I have a Linux box for a router at my home, I add your name servers in and it quits resolving webpages.

Comments

5 comments

  • Avatar
    cobalt-phoenix

    This is a user community forum, and the "name servers" are not mine.  And the "name servers" are actually resolvers, not name servers.  And webpages do not need to be resolved, just domain names need it.  And what does "Linux box for a router" mean?  Is your router Linux based, or do you have a Linux computer connected to a router?

    Here are instructions for BIND: https://support.opendns.com/entries/49080890
    There are more instructions than just named.conf related.

    If it does not help, you may want to post the complete plain text output of the following diagnostic commands from this Linux device, so that I see what's going on:

       dig debug.opendns.com txt

       dig whoami.akamai.net

    0
    Comment actions Permalink
  • Avatar
    rharvey32

    Web pages are linked to the domain name. so when I put the url for google.com in the address bar, and the browser says this webpage can not be found.  This is what I was referring to. the webpage url is resolved by dns look ups.

    I have no physical "router" I have a computer I have installed linux on.

    It IS my router.

    when we follow the instruction opendns posted and restart the service, we get no name resolution. Ie - the domains do not resolve.
    these are the instructions to add to the config file.

    then the instructions are to test it. 
    i do not see more instruction here as you said "Here are instructions for BIND: https://support.opendns.com/entries/49080890
    There are more instructions than just named.conf related."

     

    Shell\SSH Instructions

    Attach directly to your server or ssh to it. From there, go into /etc/bind/.  This is the default location so you may need to change this based on your configuration.

    From there you will need to edit named.conf.options with your favorite text editor.

    Once you've opened named.conf.options, look for a line that starts with forwarders {

    If there are already forwarders configured then you just need to change the current resolvers to use OpenDNS' anycast IP addresses. If the line isn't there then you can add it right above the last }; 

    forwarders {
    208.67.222.222;
    208.67.220.220;
    };

    Save the file, then use the instructions at the bottom of this article to test your change.

     

    0
    Comment actions Permalink
  • Avatar
    cobalt-phoenix

    "the webpage url is resolved by dns look ups"

    Again, this is not what happens.  But as you want.

    I meant to use the Webmin GUI to configure it.

    I'm afraid you copied & pasted the wrong stuff here in error.  You better had provided the command outputs.  Without them it's hard to help any further.

    0
    Comment actions Permalink
  • Avatar
    rharvey32

    I do not have the webadmin gui installed, it would wipe out all the config file settings and break everything else.

    I will post some outputs later.

     

    0
    Comment actions Permalink
  • Avatar
    rharvey32

    Fixed Problem Resolved!
    If you are running linux, and using bind, edit your named.conf file to use opendns you will want to.

    Here is what we found.

    We found the problem.
    OpenDNS doesn't support DNSSEC which is probably the default config settings on most modern distributions.

    Found it: https://forum.pfsense.org/index.php?topic=103759.0

    The first part goes in the "optons { }".


            auth-nxdomain           no;
            recursion               no;
            dnssec-enable           no;
            dnssec-validation       no;
    #       dnssec-lookaside        auto;
            forwarders {
                    208.67.222.222;         # OpenDNS
                    208.67.220.220;         # OpenDNS
            };
            forward only;

     

    Plus if they have an internal network defined:

    (do not put this part in the options section. Make a section for it.)


    view "internal" {
            match-clients { trusted_networks; };
            auth-nxdomain           yes;
            recursion               yes;
    <zones go here>
    };

    0
    Comment actions Permalink

Please sign in to leave a comment.