Torrents and OpenDNS

Comments

17 comments

  • Avatar
    rotblitz

    Ensure that the right IP address is registered with your OpenDNS network: https://dashboard.opendns.com/settings/

    Ensure that you have added the right domains to your "never block" list.
    Check for still blocked related domains: https://dashboard.opendns.com/stats/all/blockeddomains

    0
    Comment actions Permalink
  • Avatar
    realdecoy

    Same problem here. My IP address is static and I have added both kickass.to and kickass.so to the whitelist.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    You are getting the exact same blocked message as reported in the initial post? If not, what are you getting?

     

    Static IP address or not, is the address you are using registered on your dashboard?

    Have you checked your blocked domains for related domains that might need to be unblocked as well?

    0
    Comment actions Permalink
  • Avatar
    realdecoy

    Yep, same message (kickass.so and kickass.to are listed as "pornography", which they definitely should not be).

    Yes, my IP address is the same as the registered IP registered in the dashboard.

    I have no domains blocked and both kickass.so and kickass.to whitelisted. Being whitelisted alone should make these sites work, no?

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    I was not referring to domains that you have blocked, I was referring to the stats listing of what domains have been blocked as a result of your settings. Rotblitz provided it earlier, and I'm pasting it here again https://dashboard.opendns.com/stats/all/blockeddomains

    Whitelisting just those domains may or may not work to provide access to those website. As has been discussed in multiple threads throughout this whole forum, very often a service builds it's website and service with content that is found on many different domains. For instance, whitelisting or blacklisting youtube, depending on how else you have OpenDNS configured could entail adding up to a dozen discrete domains to your whitelist or blacklist. Also, the domain for a particular website, or the website itself, could actually be forwarded to a different domain, which would also need to be whitelisted or blacklisted. In addition, a website could be hosting part or all of it's content on a CDN, which can further complicate things.

    That's why you need to look at your stats and see what other domains are being blocked. Sometimes it does take some detective work if you need to whitelist something that belong to a category that you have blocked because of how that domain's owners have chosen to build their properties.

    This particular domain is currently categorized as P2P/File Sharing, though it has been nominated for several other categories, some of which have been rejected, others are waiting on votes. Since it's a torrent site I'd say it's categorized correctly, even if it can host videos or adult material. Take a look at it for yourself https://domain.opendns.com/kickass.to?__utma=120785690.151338177.1421455055.1421455055.1422155365.2&__utmb=120785690.4.10.1422155365&__utmc=120785690&__utmx=-&__utmz=120785690.1421455055.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&__utmv=-&__utmk=188246440

    Presumably you have the P2P/File Sharing category blocked as well as Pornography, but if it's coming up listed as being blocked as belonging to the pornography category then there is at least one other domain that you need to identify and whitelist. That's where looking at your stats comes in. There's also a webpage that can be used to identify all of the particular domains referenced by a website that is referenced fairly often in this forum, but I don't have time to look for it right now. Perhaps someone who has it handy can chime in with it.

    0
    Comment actions Permalink
  • Avatar
    realdecoy

    No, I don't have P2P/File Sharing blocked. I have the filter set to "Low". And it looks like kickass.to redirects to kickass.so and kickass.so is listed as pornography (https://domain.opendns.com/kickass.so). Here is a screenshot of my settings screen in the dashboard.

    Now, the strange things is that the link you shared doesn't show anything being blocked. I search "Blocked Domains" and it says: "Oops! We don't have any data for you. Try searching a larger range or go surf the net to generate some data."

    I search all domains and it shows stuff like Facebook, Netflix, Roku, etc...

    But it is blocking this site (and others I tested just to make sure OpenDNS was working)... what's the deal? I'm very confused now.




    OpenDNS Kickass Torrent Site.jpg
    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Ok, I didn't look at kickass.so as well. Yes, it's listed as both P2P/File Sharing and Pornography, which in the comments people are disagreeing with. You should click on the link to flag it for review (towards the top of the page) and possibly even open a support ticket as well. Putting a link to this thread in the request for review or the support ticket would be a good idea as well.

    If you aren't seeing any stats listed that generally means that your account is new (less than a few days) and data isn't displaying for you yet, or that you have stats and logs disabled. Look at the settings for your network, and choose Stats and Logs. If the checkbox is cleared then you need to check it to start saving stats.

    There's nothing to be confused about. You have chosen an OpenDNS setting that blocks the pornography. The website you want to visit is forwarding through at least one domain (probably more than one if you have both kickass.so and kickass.to whitelisted) that is categorized as pornography, which is why you  are blocked. One of those domains probably needs to be recategorized, and possibly others, but you'll need to identify those other domains, which is where the stats come into play.

    One thing just occurred to me. Which OpenDNS servers are you using? If you are using the standard 208.67.222.222 and 208.67.220.220 then it's just a matter of recategorizing and finding what other domains are blocked. However, if you are using the Family Shield addresses, then you can't whitelist any domains that belong to any of the categories it is blocking. You can only make Family Shield more restrictive, you can't loosen anything it is blocking.

    0
    Comment actions Permalink
  • Avatar
    realdecoy

    OK, I flagged it for review. Not sure how long that takes.

    So here's why I am getting very confused... My account is at least 6 months old (closer to a year, I think) and the stats and logging have always been turned on. And I am using the standard DNS servers (always have). From everything I've read and everything I understand about OpenDNS, whitelisting it should have worked... and the error I get specifically references kickass.so, (even when I type .to), so it makes it through the first hop to .so and dies right there. From everything I see, it doesn't go anywhere else.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    It should have worked *if* and *only if* another domain was also not being referenced. . It's very possible that the domain is an A record for another, or going through a CDN which would mask what is going on. That is why you need your stats to see what else is being blocked. The blocked page alone does not go into enough detail to track things down if they are "hidden" that way.

    Open a support ticket to get your stats working, and in that tell them the reason you need the stats is so that you can track this down. They should be able to help with the stats, and might be able to sort out the domain issue that started all of this.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Diving deeper into that matter to nail it down:

    kickass.to generally redirects to kickass.so with a HTTP 301, see here:

    wget -O - -S kickass.to
    --16:38:04--  http://kickass.to/
               => `-'
    Resolving kickass.to... done.
    Connecting to kickass.to[195.3.147.99]:80... connected.
    HTTP request sent, awaiting response...
     1 HTTP/1.1 301 Moved Permanently
     2 Server: nginx/1.7.8
     3 Date: Sun, 25 Jan 2015 15:38:03 GMT
     4 Content-Type: text/html
     5 Content-Length: 184
     6 Connection: keep-alive
     7 Location: http://kickass.so/
    Location: http://kickass.so/ [following]
    --16:38:05--  http://kickass.so/
               => `-'
    Resolving kickass.so... done.
    Connecting to kickass.so[95.215.61.203]:80... connected.
    HTTP request sent, awaiting response...
     1 HTTP/1.1 200 OK
     2 Server: nginx/1.7.8
     3 Date: Sun, 25 Jan 2015 15:38:04 GMT
     4 Content-Type: text/html; charset=UTF-8

    Here we get the true web content.  So we have to investigate what domains are being used by kickass.so:
    http://www.webpagetest.org/domains.php?test=150125_AG_MRG&run=1&cached=0

    Beside kickass.so and subdomain a.kickass.so which are categorized as P2P/File sharing and Pornography (https://domain.opendns.com/kickass.so and https://domain.opendns.com/a.kickass.so) almost subdomains of mgid.com and domain kastatic.com are being used, where the first (mgid.com) inherit category Business Services which shouldn't be blocked by your settings unless a certain subdomain is ( I didn't check those), and kastatic.com is not approved in any category yet (https://domain.opendns.com/kastatic.com).

    To see how one of these participating domains are blocked for you, by category or by individual domain blocking, raise these commands:

       nslookup kickass.to.

       nslookup kickass.so.

       nslookup mgid.com.

       nslookup kastatic.com.

    IP address 67.215.65.130 indicates that something is blocked by category, whereas 67.215.65.131 indicates individual domain blocking.  There are other 67.215.65.13x addresses indicating different blocking like phishing or malware, but this is rather unlikely.  Any other addresses indicate that it is not blocked by OpenDNS at all (but maybe by another service you're using).

    You may also check the following to see if everything is set up correctly:

       nslookup -type=txt debug.opendns.com.

    Also, are you still having no stats, neither blocked nor unblocked?  https://dashboard.opendns.com/stats/all/start/

    And now I'm really curious about what you find out, equipped with these tools and knowledge...

    0
    Comment actions Permalink
  • Avatar
    realdecoy

    I am getting some stats, but they look very delayed. These are the domains being blocked:

    RANK DOMAIN                        REASON                          REQUESTS
    1          kickass.so                     P2P/File sharing, ...       9
    2          piratebrowser.com      P2P/File sharing, ...       2
    3          www.kopimi.com         Blogs, ...                          2

     

    (And I added piratebrowser.com to the whitelist just in case that was the hangup... but it didn't change anything)

     

    My nslookup for kickass.to says:

    1.0.168.192.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial = 1
    refresh = 600 (10 mins)
    retry = 1200 (20 mins)
    expire = 604800 (7 days)
    default TTL = 10800 (3 hours)
    Server: UnKnown
    Address: 192.168.0.1

    Non-authoritative answer:
    Name: kickass.to
    Addresses: 68.71.58.34
    205.204.64.122
    67.212.88.10
    67.212.88.146

     

    And the nslookup for kickass.so says:

    1.0.168.192.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial = 1
    refresh = 600 (10 mins)
    retry = 1200 (20 mins)
    expire = 604800 (7 days)
    default TTL = 10800 (3 hours)
    Server: UnKnown
    Address: 192.168.0.1

    Non-authoritative answer:
    Name: kickass.so
    Addresses: 67.215.65.130
    67.215.65.130

     

    And nslookup for debug.opendns.com says:

    1.0.168.192.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial = 1
    refresh = 600 (10 mins)
    retry = 1200 (20 mins)
    expire = 604800 (7 days)
    default TTL = 10800 (3 hours)
    Server: UnKnown
    Address: 192.168.0.1

    Non-authoritative answer:
    debug.opendns.com text =

    "server 5.sea"
    debug.opendns.com text =

    "device 0000D66D5EE9CA00"
    debug.opendns.com text =

    "flags 422 0 B6 1940000780000000000"
    debug.opendns.com text =

    "originid 25496645"
    debug.opendns.com text =

    "actype 1"
    debug.opendns.com text =

    "bundle 25496645"
    debug.opendns.com text =

    "source 65.103.138.253:15934"

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Ah yes, all clear!  You try to use OpenDNS Home and Netgear Live Parental Controls at once, at the same time!  This cannot work, because these services are incompatible with each other.  You must finally decide to go for only one of them.

    To use Netgear Live Parental Controls:
    Visit https://dashboard.opendns.com/settings/ and delete your network from there.  Your dashboard is exclusively at https://netgear.opendns.com/ - not somewhere else!  Be aware that LPC doesn't come with stats at all.

    To use OpenDNS Home:
    Use the Netgear Genie program to disable Live Parental Controls on your router.  Use only https://dashboard.opendns.com/settings/ as your dashboard.

    Back to your findings:

    "I am getting some stats, but they look very delayed."

    This is normal.  Stats are not real-time but appear after 1-3 hours.

    "And I added piratebrowser.com to the whitelist just in case that was the hangup... but it didn't change anything."

    Sure, it didn't and it couldn't, because this domain is most likely not essential or not used by Kickass.

    RANK DOMAIN                        REASON                          REQUESTS
    1          kickass.so                     P2P/File sharing, ...       9

     and

    And the nslookup for kickass.so says:
    Name: kickass.so
    Addresses: 67.215.65.130
                         67.215.65.130

    As I said, this IP address indicates blocking by category, most likely based on your LPC settings at https://netgear.opendns.com/

    So, you now know what's up and what to do...

    0
    Comment actions Permalink
  • Avatar
    realdecoy

    BINGO! That did it! Thank you.

    Out of curiosity, how did you know that I had LPC running also?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "Out of curiosity, how did you know that I had LPC running also?"

    That "device 0000D66D5EE9CA00"  from the debug.opendns.com output has clearly shown it.


    Also expanding further on using the one or other service - I don't know what service you've gone for now:

    To use Netgear LPC:
    You do not run an Updater of any kind with this.  And as said, you don't get any stats and logs with it.  Your dashboard is only at https://netgear.opendns.com

    To use OpenDNS Home:
    You must run an Updater, because you're most likely behind a dynamic IP address.  You will get (delayed) stats and logs, and your dashboard is only at https://dashboard.opendns.com/settings/

    0
    Comment actions Permalink
  • Avatar
    realdecoy

    I went with the OpenDNS Home. I actually got a static IP so I wouldn't have to worry about it and deal with the hassle of having the blocking dependent on a computer updating the IP address periodically.

    Thank you.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    And for OpenDNS Home: you must have configured the OpenDNS resolver addresses on the router:
    https://support.opendns.com/entries/42423390-NETGEAR-Router-Configuration

    0
    Comment actions Permalink
  • Avatar
    Chris Frost

    @eglaze88 are you still having problems with filtering?

    0
    Comment actions Permalink

Please sign in to leave a comment.