    Will be very interested to read/hear your results. Just had Xfinity installed and using their DPC3941T modem/router.  VERY displeased that the DNS is not configurable and want to purchase something that will work.

    Thanks.

  • Avatar
    rotblitz (Edited )

    In case of Comcast you must also ensure to disable Comcast's Constant Guard.
    https://support.opendns.com/hc/en-us/articles/227988687

Please sign in to leave a comment.