Unable to configure OpenDNS

Comments

11 comments

  • Avatar
    mattwilson9090

    As much as I dislike Comcast/Xfinity I've never heard any credible reports of them rerouting DNS requests to their own servers. If that is indeed the case the only way you can do anything about it is by contacting them.

    However, since I don't think that is the case, there are a few other things you can do. The one page you shared with us is configured correctly for OpenDNS, though from a security point of view I would recommend disabling UPNP, which is considered to be a major security hole. When you run an ipconfig/all on one of the computers on your network, what are they displaying for the DNS servers? Also, you should check the settings that DHCP is handing out to the devices on your network. Are they handing out IP's for your ISP's DSN servers, the IP of the router, OpenDNS DNS server addresses, or something else entirely? Also, as a matter of course you should check every single section of that router, and if there is a section to provide DNS server information you should set it to OpenDNS as well.

    Also, have you configured your OpenDNS account and have your IP address registered with your OpenDNS network?

    0
    Comment actions Permalink
  • Avatar
    bluediamonds

    Holy cow thank you for pointing out the UPNP setting i have no idea why that was on. Yes this current IP is registered with OpenDNS and the only other section i have that talks about DNS is DNS Filtering and OpenDNS is listed here is a snap shot. After running ipconfig /all my routers Default IP is listed in the DNS.




    Capture4.PNG
    Capture5.PNG
    0
    Comment actions Permalink
  • Avatar
    bluediamonds

    I did change the Filtering to OpenDNS Home part but am uncertain if i should put anything in Custom DNS setions

    0
    Comment actions Permalink
  • Avatar
    bluediamonds

    After doing that it does look like it might be partially working for example when i go to google and type "nude girls" i am still seeing a everything that is associated with the key phrases but when i click on a image to direct me to the site its blocked by Open DNS.  

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    UPNP was turned on because it's turned on by default in all consumer grade routers. After the initial configuration it's one of the first things I turn off in all new routers, followed by a reboot, plus with all new PC setups I confirm that it's not enabled on them as well.

    You should reboot the router to make sure all settings are actually being applied. Of course you also need to make sure that you are using the latest firmware for the router.

    What about the DHCP settings for this router? I think on this family of routers it's in the LAN tab. Aside from being able to control what IP address are handed out or reserved, do you have an option to configure the DNS settings that are handed out?

    Personally I don't use Parental Controls on anything, but if you choose to use them, with OpenDNS Family, even if you have something whitelisted in your settings on the dashboard, you will never be able to visit that domain because of the way OpenDNS Family works. If all you want to do is use OpenDNS I would disable Parental Controls entirely, and rely on the more conventional methods of configuring and using it.

    It's possible that this firmware doesn't care about what you want and will only hand out via DHCP it's own address for DNS servers. If that is indeed the case then on one of your PC's manually set the DNS servers to OpenDNS, that will at least tell you if the problem lies with you router, or elsewhere.

    Do you have any configuration options on your cable modem. It shouldn't matter if things are configured on your router, but as some router vendors have restricted what you can actually configure on your own hardware they are also by default taking settings directly from the ISP, further restricting what you can do. Configuring everything on the modem to point to OpenDNS is never a bad idea, but in this case might also sidestep what may or may not be going on with the router.

    0
    Comment actions Permalink
  • Avatar
    bluediamonds

    i had posted the DHCP setting tab on the first Captures but ill re-post them like i said it does seem to be partially working for example when i go to google and type "nude girls" i am still seeing a everything that is associated with the key phrases but when i click on a image to direct me to the site its blocked by Open DNS.  Is there a way to set up OpenDNS to not block certain computers?

     




    Capture3.PNG
    0
    Comment actions Permalink
  • Avatar
    bluediamonds

    The Modem  is a personal Motorola SURFBoard SB5141 which i bought but comes with no way to configure at least that i know of since you have to call comcast to configure it.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    What you search for on google has nothing to do with OpenDNS. OpenDNS is only dealing with DNS, once you have reached a domain after that lookup is done it has nothing more to do until another DNS lookup is performed. Since search results on Google are just content OpenDNS wouldn't get involved unless you clicked on one of those search results to go to it. So returning results for that search is exactly what is supposed to happen.

    If you want to filter google search results you could turn on google safesearch. to use that in conjunction with OpenDNS you can search in this foreign for multiple threads that have instructions of how to do that. I think some other search engines have similar options, but I haven't looked into them.

    I would go into the DHCP settings and enter the primary OpenDNS server, 208.67.222.222 there for two reasons. First is a troubleshooting method, since it will hand out that address to your PC's you have a way of confirming that those PC's are actually going to OpenDNS by checking the ipconfig settings. The second is that unless there is a specific reason, such as controlling certain things in DNSMasq, I prefer not to use a consumer grade router (and yes, despite it's hardware an RT-AC86U is still a consumer grade router) to handle DNS. I've seen too many performance hits and other odd behaviours, so I just don't use it that way.

    In the free versions of OpenDNS the only way to block some computers and not others is manual configuration, either setting DHCP to hand out OpenDNS settings to everything and manually setting the machines you want to exempt to different DNS servers, or manually configuring everything. The downside to that, aside from manual setups is that the machines pointing elsewhere for DNS lose all of the other benefits of OpenDNS. The paid products, such as the Umbrella family of offerings or LPC on some netgear routers offer other choices, such as using a bypass code or with some of them, being able to do things like filter by user or device. Some of those choices do require an "agent" of some sort to be installed on the individual computer.

    I don't know that particular model of cable modem, but it sounds like one that is just a modem, rather than the increasingly common modem/router's that many ISP's hand out. In that case there's probably little you can do with it directly.

    0
    Comment actions Permalink
  • Avatar
    bluediamonds

    Thank you for you your response mattwilson9090 you are correct its a separate modem indeed i'm not a fan of the DUAL COMBO MODEM/ROUTER type things since i like to have control over things individually in a sense if the modem breaks i replace the modem if the router craps out i replace that and so on and so fourth.

    I did just that enabled safeguard and called it a day but OpenDNS is working correctly i'm just trying to configure it all to run sharp and i'm assuming that in order to start weeding out the does and don'ts of sites i just have to set the main check marks and add sites as needed. 

    The only reason i'm setting this up is to prevent my children from watching bad content on the computers at home.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Yes, the best way to use the free products is to block the categories you don't want and then blacklist or whitelist individual domains as needed. Just remember, OpenDNS only looks at domains, not content. So if content that you don't approve of is on a website whose domain you approved In some manner OpenDNS can do nothing about it.

    The paid products offer a lot more flexibility and control, plus massive improvements in security and protection but they still do nothing about content.

    0
    Comment actions Permalink
  • Avatar
    bluediamonds

    Thanks Again for the help everyone you may consider the matter closed.

    0
    Comment actions Permalink

Please sign in to leave a comment.