Do not allow OpenDNS client to register external IP when using VPN service

Comments

23 comments

  • Avatar
    rotblitz

    Oh, what a long story!  I didn't read it entirely.  But...

    The official OpenDNS Updater does not support what you're looking for, and your concept would be the wrong approach.  There are so many VPN software packages, and new ones can come up every day.

    However, with Marc's Updater (https://updater.marc-hoersken.de/) you can configure in what LAN the updater should do its job.  This or a self-written updater script is apparently the way to go.

    0
    Comment actions Permalink
  • Avatar
    opendns

    I'm sorry that you found my message to be rather long.  However, my purpose was to provide full information and justification for the request that I'm making.

    I'm aware that the official OpenDNS client doesn't support what I'm "looking for" - that's why I'm making a request to have that feature added.  The suggestion that you make in your reply reflects that you didn't read the entire message that I posted. :-)  A third party updater isn't the solution to the problem that I'm describing.  I'm reasonably sure that the vast number of people who use OpenDNS with an updater use the official client, not a third-party client.  And thus, they are the ones who are causing trouble for other people who have to deal with blocks that don't actually apply to them.

    I don't use any OpenDNS client at all - I just have my system configured to use OpenDNS' nameservers.  The problem is that other people, who are using the OpenDNS client and are also using Private Internet Access VPN service are causing IP addresses to be blocked that affect people beyond their home network, for the reasons detailed in my original message.

    My request is for OpenDNS to consider adding that feature.  Since they already recommend against using the OpenDNS client software to register their "home" networks so they can block objectionable content while using a VPN service (for precisely that reason), it would make sense for them to take action where they can.

    Yes, there are any number of VPN providers out there - but it is a fixed number. :-)  When one gets reported to them, it can be added to the OpenVPN client via an update.  I've already provided two processes that can be watched for (openvpn.exe, which is OpenVPN and is a client that can be used with virtually any provider; and pia_manager.exe, which is used for PIA, which is an extremely popular service) as a starting point.

    The problem cannot be remedied by suggesting a third-party updater.

    So I am hoping that OpenDNS will consider this request.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    You keep referring to the OpenDNS client, but there is no such thing. OpenDNS has updater software that can be run from several different operating systems, that serves *only* to update the public IP address that an OpenDNS user has registered with their account. It in no way has anything to do with any of the DNS requests that are sent to OpenDNS, and in fact should only be installed on a single device on the entire network. Many people don't even use the OpenDNS updater, such as those who have a static IP address or who use functionality in their router or some other 3rd party software to do the updates for them.

    It has no awareness of what is running on the entire network, and therefore could only mitigate against a VPN client that was running on that individual computer. It would also require continual updates in order to catch the continually changing list of VPN clients that are out there, and would need very low level access to the operating system in order to detect and analyze all of the software that was running on the computer. This would require a large commitment of resources on OpenDNS part for the continual research and updates that are required, with resulting security risks to all OpenDNS users who use the updater, whether or not they also use a VPN. Considering the relatively low percentages of people who both use VPN and OpenDNS, putting that burden and risk on them seems excessive, especially since it seems that you only use OpenDNS as a recursive DNS service but don't use any of the other security or filtering features of the service.

    Frankly, rather than expecting everyone else to change for your sake, I'd suggest either finding a VPN service that is compatible with OpenDNS (I've heard that they are out there, but have no investigated it) or use a DNS service that does not also perform filtering such as OpenDNS. Many people who don't use their ISP's server or OpenDNS seem to be satisfied with Google's publicly available DNS servers.

    0
    Comment actions Permalink
  • Avatar
    opendns

    Yes, updater software is a client.  It reports to the server/service that keeps track of what they register as being their "home" network.  That's why I refer to it as a client.

    I"ve been told by OpenDNS support (when I've had to report Yet Another IP Address on the VPN that someone decided to register as their "home address," which results in everybody who uses that VPN service and happens to be using that same IP address as a result now being blocked) that they specifically advise people who are using a VPN service to not also use the updater software client to register the address as their home, specifically because of problems like this.

    When I mentioned that if the updater software simply checked for what VPNs they can know about (and PIA is one of the more popular ones) via looking at the process table (for Windows, anyway, which is the most populous OS being used by home users that are using the update client) to identify those VPN clients and simply refuse to register a "home address" with the OpenDNS service, the response was that it was a good idea and that I should suggest it here so that the development team could consider it.

    There is no such thing as a "VPN service that is compatible with the OpenDNS updater," due to the nature of how VPN works.  When someone logs into the VPN service, they get assigned an IP address where they exit the VPN into the Internet at large.  That's the address that the world sees, including what OpenDNS sees when the updater says "register me."  Problem is that due to the wonders of NAT, they're not the only person using that IP address.  So, one person using both the VPN service and the OpenDNS updater client to register that as their "home address" and then set up content blocking end up blocking stuff that they don't want to see for hundreds of other people who are completely unrelated to them.

    Matt, you seem to think that there's not that many people who are using both OpenDNS updater and a VPN service at the same time.  You're more than likely right, over-all.  However, speaking from personal experience, I can tell you that the number is high enough - I'm fairly regularly having to open tickets with OpenDNS support to get a VPN IP address unblocked from the content in question and added to the "do not register" list that they maintain, in order to keep it from happening again (once the IP address is on that list, an OpenDNS updater user can try to register the address all they want, but it will be ignored).

    I'm aware of functionality regarding routers.  Those don't cause the problem I'm describing - they register the address that the ISP gives them.  If a computer behind that router is running a VPN client, they're no longer ON that IP address as far as the rest of the Internet is concerned - everybody else sees them on the IP address the VPN service they're using gave them, not the one the ISP gave their router.  Other computers behind that router that are not using a VPN service appear to the rest of the world as coming from the IP address assigned to their router, as normal.  This problem happens when both the OpenDNS updater and a VPN client is running on the same computer.  Any other combination doesn't cause the issue.  That's why I didn't bring up the subject of routers in my OP - routers with OpenDNS updater capability (are there any?) won't cause the problem.  True, there are some router models that let you configure them for VPN service use, and in those cases, someone running the OpenDNS updater on their computer will still trigger the problem - there's no way for the client to check if the router is doing that.  But I'm pretty sure that the far more common occurrence is the updater and VPN clients both running on a computer.

    Since OpenDNS support people seemed to think that my idea of having the updater client check for the presence of known VPN service software and act accordingly was a good idea, and that I should post it here where the Devs can see it to consider it, I've done so.

    We all have our personal ideas of whether or not something like this is a good idea, and why.  But only the Development team knows if this is something that they'd want to do and how hard it would or would not be.  I've posted here as was suggested to me.  I leave it to them to make the decision one way or the other.  If they decide to do it, it alleviates a problem for a number of people (which I freely admit I'm one of).  If they decide not to do it, that's fine too - I can keep opening tickets to get addresses unblocked and added to the "do not register" list.  It's tedious, given that the VPN service doesn't just assign you to the same IP address all the time (any more than your ISP does in the vast majority of cases), but if it ends up being the only way to eventually fix the problem when enough addresses get added manually to that list, then so be it.  I was simply trying to be more proactive in dealing with a problem that affects more than just me (even if I'm the only one so far who bothered to come here to express the problem and suggest a possible solution). :-)

    Either the devs will consider it a good idea or not.  I leave it in their capable hands.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I still disagree that a simple IP address information updater should check a process table for certain software running or other such unrelated and fruitless stuff to make assumptions about the update strategy.  This is not a viable technical approach for several good reasons.  Beside the reasons Matt Wilson lined out, for example, if your ISP IP address changed during a VPN session, the updater would not update at all. 

    And why wait for OpenDNS developers?  The viable technical solution for your problem is quite easy and to be applied by you, not by OpenDNS:

    Let's assume the dynamic IP address range of your ISP is 123.45.0.0/255.255.0.0, and your router's IP address is 192.168.0.1, then you add the following persistent routes once to your route table, from an elevated command prompt window:

       route -p add 123.45.0.0  mask 255.255.0.0  192.168.0.1                  (Covers the IP address checker my.opendns.com)

       route -p add 208.67.216.0  mask 255.255.248.0  192.168.0.1         (Covers all OpenDNS resolver addresses)

       route -p add 67.215.64.0  mask 255.255.224.0  192.168.0.1           (Covers the update server updates.opendns.com and other opendns.com subdomains)

    This should ensure that the Updater takes only your ISP assigned IP address to send the updates through the normal internet connection.  It should totally circumvent any VPN implementation and tunnel.  And it even works during VPN sessions!

    Your can check the existence of your new persistent routes at any time with:   route print

    Btw, I still do not like and do not entirely read your long stories... ;-)
    It's better to provide quick and easy solutions.

    0
    Comment actions Permalink
  • Avatar
    opendns

    Rob, I appreciate the comments.  However, there is a point that I've tried to make more than once now, and it looks to me from your responses like you've been missing that point.  So I'm going to try a different way:

    I DO NOT USE THE OPENVPN UPDATE CLIENT SOFTWARE AT ALL.  IT'S NOT IN MY SYSTEM.  IT'S NOT PROVIDING OPENDNS WITH ANY INFORMATION ABOUT BLOCKING PREFERENCES FOR ME, NOR IS IT REGISTERING MY CURRENT VISIBLE IP ADDRESS (OR ANY ADDRESS, FOR THAT MATTER) AS BEING "MINE," THUS IT IS NOT SETTING UP CONTENT BLOCKING PREFERENCES.  I SIMPLY HAVE THEIR NAMESERVERS CONFIGURED IN MY COMPUTER FOR DNS RESOLUTION.

    The problem is that OTHER people, who are *also* using the VPN service ARE using the OpenDNS update client software.

    Since we're both using the same VPN service, there's a chance that we can both get the same visible/external IP address (along with hundreds of other people).  When that happens, if the other person registers their IP address as being their "home" address for that time, and their content blocks go into effect, the OpenDNS nameservers will redirect any attempt to go to something that Person X has marked as blocked content for ANYBODY ELSE on the VPN who is also assigned to that same visible/external IP address.  We aren't on their home network, but we're being blocked all the same.

    The routing trick that you suggest above won't do a damned thing for anyone in my position, because the OpenDNS nameservers still see the DNS request coming from my visible IP address, which is the same as the one which got registered to someone across the country from me, and ends up redirecting me to the "content blocked" page.

    Is that short enough for you to read the whole thing? ;)

    0
    Comment actions Permalink
  • Avatar
    opendns

    The Still TL;DR version:

    I'm not using the OpenDNS updater client at all.

    The problem is not trying to get the VPN software that I'm using to result in the non-existant updater not blocking my content

    Solutions involving my trying to do routing tricks around the OpenDNS updater client software, which isn't being used anyway, aren't going to work.

    :-)

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I believe that I'm starting to understand what you're saying.  Let me say it in my words, in one (long) sentence:

    You want OpenDNS to change their Updater client (which you don't use at all), so that other users using the same VPN services like you and using the OpenDNS Updater cannot update their OpenDNS networks with VPN services related IP addresses, binding you to their OpenDNS settings if they do.

    Is that right?  Well, the same reasons for not doing it with the Updater still apply: VPN services come up from anew, may disappear again, or may change their software and related program names, all reasons that the fact someone using a VPN is hardly to capture reliably.  The Updater would have to read an online OpenDNS database being maintained to be much current, because hardcoding it into the program would note make sense, because users may hardly update it to later and current versions.  Such a project would apparently be associated with a not insignificant amount of efforts, cost and also ongoing maintenance, and I can imagine that OpenDNS won't take this for an almost free service.

    My routing tips above still hold true, for users using the OpenDNS Updater client.  Even more, setting up these routes could even be a task the Updater could perform at each startup with relatively small software changes.  This would efficiently prevent the Updater from updating OpenDNS with VPN service related IP addresses and other possible scenarios like Multi-WAN.  And that would be the technical approach to go for, not to check for VPN software running or such nonsense.  Your problem was that you didn't just post what you want to achieve, but also suggested a nearly not feasible technical solution.

    No matter, I'm just a user, and don't use the OpenDNS Updater either, but I use my router's DDNS client to keep my IP address information updated at OpenDNS and other DDNS services.  If an OpenDNS rep has suggested to publish your idea here in the idea bank, so be it.  Let's see what OpenDNS decide about your idea...

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Also, thinking further about the implications of what you're saying:

    Why is it a problem at all for you if someone registered a shared VPN IP address with OpenDNS?  It seems you're using OpenDNS as DNS service also on your VPN connections, forcing this by having it manually configured for the VPN tunnel at your endpoint.  Why in the world do you do this and don't simply use the DNS service offered by the VPN provider via DHCP?  I'm especially asking this as you said you don't use any OpenDNS specific features, so you would not need to use OpenDNS on the VPN connection.

    0
    Comment actions Permalink
  • Avatar
    opendns

    Yay!  I finally got through! lol :)

    Yup, that's exactly it.  I never meant to imply that your routing trick wouldn't work for what you were describing - but it would only work if I was the person who was trying to register an address as "home" for content blocking purposes, etc.  Which would then affect everyone else on the same VPN-assigned IP address as me.  I am not the person who's causing lots of people to be blocked, though. :-)

    As to your question about why I'm using the OpenDNS nameservers while on the VPN - which could just as easily be asked of those people who are causing VPN IP addresses to be blocked access when they do the same thing (OpenDNS updater & VPN client) - the answer is a simple one, really.  There's still a certain amount of security being applied, even when not using the OpenDNS updater client to register your "home" network to allow for content blocking.  It's my understanding that even without using the client, they still block access to known malicious sites (malware, etc.).  I figure that's a good security feature to use.

    Currently, the only way I can deal with this situation is thus:  I'm doing my thing, browsing around.  I try to go to a site from a Google search or whatever, and run into a OpenDNS "content blocked" (for whatever reason) screen.  I login to the website and open a ticket to have the block removed and the VPN IP that i"m on added to the "do not register" list that OpenDNS maintains, for exactly reasons such as this.  Once the IP is on that list, someone running the updater client will never be able to cause that IP address to have its content blocked by them again.  But the VPN service doesn't let me pick my IP, so eventually I end up on another one, and sometimes that ends up blocked, too.  So, "rinse and repeat."

    On one of those occasions where I had opened such a ticket, I had mentioned the idea of having the updater check for the presence of known VPN client software (openvpn.exe, because it can connect to pretty much any VPN service and is widely used; and pia_manager.exe, because that's the native client for the VPN I use, which is a very popular one - it's pretty inexpensive, they don't log, there's no bandwidth limits, etc.).  I was really more just musing out loud, as it were.  The support person who responded, letting me know that the IP address had been unblocked and added to "do not register" said that was actually not a bad idea, and pointed me here to make the suggestion for the developers to look at.

    That's what brought me here. :-)  So yea, as you say, let's see what OpenDNS decides about the idea. ;)

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Great to hear the confirmation that I got it!

    "it would only work if I was the person who was trying to register an address as "home" for content blocking purposes"

    Sure, and therefore my suggestion was to add this routing tweak to the Updater if it is the Updater to care about it at all.  Looking for "popular" VPN software is not the way to go, as outlined in my previous contribution.

    "There's still a certain amount of security being applied, even when not using the OpenDNS updater client to register your "home" network to allow for content blocking."

    Yes, these are phishing sites and very few malware sites.  "At this time, this feature blocks the Conficker virus and the Internet Explorer Zero Day Exploit".  Not really much.  True and full malware blocking is with the Enterprise line of services only.  Instead of using OpenDNS for your VPN connections, you could use another DNS service specializing on malware blocking and not having the feature of individualized content filtering with IP addresses to be registered, like one of the listed at http://www.computerworld.com/article/2872700/

    0
    Comment actions Permalink
  • Avatar
    opendns

    I didn't realize that OpenDNS' security protection (malware, etc.) was so sparse.  Thanks for posting that link, it's an interesting read.

    I find it interesting to note that Comodo offers a DNS service.  I had completely forgotten about them - several years ago, I was one of the people helping to beta test their new (at the time) firewall product that was pretty good.  I haven't been involved with them for quite some time now (used any of their products) and had, as mentioned here, forgotten about them.  Now that I know about their Secure DNS product, I may very well change my DNS configuration in my computer to use their nameservers instead, since it's closer to what I want in terms of protection offered.

    Thanks for the suggestion.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    ...and that said, your "idea" raised here may be essentially obsolete.  There are almost more elegant solutions to problems than one thinks...

    But still, let's see what OpenDNS decide about your idea and after my thoughts about it...

    0
    Comment actions Permalink
  • Avatar
    opendns

    Yup. :-)  It will be interesting to see if they decide to do something along those lines or not.  Just because I've found a solution for me, doesn't mean that other people who might have similar problems have it solved for them.

    With the growing popularity of things like OpenDNS and VPN services, I can still see a situation where you can end up with more than one person on the same IP (via the VPN) and both using the OpenDNS updater client, with different filtering needs, interfering with each other....

    Granted, not my problem anymore. :-)  But one way or another, I think that this type of situation will eventually need to be addressed.  If not now, then sometime in the future...

    Anyway, we'll see what happens. :-)

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I find it interesting to note that Comodo offers a DNS service...   I may very well change my DNS configuration in my computer to use their nameservers instead"

    Comodo Secure DNS may not be the right choice for a longer time.

    Currently in beta, Comodo SecureDNS 2.0 offers customizable content filtering

    That means, also with this service IP addresses can be registered, and you'll run into the same problems as with OpenDNS.  You should choose a service which does not offer individual customizations with registering of IP addresses.  Looking through the list, the only remaining one may be Norton ConnectSafe.

    0
    Comment actions Permalink
  • Avatar
    opendns

    Yeah, I saw that....  (Thanks for mentioning it, though, in case I had missed it.)  It really depends on how they implement the filtering and choices of what gets filtered.  That said, I sent them an E-Mail asking about it, and detailed the kinds of problems that OpenDNS updater client has with VPN services.  I figure since it's still in beta, NOW is a good time to make them aware of situations like that. :-)

    I have to admit that Norton's system seems to be ideal, with no software requirements.  They've got three groupings of DNS servers you can configure your computer, for three different levels of filtering.  Security A is the one I'd want - malware and other dangerous sites are blocked.  Then there's Security B which is that plus porn.  And lastly is Security C which does same as B plus some other content types that they describe on their page.

    You know, if OpenDNS did it that way, they could solve the whole problem that I described here by doing that - one pair of IP addresses to set for your nameserver if you want to be able to use the updater client to set your filtering requirement, and one set that completely ignores any registrations from the updater client.  No changes required to the updater at all, and they could use the existing DNS servers to continue to support the content filtering (so nobody currently using the software has to change anything), and add two new IP addresses for those of us who don't use the updater software.  Norton seems to have the right idea! :-)

    0
    Comment actions Permalink
  • Avatar
    ferthalangur

    A data point to add to this discussion ... I recently registered with OpenDNS and started using the updater, and I have been using PIA (https://privateinternetaccess.com) as my VPN service. I just noticed today that OpenDNS disabled my registered "home" network ... either their servers are disabling dynamic IP address updates to PIA addresses, or their servers are disabling dynamic IP address updates that are happening too frequently.  

    The OS X PIA software doesn't let you disable the "DNS Leak Protection" anyway.  So ... if you are using PIA on OS X, you are using their nameservers when it is active.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "OpenDNS disabled my registered "home" network ... either their servers are disabling dynamic IP address updates to PIA addresses, or their servers are disabling dynamic IP address updates that are happening too frequently."

    A fantastic theory, OpenDNS servers having influence on dynamic IP address updates, rather something for a SciFi TV show.  Would you have any evidence like a screen shot or log for your theory?  Or what else are you attempting to tell us?

    0
    Comment actions Permalink
  • Avatar
    ferthalangur

    Sorry @rotblitz, I wrote imprecisely.  I didn't take screen shots before fixing my account.


    I had registered my ISP IP address as my home network, and then I installed the OpenDNS Updater application. My laptop had been engaging and disengaging from the PIA VPN. Presumably, the Updater would send an update to OpenDNS whenever this happened, to change the IP address that was registered as my "Home" address for statistics and DNS blocking. I am only using minimal filtering from OpenDNS, to block requests for Adware and Web Spam. After running for a couple of days, I found that my home network at OpenDNS was labeled "Disabled" or "Inactive" ... I don't recall which. They did not say why ... I presume that there is some kind of rate limiting built into the API that lets the Updater change your home IP address.

    The other note probably would have been more appropriate to post under another entry: https://support.opendns.com/entries/98709237-OpenDNS-Private-Internet-Access-VPN- because PIA on OS X sets your resolver IP addresses when the VPN connects, and it can't be bypassed as it can with PIA under Windows. The PIA setup tool hides the "DNS Leak" parameter (I am not sure if this was intentional or an HTML error which I found in their client). However, if you change the value in their configuration parameters directly, for DNS Leak protection, nothing changes. Explicitly set DNS addresses are overwritten by PIA when the firewall kicks in.

    _rob_

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I see now, that's much clearer.  Well, the first issue with the OpenDNS updater, you must fix it while configuring persistent routes for the IP addresses in question, as I have shown above.  That should be possible also on Mac OSX.  There's nothing what could be done by the Updater program itself.  It cannot know if you're also using VPN connectivity at times, and provisionally configuring persistent routes out of the program doesn't make sense either.  You have to do this yourself.

    And the status of your network was most likely "Inactive".  This can happen if two sites compete about updates against the same account/network label too much.  OpenDNS sets the network to "Inactive" then.  The next update after some (unknown) time will succeed however and reactivates the network.  For OpenDNS it looked as if these updates came from totally different network locations - which they indeed came from, the one from your home IP address, the other from the VPN server address.

    The other issue is especially with PIA under Mac OSX, so is not an OpenDNS topic.  You'll have to get this sorted with PIA support.

    0
    Comment actions Permalink
  • Avatar
    hans2150

    First of all sorry for my bad English. And even with my bad English i don´t bother your long stories or sentences ;). I´m a leacher so i never reply in forums, except this thread i`m very intrested. I think i was one of those folks who was restricting a vpn ip adres. I made it active in my dashboard. Until i had this message from a person for unblocking a certain site. My setup: vpn active in router, parental control dns filtering in router, marcs updater active on my laptop (no automatic dns updating in my router because of nat). So i read all your comments and decided to set my isp ip active in my dashboard so i don`t harm other users using the vpn ip adress. But now my kids are unprotected surfing the net. Any options to make this work? I want everybody to connect anonoumysly to the internet, even smartphones, i don`t want to install pia managers on every device. And i want dns filtering for certain devices with automatic ip updates. Should i use tor? Also an option in my router. As you can see i have a lot of options open in my router.

    Hans

    p.s hope it`s not to much for looking to my screeshots provided ;)

    THX




    screencapture-10-100-1-1-Advanced_OpenVPNClient_Content-asp-1457866107260.png
    screencapture-10-100-1-1-Advanced_WAN_Content-asp-1457868234924.png
    screencapture-10-100-1-1-Advanced_DHCP_Content-asp-1457868209304.png
    screencapture-10-100-1-1-DNSFilter-asp-1457866023166.png
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    So, just do summarize my understanding:
    You generally want to go through a VPN tunnel to PIA's VPN server.  And you want to have some "protection" via DNS with this too.

    In this case configuring OpenDNS as of picture 4 cannot take effect, because you're circumventing your normal ISP connection.  You just use this for the VPN tunnel.  If you configured OpenDNS in the LAN DHCP settings (picture 1) or in the WAN settings (picture 3), you would cause a DNS leak, and your DNS traffic would no longer be "anonymous" through the VPN, but visible on the internet.

    So, the only chance to have DNS filtering is to configure the OpenDNS FamilyShield addresses as of picture 2 option "Accept DNS configuration" if this is possible at all.  You'll have to delete your OpenDNS dashboard network and are bound to the pre-defined static FamilyShield configuation.

    "And i want dns filtering for certain devices with automatic ip updates."

    Not sure if this is possible at all if these have to go through the VPN.  It's possible only if you go through the normal ISP connection, no longer being anonymous.  And even then you only can have either filtering (with OpenDNS) or no filtering (with another DNS service).  OpenDNS will always see your one public IP address only, so has no way to differentiate between devices in your LAN.  The automatic IP address information updates can be done from the devices using OpenDNS, e.g. with Marc's Updater.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Still something about your picture 4, although you may not actually use this configuration.  You have mixed DNS services there, two OpenDNS resolvers and a local resolver.  You should not mix DNS services, because you don't get consistent results then.  OpenDNS has additional resolver addresses, 208.67.222.220 and 208.67.220.222, which can be used in such cases.

    0
    Comment actions Permalink

Please sign in to leave a comment.