OpenDNS suddenly quit working

Comments

11 comments

  • Avatar
    rotblitz

    "All DNS forwards (in our servers) have remained unchanged, as have other network settings; however, a few weeks ago, the OpenDNS (we're using OpenDNS Basic), suddenly quit working.  We essentially use it to block Social Networking sites."

    It sounds like you're in a corporate environment, so you cannot use OpenDNS Home Basic which is just for home use.  You'll have to use an Enterprise version.

    "I've run the following two command"

    These indicate that you don't use OpenDNS at all for your DNS lookups.  It seems your ISP is redirecting your DNS queries to their own DNS servers.

  • Avatar
    idontcarewhatthefoxsays

    Rotblitz,

    Thank you very much for the response! 

    I've contacted sales and am awaiting a return call for pricing.  (Our plan is listed as OpenDNS Basic - so I'm guessing whoever set it up did so before the separation of Home/business.)

    HOWEVER, if the problem is the ISP we're stuck either way (the company can't change ISPs).

    One thing that ammuses me, is that if I enter ONLY OpenDNS servers in the DNS fields on a computer, resolution does occur correctly, just not the blocking features - is this yet another indicator that the ISP is redirecting to their own servers?  This fact pretty much eliminates the possibility of the problem being internal with the company network/settings, right?

    (The purpose of these questions is simply to determine whether or not it is worth pursuing the purchased corporate licenses, or whether we're stuck either way - we'd really like to continue use of OpenDNS if we can.) 

  • Avatar
    rotblitz

    I'm afraid that OpenDNS is of no use for you, because your ISP doesn't let you use it yet.

    "***resolver1.opendns.com can't find debug.opendns.com: Non-existant domain"

    Only OpenDNS can resolve debug.opendns.com.  As it couldn't be resolved, you clearly were not using OpenDNS, although you had configured it (resolver1.opendns.com).

    ""I am not an OpenDNS resolver.""

    Only OpenDNS resolves to a different TXT record, everything else issues the message you got, so you didn't use OpenDNS, although you had configured it (resolver1.opendns.com).

    You may contact this ISP to request to become able using a 3rd party DNS service.  The customer is the paying king, the ISP has to jump for it.  There is no reason to prevent customers from using 3rd party DNS services.  Some ISPs allow to opt out from this DNS query redirection.  If you don't have success with this, there is no way in using OpenDNS at all.

  • Avatar
    idontcarewhatthefoxsays

    Thanks again rotblitz.  I appreciate your patience with me on this matter.  I'll give the ISP a ring and see what we might accomplish.

    Do I need to do anything to mark this post as "answered?"

  • Avatar
    rotblitz

    No, only OpenDNS staff can do that.

  • Avatar
    idontcarewhatthefoxsays

    (For the benefit of others who might find this topic)  You were 100% correct.  The ISP is redirecting the DNS - even though they inititially said they weren't.  They are currently trying to create an exception for our connection.

    Thank you so much for the help!

  • Avatar
    rotblitz

    Looks good, a light at the end of the tunnel.  Thanks for the feed-back.

  • Avatar
    idontcarewhatthefoxsays

    rotblitz:

    Okay - the ISP got back to me today.  It looks like they definitely helped us out a bit, but I still have a question:

    Here's the new output of the nslookup -type=txt opendebug.com:

    Server:  resolver2.opendns.com
    Address:  208.67.220.220

    debug.opendns.com text =

     "server 7.chi"
    debug.opendns.com text =

     "flags 20 0 2f4 800000000000000"
    debug.opendns.com text =

     "id 0"
    debug.opendns.com text =

     "source <public IP address of our connection>:8241"

    Here's the output from nslookup -type=txt which.opendns.com:

    Server:  resolver2.opendns.com
    Address:  208.67.220.220

    which.opendns.com text =

     "7.chi"

    However, we're still not seeing things blocked as they should be.  Note: we have not yet obtained OpenDNS licenses, as we've wanted to make sure things will work with out setup prior to buying licenses.  Could this be the problem?

  • Avatar
    idontcarewhatthefoxsays

    Whoops - I was too fast.  After speaking with someone at Umbrella per licensing, I found out openDNS had deleted the former network connection from the database, so no filtering was setup.  I'm working on getting a new connection at openDNS or Umbrella over the weekend to test the service/settings, and hoping to get approval to buy the licenses on Monday.

    Please let me know if the responses to the nslookup queries look correct.  If so, we'll proceed with the license purchase whether or not I am successful with a weekend test.  Thanks again for all your help!

  • Avatar
    idontcarewhatthefoxsays

    It is now up and running as a test platform!  Sweet!  Will be getting licenses Monday!  Everything was exactly as you said, and your instruction was invaluable! 

    Thanks again for the truly spot-on help!  

    Finally (for sure) the mods can label this post as "Answered!"  :)

    Have a great weekend!

  • Avatar
    rotblitz

    ""id 0""

    This indicates that your IP address is/was not registered with any OpenDNS network, so any settings are not recognized and applied for your DNS queries.

    https://dashboard.opendns.com/settings/

Please sign in to leave a comment.