OpenDNS not working on Time Capsule

Comments

29 comments

  • Avatar
    rotblitz

    "OpenDNS not working on Time Capsule"

    This is true. OpenDNS does not work on routers but is an online service. You just configure the router to send your DNS lookups to OpenDNS. But it doesn't "work" there...

    "Is there anyway I can this to work from within the router? We're using Apple computers if that helps?"

    What do the people in the Apple support forum say? Here are the OpenDNS experts, the Apple router experts are somewhere else. You would have the same problem with any other DNS service. This is not OpenDNS specific.

    "However, even after clearing cookies, caches, and flushing the DNS"

    Also, you don't need to flush the cookies, just the caches.

    "They're not technically minded enough yet to undo this, but I'm sure in the future they would be very well capable of searching to see what OpenDNS is and how to disable it."

    Not if you don't let them be admins on the computers. You shouldn't! Nobody should unless administrative work is due.

    0
    Comment actions Permalink
  • Avatar
    Brian Hartvigsen

    In order to troubleshoot this is may be best to open a support ticket.  We are going to need screenshots of your Time Capsule confguration as well as the current configuration of your computer(s).  It could simply be that the computers are still holding the DNS servers that were given to them on their initial DHCP lease (before you changed the configuration.)  A simple reboot of the computers would allow you to see if that's the issue.

    If that doesn't resolve the issue, please open a support request and my team will be happy to assist you.

    0
    Comment actions Permalink
  • Avatar
    jmatlof

    I have this same problem. Everything appears to be configured properly on my TIme Capsule, but it's not enforcing Domain Blocking. Attached is a screen shot of my Airport utility.

    THank you SO MUCH for any help.

    Jason




    Screen Shot 2013-07-05 at 7.20.23 PM.png
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @jmatlof
    Looks good. And, what does not work? Does the page http://welcome.opendns.com/ indicate that you're not using OpenDNS?
    Try with entering these IPv6 DNS server addresses in addition: ::ffff:d043:dede and ::ffff:d043:dcdc

    0
    Comment actions Permalink
  • Avatar
    jmatlof

    Everything looks to be configured.  And, if I go into my OpenDNS account, it says that it's blocking domains (see attached screen capture).

    Unfortunately, it's actually not blocking access.

    And, if I check the test pages you recommend (above -> welcome.opendns.com) they say that OpenDNS is not working.

    Can you please help out?  Thanks!

    Jason




    Screen Shot 2013-07-06 at 11.03.26 AM.png
    0
    Comment actions Permalink
  • Avatar
    jmatlof

    BTW, I entered the additional IPv6 DNS entries you recommended.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    It seems you don't use OpenDNS permanently and reliably, seeing that only a few domains are blocked and that the test page confirms you not using OpenDNS at this time.

    The main reason may be that you have an IPv6 connection and didn't configure OpenDNS IPv6 DNS resolver addresses before, so you may have used your ISP's IPv6 resolvers. Now as you have done it, it should be good.

    If you say no, did you flush both, your local resolver cache and your browser cache after the settings change?
    http://www.opendns.com/support/category/10
    If not, you are served out of your caches which can last for a longer time.

    If you still have problems, even after flushing your caches, post the complete plain text output of the following command:

    nslookup -type=txt debug.opendns.com.

    0
    Comment actions Permalink
  • Avatar
    jmatlof
    You rock. The IPv6 DNS did the trick. I had no idea that my network was usin IPv6.

    Thanks so much!
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @Brian
    Time to include this instruction into the official instructions where applicable.

    IPv6 DNS server addresses in addition: ::ffff:d043:dede and ::ffff:d043:dcdc

    0
    Comment actions Permalink
  • Avatar
    crunkhasthehorn

    Sorry for the massive delay in replying to this. I did come back after the first person had answered and was disheartened by the answer and basically just forgot to come back! Only going through bookmarks I saw this thread and thought I'd check it again.

    Anyway, my screen shot of my settings looks exactly the same as Jason's screenshot with the DNS entries. My IPv6 server areas were also empty. I've input the IPv6 DNS entries as stated in your previous reply into my IPv6 area and saved. After saving I get the following:

    ::ffff:208.67.222.222
    ::ffff:208.67.220.220

    Is that how it show show after saving? Or should it match the same as the 1st DNS servers? I've attached a screen shot after saving. As I also use the Airport Express to extend my network, I also entered the additional IPv6 settings into that too as some of my devices connect to that instead of the Time Capsule.

    Either way, it still doesn't appear to be working and I'm still getting the Oops page. I've done a full reset on Chrome to test it out. My next step is the nslookup which is provided below.

    Server: 194.168.4.100
    Address: 194.168.4.100#53

    nslookup -type=txt debug.opendns.com
    Server: 194.168.4.100

    Address: 194.168.4.100#53

    ** server can't find debug.opendns.com: NXDOMAIN

    Any help would be greatly appreciated before I go ahead and submit a support ticket.

    Thanks in advance.




    open-dns-1.jpg
    0
    Comment actions Permalink
  • Avatar
    maintenance

    Looks more like your ISP is preventing you from using third-party DNS services. You may be able to opt out of this. Who is your ISP?

    0
    Comment actions Permalink
  • Avatar
    maintenance

    Never mind, I see your ISP is shown in the screen shot. Remove that domain name, replace it with a dot if the field demands input. Flush caches and try again.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    If still not working, post the complete plain text output of this command:

    nslookup -type=txt which.opendns.com. 208.67.220.220

    0
    Comment actions Permalink
  • Avatar
    crunkhasthehorn

    @maintenance - I was able to input a dot into the domain name area and have saved, but now my Airport Express is showing the yellow caution sign. It won't seem to stay connected to the TC unless I remove the dot. Then it goes back to being OK again (green light).

    @rotblitz - here's the complete output via terminal:

    nslookup -type=txt which.opendns.com. 208.67.220.220
    Server: 208.67.220.220
    Address: 208.67.220.220#53

    Non-authoritative answer:
    which.opendns.com text = "3.lon"

    Authoritative answers can be found from:

     

    Thanks again for your help. Can someone mark this as unanswered to? I can't seem to remove the answered part, and it's clearly not resolved.

     

    0
    Comment actions Permalink
  • Avatar
    crunkhasthehorn

    Hmm, odd. When I did the first terminal command it didn't show anything after the "authoritative answers can be found from:" part. (I think this was after saying with the dot in the domain section.

    But here's the complete output:

    nslookup -type=txt which.opendns.com. 208.67.220.220
    Server: 208.67.220.220
    Address: 208.67.220.220#53

    Non-authoritative answer:
    which.opendns.com text = "3.lon"

    Authoritative answers can be found from:
    Server: 208.67.220.220
    Address: 208.67.220.220#53

    Non-authoritative answer:
    which.opendns.com text = "3.lon"

    Authoritative answers can be found from:

    Lisa-iMac:~ Lisa_iMac$ Server:
    .CFUserTextEncoding .ssh/ Sites/
    .DS_Store .thumbnails/ WP BACKUP/
    .Trash/ Applications/ WP BROKEN/
    .adobe/ Desktop/ footer-1.png
    .bash_history Documents/ footer.png
    .config/ Downloads/ functions.php
    .cups/ Library/ headline-sidebar-1.png
    .dvdcss/ Movies/ headline-sidebar.png
    .login Music/ home.php
    .profile Pictures/ post-1.png
    .rnd Public/ post.png
    Lisa-iMac:~ Lisa_iMac$ Server:208.67.220.220
    -bash: Server:208.67.220.220: command not found
    Lisa-iMac:~ Lisa_iMac$ Address:208.67.220.220#53
    -bash: Address:208.67.220.220#53: command not found
    Lisa-iMac:~ Lisa_iMac$
    Lisa-iMac:~ Lisa_iMac$ Non-authoritative answer:
    -bash: Non-authoritative: command not found
    Lisa-iMac:~ Lisa_iMac$ which.opendns.comtext = "3.lon"
    -bash: which.opendns.comtext: command not found
    Lisa-iMac:~ Lisa_iMac$
    Lisa-iMac:~ Lisa_iMac$ Authoritative answers can be found from:
    -bash: Authoritative: command not found
    Lisa-iMac:~ Lisa_iMac$ nslookup -type=txt which.opendns.com. 208.67.220.220
    Server: 208.67.220.220
    Address: 208.67.220.220#53

    Non-authoritative answer:
    which.opendns.com text = "3.lon"

    Authoritative answers can be found from:

    Lisa-iMac:~ Lisa_iMac$

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    This was to prove that you can use OpenDNS at all, i.e. that your ISP does not redirect your DNS lookups. You can use OpenDNS, more detailed the OpenDNS London location, but your router at 194.168.4.100 does not forward your DNS lookups to OpenDNS despite of your configuration.

    Oops, just seeing, your router (or your computer's DNS configuration) has a weird IP address of 194.168.4.100. This is publicly routable, not a private RFC-1918 IP address as should be for LAN use. It seems you have severe network configuration errors. Maybe this should actually be 192.168.4.100 instead?

    If this is not the root cause, then this problem is therefore merely a router problem, not an OpenDNS problem. You would have the same troubles if you tried to use any other DNS service, e.g. Google DNS. And because here are the OpenDNS experts, not the Apple router experts, you would be served much better in an Apple support forum.

    In the old forum we have a similar case (http://forums.opendns.com/comments.php?DiscussionID=68380), but this wasn't resolved either.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Ah yes, this 194.168.4.100 is Virginmedia's DNS resolver address, and because you mix DNS services, you use OpenDNS only randomly, if at all. You must remove non-OpenDNS resolver addresses from your configuration, wherever you find them, on the routers and/or on your computer. Your computer's DNS server configuration is to point to the router's IP address only.

    0
    Comment actions Permalink
  • Avatar
    maintenance

    Merely with respect to the "dot", since Rotblitz has the rest of this covered: I meant that you should use this only if the configuration field would not accept a completely blank condition (demands input).

    0
    Comment actions Permalink
  • Avatar
    maintenance

    Also, I'm a bit embarrassed for not catching on to the server IP that vaguely looked like a private address to someone like me who wasn't paying close attention. Sorry I missed that.

    0
    Comment actions Permalink
  • Avatar
    photo1257

    I just realized that my OpenDNS has not been working since I installed our time capsule about 6 months ago.  I tried to make sense of the cases here but I have no clue where to start.  Could someone tell step by step what to do?  I am running snow leopard and have a time capsule. 

    Thank you!

    Deb

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I have no clue where to start."

    https://store.opendns.com/setup/device/apple-timecapsule-v76

    0
    Comment actions Permalink
  • Avatar
    maintenance

    Indeed, if you introduce new equipment to to a network where OpenDNS is used, you will have to configure the new equipment. E.g., a new router for a network where the OpenDNS addresses were configured on the previous/incumbent router.

    0
    Comment actions Permalink
  • Avatar
    crunkhasthehorn

    rotblitz - "Ah yes, this 194.168.4.100 is Virginmedia's DNS resolver address, and because you mix DNS services, you use OpenDNS only randomly, if at all. You must remove non-OpenDNS resolver addresses from your configuration, wherever you find them, on the routers and/or on your computer. Your computer's DNS server configuration is to point to the router's IP address only."

    I completely forgot about this. Good catch! I had added Virgins's DNS to my direct network settings a while back when I couldn't access a site and they went through troubleshooting with me. Looks like I forgot to remove that.

    Anyway, I removed the Virgin DNS settings from my network preferences and have cleared the cache and all is well. OpenDNS is again working from within the router itself. It was the Virgin DNS settings that was as you mentioned causing a conflict.

    Thanks so much for putting up with me and helping getting OpenDNS to work again through the TC. 

    0
    Comment actions Permalink
  • Avatar
    crunkhasthehorn

    Well guess who's back. :(

     

    Just bought a brand new Time Capsule and now OpenDNS is back to not blocking any websites despite being correctly configured (matching old TC settings that worked), and even the OpenDNS welcome page says I'm on OpenDNS but nothing being blocked.

     

    Ugh, I wish I knew what was going on now. I only upgraded because my old 1st gen TC has started having range issues.

     

    Can anyone help with whatever's going on this time? There's no duplicate DNS's or anything going on.

    0
    Comment actions Permalink
  • Avatar
    crunkhasthehorn

    Nevermind, updated IP and working correctly again. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    No worries. ;-)

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Your IP address 24.59.163.23 is not registered with your OpenDNS network.  https://dashboard.opendns.com/settings/

    0
    Comment actions Permalink
  • Avatar
    aaron14850

    I see my ip address on the settings page you mention above, as my "home" network. Is there some other way I'm supposed to register it? 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    No, this is the only one place.

    However, this debug.opendns.com text = "id 0" clearly indicates that your IP address is not registered with any OpenDNS network.  Can you post a screen shot from the Settings page?

    0
    Comment actions Permalink

Please sign in to leave a comment.