IPv6 Web Filtering

Follow

j.r.jett1

July 27, 2013 20:54

Support for web filtering when using OpenDNS IPv6 addresses.

244

• 

  rotblitz December 26, 2016 15:52 (Edited December 26, 2016 15:54)

  Not sure why you use the webdnstools site at all, because if doesn't give you an option to define a DNS service (e.g. OpenDNS) to test against, and it doesn't use the DNS service you have configured locally.  Therefore your test was good for - nothing.

  You must raise your DNS lookups from your end user device with commands like nslookup, dig or host to verify the results.

  For example, if you want to check for "adult" domain blocking, you execute:

  nslookup www.exampleadultsite.com.

  Then you query the returned IP address and should get hit-adult.opendns.com.  And you will see what DNS server and what protocol (IPv4 or IPv6) has been used for the query.

  If you want to test explicitly via IPv6, then you execute:

  nslookup www.exampleadultsite.com. ::ffff:d043:de7b

   

  -1

  Comment actions Permalink
• 

  rotblitz August 17, 2018 13:30

  You are clearly not using OpenDNS, but most likely your ISP's DNSv6 service:

  Server: UnKnown
  Address: 2605:a601:8015:700::1

  This is propagated by your router to your computer.

  You must configure the FamilyShield addresses ::ffff:d043:de7b and ::ffff:d043:dc7b in the IPv6 settings on your router.  If this is not possible, you can configure them in the IPv6 settings of your computer, interface "Wireless Network Connection".

  -1

  Comment actions Permalink
• 

  rotblitz August 18, 2018 16:54

  Yes, you can configure this also on the end user devices.  Alternatively, disable IPv6 on the router.  The downside is that you cannot access IPv6-only destinations then.  But there are only a few of those anyway yet.  You may never become aware of them.

  -1

  Comment actions Permalink
• 

  tgeorgescu April 14, 2019 09:16

  OpenDNS is a gratis service which offers people some facilities. If you do not like it, you are free to leave it.

  There is the paid service Umbrella which is really the point of OpenDNS.

  Google DNS does not filter results. Of course, there are other services which filter DNS calls for security and/or porn.

  -1

  Comment actions Permalink
• 

  rotblitz April 14, 2019 17:01

  Yep, this is already fully implemented in Umbrella, see https://support.umbrella.com/hc/en-us/articles/230563727

  And what I've heard from the developer manager responsible for this project, they are working for making this available in OpenDNS too.

  

  -1

  Comment actions Permalink
• 

  rotblitz September 01, 2013 15:45

  You cannot register an IPv6 address with your OpenDNS network yet, therefore content filtering won't work. You can however use the OpenDNS FamilyShield addresses which provide at least some basic filtering of "adult" sites, proxy servers, basic malware botnets and phishing.

  ::ffff:d043:de7b
  ::ffff:d043:dc7b

  -2

  Comment actions Permalink
• 

  mattwilson9090 October 09, 2014 09:58

  OpenDNS supports IPv4 and IPv6 lookups in a couple of different ways, including having their own IPv6 resolver addresses that provide recursive IPv6 service. They currently do not support DNS filtering or any of their other security products for IPv6 products.

  The biggest reason I do not roll out IPv6 internet access and services for any of my clients (aside from lack of availability) is the lack of security products and tools that support it. Most consumer routers are pretty useless when it comes to IPv6 support, and many UTM firewalls don't support it as well, or if they do it's very basic. There are a few "prosumer" UTM firewalls out there that support it pretty well, and most offer to sell you purpose made hardware, or let you build your own hardware (usually an older PC with two NIC's) and install your own software image on them that gives it the same functionality as the hardware they sell. I'd consider it if it was just me, but I won't go that way in business because I'd then become a manufacturer with all the issues that entails.

  I don't know what kind of IPv6 service Comcast is providing you, including if they are providing IP6 only or IPv4 and IPv6, or how they are providing IPv6, but I'd recommend going back to IPv4 if you can, until you figure out all the security and filtering options you want and how to get them to support IPv6.

  -2

  Comment actions Permalink
• 

  mattwilson9090 February 25, 2017 09:47

  @drn82 If a "+1" was the extent of your feedback on this then OpenDNS management will not see or care about it. Unless you use the voting buttons at the top of these ideas they will not tabulate it.

  As for your knowledge and statements about IPv6, they are quite wrong and/or misleading.

  IPv6 did not "come out" 5 years ago. IPv6 is a spec that has been with us for more than 20 years, and has been built into most major operating systems for 15 years or so. Despite that, there has been very little momentum towards widespread adoption and use of IPv6. Even the United States Federal Government has ignored statutory requirements to have IPv6 implemented in all of their systems.

  OpenDNS is hardly the only technology company that does not support IPv6 throughout it's entire product line. I have encountered very few hardware or software products, especially security products that partially or fully support IPv6. Rather than being behind the times their implementation of IPv6 is pretty much on par, and in some ways is even ahead of the industry.

  -2

  Comment actions Permalink
• 

  rotblitz July 27, 2013 21:58

  Why do you request this? Isn't this there already? Use these OpenDNS IPv6 addresses:

  ::ffff:d043:dede
  ::ffff:d043:dcdc
  ::ffff:d043:dedc
  ::ffff:d043:dcde

   These are the IPv6 equivalents to the OpenDNS IPv4 resolver addresses.

  -6

  Comment actions Permalink

Please sign in to leave a comment.