One site can not be blocked - driving me crazy

Comments

15 comments

  • Avatar
    rotblitz

    "Non-authoritative answer: Name:    www.friv.com Address:  67.215.65.131"

    This 67.215.65.131 is hit-block.opendns.com, not the real IP address of www.friv.com, indicating that you have blocked the domain individually with your blacklist, so your browser should have no way to access the site and it should be blocked.

    If you can access it nevertheless, then your browser circumvents your OS DNS settings, be it because you may have "turbo mode" or "search auto-completion" or some of such features enabled, or because you have configured a proxy, or you use a VPN connection, or more.

    "friv100games.org which points to the same address."

    Not for me. For me these are two totally different sites.

    0
    Comment actions Permalink
  • Avatar
    bussty

    Thanks Rotblitz

     

    Sorry didn't realize 67.215.65.131 was a opendns server which I guess the same for any domain  I block.

     

    OK but now I am confused, if I had a "turbo mode" or "search autocompletion" enabled then surely I should be able to view all my blocked domains but the only one I can is friv.com

    Could you do me a favour and load the site on your block list then see if you can access from a standard Windows Internet Explorer? I get the same result in Explorer and Chrome so it suggests it might be something outside of these?

    Is it possible that when you first visit friv.com it copies something to your computer to circumnavigate opendns? I would hope this wasn't the case as it would comprise what opendns is trying to achieve.

    Finally what else would you suggest to try and find the cause that would also explain why other blocked sites on my blacklist stay blocked

    Thanks so much for your help, I have read the forums extensively to try and find a solution and your name pops up an awful lot - you really know your opendns! :-)    

     

    Cheers

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I guess the same for any domain  I block."

    No, there are two different addresses, depending on if you block via category or individually.

    "Is it possible that when you first visit friv.com it copies something to your computer to circumnavigate opendns?"

    Sure, the OS writes it to the local resolver cache, and the browser writes the whole content to its cache. Therefore it is mandatory to flush these caches after each settings change, else your changes take effect much delayed.

    I don't have much more ideas yet.

    0
    Comment actions Permalink
  • Avatar
    bussty

    I have finally been able to block it by loading www.friv.com into the anti-banner section of Kaspersky but have had to do it on all the PC's in our house. This is no where near as elegant a solution as using opendns.

     

    Its really bugging me though how a website can be so evasive. Have you tried blocking on your system with any success?

     

    Many thanks    

     

     

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "Have you tried blocking on your system with any success?"

    No, too much efforts for me.  It works with every other site, so why shouldn't it work with this site?  As you have proven with your nslookup output, it's blocked for you, so it's good.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Well, I added friv.com to my "always block" list, and as expected, both friv.com and www.friv.com are blocked, and I'm landing at the usual OpenDNS block page, customized by me.  Verified with FireFox 23, IE 8, Iron (Chromium) 29, Safari 5.

    0
    Comment actions Permalink
  • Avatar
    ildavo

    Please reference seeming reoccurrence of bussty's issue, above at: OpenDNS does not block specific URL

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    0
    Comment actions Permalink
  • Avatar
    ildavo (Edited )

    Both my separate post and my reply in this thread to rotblitz's observation that my separate post is unreachable are "pending approval."

    'Net: I was unable to block domain "bidgely.com," until I discovered the following:

    Update: Discovered that Mac host on which my Windows virtual machine is running (where I'd flushed DNS and browser cache within Windows) had a DNS resolver cache of its own that I needed to flush.

    I issued the following commands on my Mac:

    • dnscacheutil -flushcache
    • sudo killall -HUP mDNSResponder

    ...and now neither the Windows guest, nor the Mac host could access bidgely.com -- as intended: Hooray!

    ...but both OS environments can still browse to "www.instagram.com," which I'd also configured OpenDNS to block.

    1 step forward -- 2 steps back!

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "unreachable are "pending approval.""

    Open a support ticket with OpenDNS to get your contributions released or deleted.

    "but both OS environments can still browse to "www.instagram.com,""

    What exactly did you do to block it?  You should have added instagram.com to your "always block" list.  In case you need further help, copy & paste the complete plain text output of the following diagnostic commands to here:

    nslookup -type=txt debug.opendns.com.
    nslookup instagram.com.
    nslookup www.instagram.com.

     

    0
    Comment actions Permalink
  • Avatar
    ildavo (Edited )

    Hi, @rotblitz,

    Thank you very much for your follow-up. Ticket #297672 submitted, as advised.

    Re: What exactly did you do to block it?  You should have added instagram.com to your "always block" list.:

    My OpenDNS settings for "Always Block" Domains include:
    bidgely.com   
    cdninstagram.com   
    instagram.c10r.facebook.com
    instagram.com

    Re:   In case you need further help, copy & paste the complete plain text output of the following diagnostic commands to here:

    nslookup -type=txt debug.opendns.com.
    nslookup instagram.com.
    nslookup www.instagram.com.

    Output:

    c:\>nslookup -type=txt debug.opendns.com
    DNS request timed out.
        timeout was 2 seconds.
    Server:  UnKnown
    Address:  2605:e000:1c0a:c1c2::1

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to UnKnown timed-out

    C:\>nslookup instagram.com
    DNS request timed out.
        timeout was 2 seconds.
    Server:  UnKnown
    Address:  2605:e000:1c0a:c1c2::1

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to UnKnown timed-out

    C:\>nslookup www.instagram.com
    DNS request timed out.
        timeout was 2 seconds.
    Server:  UnKnown
    Address:  2605:e000:1c0a:c1c2::1

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to UnKnown timed-out
    0
    Comment actions Permalink
  • Avatar
    rotblitz
    Server:  UnKnown
    Address:  2605:e000:1c0a:c1c2::1

    Does this look like an OpenDNS resolver address?  Definitely not!  This is apparently the DNSv6 service of your ISP, assigned to Time Warner Cable Internet LLC (RRWE).  And even worse, this DNSv6 service seems to be unresponsive or has a lousy response time because everything times out.  As long as your DNS lookups go to your ISP's DNSv6 service, OpenDNS can do nothing for you, and your dashboard settings are irrelevant.

    Either configure ::ffff:d043:dedc and ::ffff:d043:dcde as DNSv6 resolver addresses (preferred if it is possible), or disable IPv6 connectivity altogether, on the router or on the devices.

    0
    Comment actions Permalink
  • Avatar
    ildavo

    Many thanks, @rotblitz, for not only stating my error, but also for advising as to how I could have detected the error.

    I'll pursue config changes on my Asus RT-AC66u router.

    0
    Comment actions Permalink
  • Avatar
    ildavo

    Hi, @rotblitz,

    After surfing/reading further (https://support.opendns.com/hc/en-us/community/posts/220968327-ipv6-filtering-needed ), I now understand that entering:

    ::ffff:d043:dede

    ::ffff:d043:dcdc

    ::ffff:d043:dedc

    ...as my IPv6 DNS servers instructs my router to resolve IPv6 DNS requests as: OpenDNS IPv4 addresses: 208.67.220.220 and 208.67.222.222, thus causing device-originated IPv6 DNS requests to leverage OpenDNS' IPv4-based DNS filtering.

    Best of all: device requests for blocked domains really are now blocked, as intended.

    Thanks!

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Excellent!  Glad to hear that your router accepted this.  Many routers do not.  Mine does accept it too.

    0
    Comment actions Permalink

Please sign in to leave a comment.