View full URL when site is blocked

Comments

10 comments

  • Avatar
    mattwilson9090

    What time restrictions are you referring to? Are they provided by a Netgear router using LPC, or some other mechanism? OpenDNS doesn't do "temporary" or time based restrictions, and the only way to do that if you are using OpenDNS is with a hardware implementation, such as the Netgear routers with LPC.

    There would be no point in retrying a blocked page, since even if the results weren't already in your local cache, OpenDNS would still return the same results. Also, since OpenDNS only knows about domains, not URL's, there is no way for it to return a URL to you to "retry". However, on the OpenDNS block page it will tell you the name of the blocked domain, and will give you an indication as to whether it was blocked individually or as a result of a category it belongs to. Also, if your account is configured to do so, it will provide a link to send an email to the administrator of your OpenDNS account asking them to whitelist the domain or otherwise investigate it.

    As for seeing the full URL, that should still be available from whatever link you clicked on to get there. Worse case scenario you just go "back" a page to where you found it and examine the link from there. If you typed it in manually, just retype it again in case you mistyped it the first time.

    With the pay versions of OpenDNS there are other options, including such things as bypass codes or different settings for individual users, but those vary by the type of pay service you are using.

    0
    Comment actions Permalink
  • Avatar
    snakyjake1

    I have setup time restrictions, and I also can bypass.  The problem is when I forget about the blocking.  My typical scenario is reading email, reading RSS feeds, and opening those links in my browser to read later.  When I open those links I delete my email to keep it clean.  When I go to my browser I notice some of the links were blocked, so I bypass the block...BUT refreshing the browser doesn't work, and there's no indication of what the full URL is.  So I have to go back through all those RSS and emails and do it all over again.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Right, but the question was *how* you are doing the time restrictions, not if you are doing them. Beyond that, *how* are you able to bypass? Without knowing that the insight I can give is very limited, especially since it's very possible you are using a service other than OpenDNS to do some or all of this.

    Regardless of which technology you are using to do the blocking I'd recommend not deleting the email or source of a link until you actually know you can get to where you want to go. Regardless, OpenDNS, being a DNS based service, it knows nothing about URL's, only domains, so it can't return any URL information to you since it never received that information in the first place.

    0
    Comment actions Permalink
  • Avatar
    snakyjake1

    How?  I use OpenDNS to block categories by time.

    When I click the URL link from my email, it sends the URL to the browser (Chrome).  But when OpenDNS blocks the site, I lose the URL information from the browser (Chrome) and OpenDNS doesn't tell me what it is.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Then you must be using a Netgear with LPC enabled, since no other OpenDNS offerings have time based filtering.

    Since OpenDNS is a DNS based service, and URL information is not sent to a DNS server, only the domain that is being looked up, there is no for OpenDNS to return any results to you that include the URL, only the domain. This is also why I said that OpenDNS does not block sites (or URL's), only domains, since it is only aware of the domain names that are sent to it for resolution.

    Like I said, your best solution is to stop blindly clicking on links, deleting the source, and going back to them later. After you click on a link you should verify that you can actually get to the page before deleting the source, otherwise you will continue to run into this "problem", which is actually the end result of a how a DNS based service is supposed to function.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @mattwilson9090

    "Since OpenDNS is a DNS based service, and URL information is not sent to a DNS server, only the domain that is being looked up, there is no for OpenDNS to return any results to you that include the URL, only the domain."

    This is not true in case of "domain blocking".  OpenDNS returns its own IP address (hit-block.opendns.com, hit-adult.opendns.com, hit-phish.opendns.com or hit-malware.opendns.com), and the browser then transmits the full URL including POST or GET parameters to OpenDNS's server.  So they have this information, but they would need to pass it on to the block page as well to show it up there.

    I have voted for this idea now, because it is technically feasible.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @snakyjake1

    "I need to see the full URL so I can retry the site."

    To see the full URL is theoretically possible, but, as mattwilson9090 said, it doesn't make sense to retry, because OpenDNS would return the same result again unless your time based settings changed in the mean-time or you changed your settings manually where you need the domain name only for, not the URL.  Either way, you had to flush your caches too to make the retry reliably work.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    @rotblitz

    I wasn't aware that that happens with the URL's, but now that I think about it, I think it makes sense. Basically the DNS request is made, OpenDNS returns their own IP address for a domain that is blocked, then once the browser has the results of the DNS lookup, it sends it's traffic to the requested URL, only in this case the IP address for the domain name is an OpenDNS address rather than the "correct" one. Other software would do a similar thing, only sending it's initial traffic to the OpenDNS IP rather than the IP for the domain.

    Assuming I've got the mechanism correct that makes sense, I just hadn't considered the full process of what happens after the DNS happens and is returned.

    So yes, in that case they'd need a mechanism to momentarily capture the URL of the requested page, and then insert it in the returned page. There could be implications for traffic and load on the servers, as well deciding whether or not to capture and save that URL information. If saved they'd need to consider security and privacy implications of capturing it, and if not saved they'd need to make certain that it doesn't somehow get saved with the DNS related information associated with an account.

    I'm not certain what would happen for domains that were already in cache for a domain that had been previously blocked. I think the mechanism would be the same, only a DNS lookup request wouldn't need to go to OpenDNS, but the traffic would still be sent to the OpenDNS address.

    Of course if they were capturing and returning that URL information it does also lead down the rabbit hole of other things they could do with that URL information, other than displaying it on the blocked domain page. Things like additional filtering based on URL or content, logs of visited or requested URL's, and what not.

    There might also be ways to do this by coding the webpages to work with local variables and data, while still ignoring the URL that is sent to the OpenDNS server, but that's a little bit beyond my web programming skills, so I'm not certain.

    Still, it could be useful if this was added. Of course, until or unless they implement this it would still be necessary to make sure that a link "works" before moving on to something else.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Well understood!

    "the traffic would still be sent to the OpenDNS address."

    Not necessarily if the content is still in the browser cache and not expired.  This depends on the cache advises in the HTTP or HTML header of the web page.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    That's right, there's a browser cache as well, and a DNS lookup for a blocked domain could very well go to the local caches for domain resolution as well as content without ever sending any sort of traffic to OpenDNS server. In that case the web page would need to be code to use local resources (variables? name space? I'm not sure of the proper terminology) to provide the URL that was initially referenced.

    0
    Comment actions Permalink

Please sign in to leave a comment.