?OpenDNS filter for social networking doesn't block some sites. . .

Comments

19 comments

  • Avatar
    rotblitz

    Are you using OpenDNS at all?  Check at http://welcome.opendns.com/

    "I tried blocking facebook and ask.fm"

    What exactly did you do to block the sites?

    "I checked my ip was updated in the openDNS system, then I waited a few hours."

    Waiting a few hours doesn't make sense.  You must flush both, your local resolver cache and your browser cache, to see results immediately, else you had to wait for days or weeks.

    "Surely these two big and popular sites would be in the blocklist??"

    What?

    Still having problems?  Post the complete plain text outputs of the following commands here (trailing dots are part of them!):

    nslookup -type=txt debug.opendns.com.
    nslookup facebook.com.
    nslookup ask.fm.

    0
    Comment actions Permalink
  • Avatar
    maintenance

    rotblitz - it may be hazardous, but I assume from the post title that the Social Networking category was engaged under the Custom Options.

    If not, geaf this is the minimum which must be done, prior to flushing both browser and local resolver caches, assuming you are in fact using OpenDNS.

    "Surely these two big and popular sites would be in the blocklist??"

    You can always check this.   http://community.opendns.com/domaintagging/  For Social Networking, ask.fm is not. You can always vote for it, assuming this is appropriate. It currently falls under Forums/Message Boards, Chat, IM, and Blogs. If these categories are unacceptable to be blocked, then it can be added to your Always Block list.

    But you should sort out the diagnostic steps which rotblitz has provided first.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I bet he doesn't use OpenDNS, or his IP address is not registered with his OpenDNS network.

    0
    Comment actions Permalink
  • Avatar
    geaf

    Rotblitz, thanks for your help. 'I bet he doesn't use OPENDNS'?

    WTF?

    I'm a tech specialist. I do networking and PC repairs for a living. I KNOW how to use a dns server thank you.

    heh.

    I was and AM using openDNS or um, why on earth would I use this to ask about the problem?

     

    Anyway, thanks for the advice maintenance, I was using the custom options to block social networking sites as a test. I wondered why ask.fm (the latest site to be popular with youngsters in UK and number one for online bullying too) was not being blocked. Confusion over. I can now block ask.fm with the forums category.

    Problem solved.

     

    rotblitz - get another job, one where you can be antisocial without insulting people looking for help. Just a thought...

    0
    Comment actions Permalink
  • Avatar
    wolfhomma

    I have set a time block in Live Parental Controls to HIGH, which should exclude all social networking sites, video sharing sites, etc.

    After flushing the cache on a laptop that is connected to my Netgear router, I can easily access Facebook, Twitter, Myspace, Skype, Photobucket, etc.

    What am I doing wrong? I logged into my OpenDNS account with the Netgear Genie application, declared time blcoks and filter levels...

    Thanks!

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "which should exclude!" should read "which should include", right?

    Ok, post the complete plain text output of the following commands here:

    nslookup -type=txt debug.opendns.com.
    nslookup facebook.com.

    0
    Comment actions Permalink
  • Avatar
    wolfhomma

    Yes, include in the filter list, i.e. exclude from access.

    I tried the commands in a DOS window, and got the following responses:

    1st command:

    Server:     unknown

    Address: 192.168.1.1

    *** UnKnown can't find debug.opendns.com: Non-existent domain

    2nd command:

    Server:     unknown

    Address: 192.168.1.1

    Non-authoritative answer:

    Name:   facebook.com

    Addresses: 2a03:2880:2110:df07:face:b00c:0:1

         173.252.110.27

    This was at a time when the HIGH filter level was not enabled. Thanks! Do I have to be in a certain folder to make these commands work?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    You do not use OpenDNS at all, so your DNS queries do not go to OpenDNS, and therefore your settings cannot take effect.
    See http://welcome.opendns.com/

    Reasons for this could be:

    • You have enabled IPv6 connectivity.  Try with disabling (unchecking) TCP/IPv6 in the active network connection properties on your computer.
    • If  the IPv6 connectivity isn't the culprit, then your ISP may be redirecting your DNS queries to their own DNS service.
    -1
    Comment actions Permalink
  • Avatar
    wolfhomma

    rotblitz, I believe you are right. Rather than connecting to OPenDNS I found a much easier way to implement the blocks using a feature built into my Netgear router. This feature lets me maintain a list of keywords and domains that will be blocked during a selectable time block. Even an IP address for a privileged device can be selected that is allowed to bypass the blocks. Unfortunately, the Netgear manual does not explain too well how to use OpenDNS, which makes the nice graphical interface for parental controls provided by Netgear, and the nice features of OpenDNS less accessible.

    Thanks! Wolf

    0
    Comment actions Permalink
  • Avatar
    jassgroup

    C:\Windows\system32>nslookup -type=txt debug.opendns.com.
    Server:  resolver1.opendns.com
    Address:  208.67.222.222

    Non-authoritative answer:
    debug.opendns.com       text =

            "server 3.hkg"
    debug.opendns.com       text =

            "flags 20 0 2F6 1950C007C00100A0801"
    debug.opendns.com       text =

            "originid 16285372"
    debug.opendns.com       text =

            "actype 2"
    debug.opendns.com       text =

            "bundle 4975488"
    debug.opendns.com       text =

            "source 49.145.80.187:51710"


    C:\Windows\system32>nslookup facebook.com.
    Server:  resolver1.opendns.com
    Address:  208.67.222.222

    Non-authoritative answer:
    Name:    facebook.com
    Addresses:  2a03:2880:2130:cf05:face:b00c:0:1
              173.252.120.6


    C:\Windows\system32>nslookup twitter.com
    Server:  resolver1.opendns.com
    Address:  208.67.222.222

    Non-authoritative answer:
    Name:    twitter.com
    Addresses:  199.16.158.168
              199.16.158.179


    0
    Comment actions Permalink
  • Avatar
    jassgroup

    what am i doing wrong?

    a can still access both sites :(
    i checked social media to be blocked in my OpenDns

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Consider that you are responding to a thread that is more than a year old, could you at least start out by explaining what it is that you are trying to do, and what it is happening that you don't want to happen.

    Regardless of what you are trying to do it appears that at least some of your DNS traffic is going out via IPv6 and that you are accessing at least some non-OpenDNS IPv4 DNS servers. You need to disable IPv6, preferably at the router level, but for testing purposes you could also disable it on the workstation. Besides that you need to review all of your DNS related settings and make sure all of them are pointed to OpenDNS servers, and that your current public IP address is registered on your OpenDNS dashboard.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @jassgroup
    It looks like you want to block Social Network sites, and these are not being blocked.

    It could be that your IP address 49.145.80.187 is not registered with your dashboard network https://dashboard.opendns.com/settings/ but with another OpenDNS network ID 16285372.  And you may still have registered an outdated IP address information with your dashboard network.

    But the more likely reason for not blocking is this:
    Because you're located on the Philippines, your ISP most likely use caching technologies which prevents you from using OpenDNS content filtering. 
    Test it here: http://www.lagado.com/tools/cache-test
    I.e. you get web content presented from your ISP's caches, not from the real servers according to the results of your DNS queries.

    @mattwilson9090
    "at least some of your DNS traffic is going out via IPv6"

    Sorry, but there's yet nothing in the outputs which would indicate IPv6 traffic.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    My reference to IPv6 was because of this block

    Non-authoritative answer:
    Name:    facebook.com
    Addresses:  2a03:2880:2130:cf05:face:b00c:0:1
              173.252.120.6

    The first address in there is an IPv6 address so it looked to me like there was at least some IPv6 traffic going on.

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    This is nslookup in modern Windows (7+).  It looks for AAAA and A records (unless specified explictly) and returns whatever it finds.  This is unrelated to IPv6 traffic.

    0
    Comment actions Permalink
  • Avatar
    Chris Frost

    @jassgroup I noticed you have a NETGEAR Live Parental Controls device registered to your account. As a friendly fyi,  the normal OpenDNS service (which uses an IP address) and the NETGEAR Live Parental Controls (LPC) are not compatible with each other. This is because the NETGEAR LPC service and the normal OpenDNS service use two different mechanisms to deliver content filtering to your network. You will need to choose one or the other–let me know if you would like one removed your account, I can go ahead and do that for you.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I noticed you have a NETGEAR Live Parental Controls device registered to your account."

    Weird, why didn't "nslookup -type=txt debug.opendns.com." not reveal this fact?  It normally does with the "device" TXT record.

    0
    Comment actions Permalink
  • Avatar
    Patrick Colford

    @rotblitz If the NETGEAR device has lost sync with us, the device ID will fail to transmit. This indicates a problem with the router that can usually be fixed by resetting it back to factory defaults and having its entry wiped from our backend database so that it can be re-registered.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "the device ID will fail to transmit"

    Many thanks, this explains it.

    0
    Comment actions Permalink

Please sign in to leave a comment.