Web content filtering level changes not working

Comments

17 comments

  • Avatar
    maintenance

    From your description, you have missed the critical step of flushing your browser and local resolver caches, which must be done whenever changes are made. Otherwise you are served cached data out of your computer indefinitely.

  • Avatar
    Kristy Patullo

    Your IP address also may have changed.  Your custom filtering is applied by IP address so if your IP has changed your changes won't be applied.  If you are still having issues feel free to open a support ticket and a support representative can help you sort this out.

  • Avatar
    drlinhardt

    So how do you flush the cache and browser?

  • Avatar
    drlinhardt

    Thanks, have followed the support content here and elsewhere, trying to unblock www.hanes.com to buy a sweatshirt.  The Opens DNS is blocking the site.  I have taken the router off the DNS address for the Open DNS Home VIP Web Content Filter (substituting my ISP default DNA address), and can then get to the www.hanes.com, but then there is no web filter.  I have flushed the caches several times, I have rebooted several times, and using IE 11, have deleted everything that can be deleted in the Tools, General menu.  I am using the Custom setting in Open DNS Web Content Filter not checking "lingerie" and I have added www.hanes.com to the "Never Block" list.  No avail over several days.  Any thoughts?  May be one of the other settings is triggering the block.  In the past month have also used and removed Firefox and Chrome, maybe something left over there?

  • Avatar
    rotblitz

    First of all, in case of this website, do not whitelist subdomains but the whole zone hanes.com which covers this and all its subdomains.  And www.hanes.com is an alias of www.hanes.com.edgekey.net and e4016.b.akamaiedge.net.  Also, this site uses more domains than just hanes.com, almost CNAMEs, like www.justmysize.com, fast.fonts.net, www.onehanesplace.com.  Ensure that you don't have blocked any of those.
    See https://dashboard.opendns.com/stats/381799/blockeddomains

    Also, hanes.com (and subdomains) are categorized as Ecommerce/Shopping, Lingerie/Bikini.  If you haven't checked these categories, then it should not be blocked, and you shouldn't need to whitelist it.

    You may want to post the complete plain text output of the following diagnostic commands here (trailing dots are part of the commands):

       nslookup -type=txt debug.opendns.com.

       nslookup www.hanes.com.

       nslookup www.onehanesplace.com.

  • Avatar
    drlinhardt

    Here is the plain text of the first command

    C:\Users\L>nslookup -type=txt debug.opendns.com.
    Server:  router.belkin
    Address:  192.168.2.1

    Non-authoritative answer:
    debug.opendns.com       text =

            "server 1.ash"
    debug.opendns.com       text =

            "flags 20 0 2F6 7E00000014C1"
    debug.opendns.com       text =

            "originid 22550759"
    debug.opendns.com       text =

            "orgid 245955"
    debug.opendns.com       text =

            "actype 2"
    debug.opendns.com       text =

            "bundle 6270021"
    debug.opendns.com       text =

            "source 98.30.34.12:32769"

     

  • Avatar
    drlinhardt

    Second plain text reply

     

    C:\Users\L>nslookup www.hanes.com
    Server:  router.belkin
    Address:  192.168.2.1

    Non-authoritative answer:
    Name:    www.hanes.com
    Addresses:  67.215.65.130
              67.215.65.130

  • Avatar
    rotblitz

    www.hanes.com is indeed clearly blocked for you.  This 67.215.65.130 is not their IP address, but OpenDNS's hit-adult.opendns.com indicating that the site is being blocked by your category settings.  Ensure that you have added hanes.com to your "never block" list and that you flushed your two caches (local resolver and browser) and wait 3 minutes before you attempt to visit it again.

    Also ensure that 98.30.34.12 is registered with your network at https://dashboard.opendns.com/settings/ and not any other IP address.

  • Avatar
    drlinhardt

    The above was meticulously followed but it did not unblock the site.  Somewhere somehow the site is simply indelibly marked as blocked.  Is it possible that since I had used Firefox and Chrome that it has files that are shared with IE, but that the IE browser cache flush (Using the Tools menus) and ipconfig /flushdns does not affect?

  • Avatar
    rotblitz

    No, there's nothing magic in the game.  There must be a simple explanation.  Do you have hanes.com in your "never block" list?

    And clearing the browser cache takes effect only in this browser and under this user being logged on.

    And you do not need to test with a browser as long as "nslookup www.hanes.com." returns this OpenDNS IP address of 67.215.65.130, because it is blocked then.  I.e. testing with this command alone is already fully sufficient.  You even doen't need to flush any cache unless your router maintains an own cache too.  A reboot of the router should help here.

    The command "nslookup www.hanes.com." would normally return something like:

    Name:    e4016.b.akamaiedge.net
    Address:  92.122.244.90
    Aliases:  www.hanes.com, www.hanes.com.edgekey.net

    It's also worth visiting your blocked domain stats to see what is being blocked and why: https://dashboard.opendns.com/stats/all/blockeddomains

  • Avatar
    addseo1118

    No answer?

  • Avatar
    rotblitz

    Every possible answer has been provided.  What answer to what question are you missing?

  • Avatar
    captianamerica81

    I have the same problem.  Changing the filtering doesn't block anything.  I flushed the cache and browser.  I can still access porn sites.  Ideas?

  • Avatar
    rotblitz

    "same problem"  -  Same answer.  Copying from above:

    You may want to post the complete plain text output of the following diagnostic command here (trailing dot is part of the command):

       nslookup -type=txt debug.opendns.com.

    I.e. without this and maybe other additional information from you nobody can help.  You also had to post a screen shot of your category / whitelist / blacklist settings and the names of the domains where you don't get the expected results for.

  • Avatar
    frank_carlson

    There are two places on your computer that store DNS information, that are checked before your request goes out to OpenDNS - first your browser cache and then your operating system cache.

    These excerpts from a couple different sites helped this novice user:

    "Different applications cache the data for a specific period of time. IE10+ will store up to 256 domains in its cache for a fixed time of 30 minutes. While 256 domains might seem like a lot, it is not – a lot of pages in the internet have more than 50 domains referenced thanks to third party tags and retargeting. Chrome, on the other hand, will cache the DNS information for one minute, and stores up to 1,000 records. You can view and clear the DNS cache of Chrome by visiting chrome://net-internals/#dns."  http://blog.catchpoint.com/2014/07/15/world-dns-cache-king/ 

     

    "The whole reason for caching DNS records is to reduce unnecessary DNS queries; many webservers don’t change their IP addresses all that often. Every DNS record that your operating system requests has what is called a “Time to Live” (TTL), which is a number (in seconds) that determines how long a particular DNS record is cached by your Operating System (OS).

    As the Internet has grown, web browsers have gotten faster and better at providing a good user experience. One of the ways they do this is to cache DNS records for a short time on top of the OS level cache.

    When you visit a website (like Dyn.com), your web browser needs to resolve that domain name to an IP address before it can load the page. When your web browser makes a request for that DNS record, it first checks [the browser cache and then the] operating system resolver. If the IP for the domain name isn’t cached there, your OS queries your nameserver for the DNS record, which then gets passed to the browser. When the TTL has passed, your OS purges that resolved domain from the cache and subsequent requests to that domain would cause a new query to your nameserver.

    TTL values are set per DNS record. In the past, a very common value of 86400 (24 hours) was used. As the Internet has grown, this value has become too large for some sites. Load balancingactive failoverdisaster recovery and many other things work and benefit from setting a deliberately low TTL in their DNS record.

    A simple program I wrote to query the top 1000 websites (according to Alexa) shows 212 hits with a TTL value of 300 (5 mins), 192 hits with a TTL of 3600 (1 hr), 116 hits with a TTL of 600 (10 mins) and 79 hits with a TTL of 86400. The rest of the results had hits in the 50s and less, ranging anywhere from a TTL of 5 (1 hit) to a TTL of 864000 (1 hit).

    You may be wondering why web browsers would even cache DNS entries if the operating system already does this. Supposedly, this happens to reduce DNS server load and speed up response time, although I can’t imagine a hit on your OS DNS cache is all that expensive of an operation. Mozilla has even documented this behavior here. Most other browsers do this too, though their times seem to vary somewhat, ranging from 15 to around 60 seconds with Opera caching (seemingly) indefinitely until browser restart and Internet Explorer for 30 minutes."  http://dyn.com/blog/web-browser-dns-caching-bad-thing/

    If I have a wrong understanding, I'm sure rotblitz will correct me - hopefully gently, as it's not always the case.

  • Avatar
    rotblitz

    That's fine and very well researched.

    There's another browser element somewhat related which is DNS prefetching.  This tends to raise a lot of unnecessary DNS lookups in the assumption this provisional activity would increase surfing speed and experience which in fact it doesn't.

Please sign in to leave a comment.