Does OpenDNS block IP addresses in the URL or not?
For the last year-or-so, I've recommended OpenDNS to those who attend the same church as I as a way to gain more control over the media content coming into their homes. I've used OpenDNS for many years and have found it to be a very useful tool when combined with open dialog (...or maybe more aptly stated, OpenDIALOG!) with our teens about what is acceptable content in our home.
In an effort to keep up on the latest "hacks" to get around OpenDNS, I'm hearing that people can simply use an IP address in the URL and essentially bypass OpenDNS. Being a software developer with a network background, I completely understand why OpenDNS, in its basic form, would not be involved in an IP address request/transaction where the IP address is already known.
I looked up my church website's IP address, and entered this address into the url of my browser, and it didn't resolve. So I blacklisted the website name....then, using both the IP address and the website, OpenDNS blocked the website with my custom message. Hmmm...unexpected. Then, when trying to view sites where I've blacklisted them by name and attempt to access them by IP address, the browser tries, but returns a blank screen. Hmmm...inconsistent.
So, I'm pretty confused right now as to whether OpenDNS is actually handling both IP addresses as well as website names in its attempt to filter by the users' selected categories. I seems like a gaping hole if users are able to get around a filtering system by simply pinging a website directly to get the IP address, then entering that address into the URL.
Anyone who can confirm or refute the idea that OpenDNS is blocking by both web name and IP address?
-
As you have said yourself, when using an IP address, DNS (and therefore OpenDNS) is not involved at all....
"OpenDNS blocked the website with my custom message. Hmmm...unexpected. Then, when trying to view sites where I've blacklisted them by name and attempt to access them by IP address, the browser tries, but returns a blank screen. Hmmm...inconsistent."
...Therefore you get different results. If using the domain name, OpenDNS is involved and redirects to the block page. If using the IP address, you're landing at the right remote server, but this doesn't know what content to present, so you may get a blank page, because the domain name information is missing from the HTTP request. Most website hosting today is virtual, so if no domain name is contained in the HTTP request, the web server doesn't know what content to present.
"I'm hearing that people can simply use an IP address in the URL and essentially bypass OpenDNS."
Theoretically, yes But not in practice as you have proved with your testing, because nearly everybody uses virtual hosting nowadays which requires the domain name.
"I seems like a gaping hole if users are able to get around a filtering system by simply pinging a website directly to get the IP address"
This is not possible if using OpenDNS. The ping again would raise a DNS lookup and would return an OpenDNS IP address.
"Does OpenDNS block IP addresses in the URL or not?"
As you know already, OpenDNS does not see requests where only IP addresses are used and also does not see URLs, it just sees domain names. Your network does not send this information about IP addresses or URLs to OpenDNS, only the DNS lookups which contains a domain name. Therefore OpenDNS can block based on domain names only. And also your stats can be about domain names only.
-
"I looked up my church website's IP address, and entered this address into the url of my browser, and it didn't resolve."
IP addresses are not to be resolved at all. If you didn't reach the blank page you reached later on, you had a typo with this attempt, definitely. Or there was a server outage at this time. There's no other possibility.
-
Thank you for your replies. I appreciate your time confirming that OpenDNS does, in fact, work only with domain names. I guess the only oddity in my tests was when I used a blacklisted domain in my list, found the IP address, and entered the IP address into the browser...then the browser showed me my custom block message on OpenDNS.
Maybe the data was cached somehow? Don't know.
-
Maybe the data was cached somehow?
As rotblitz mention, this is an artifact of a site using virtual hosting, but not all do. Therefore using an IP address in the address bar may return an unwelcome site. Virtual hosting aside, think of OpenDNS as a telephone book. To call my friend John, I look him up in the phonebook, and see his telephone number, which I use to contact John. The next time I call John, I don't need the phonebook, because I've remembered his number, or committed to a sticky note next to my phone. OK?
It gets more complicated when one server hosts multiple domains, say domain1.com and domain2,org. If you were to ping these, you would get the same IP for both. If you then used that IP address in your address bar, the server would not know what to do with your request, because it would have no way to tell the domain you are seeking. That's the simple overview. I'll leave it to others to "dig" deeper.
-
"when I used a blacklisted domain in my list, found the IP address, and entered the IP address into the browser...then the browser showed me my custom block message on OpenDNS.
Maybe the data was cached somehow?"Oh yes, this is a clear example of what your browser cache does. And you clearly didn't flush it, right? It recognized that it had recently downloaded the content of this site (the content was the OpenDNS block page), so most likely it didn't do anything over the network at all, but simply presented you with what was on disk already from your last visit.
Therefore it is so essential to flush both, your local resolver cache and your browser cache, after each settings change regarding OpenDNS, if you want your changes to take effect immediately. Else you are simply presented with the stuff from the caches, even after days or weeks.
You could disable all your caches, especially the browser cache, but this would slow down your surfing experience, because the browser had to download a page again and again, although it may have been visited just seconds or minutes ago.
Please sign in to leave a comment.
Comments
5 comments