DNS IP and HTTP IP mismatch

Comments

13 comments

  • Avatar
    Brian Hartvigsen

    This generally means you are going through some type of Proxy server.  So we see your DNS requests coming from 1 IP address (1.2.3.4) but your HTTP requests from another (2.3.4.5).  Generally when this happens, the server your HTTP requests are going through will do their own DNS requests. Unless that server is using OpenDNS and configured with the same filtering policy as your network, then you won't  get content filtering.  At that point you would still be able to report on what was accessed and when, but not filter.  Try contacting your ISP or Network Administrator to determine if a proxy or web accelerator is in place on the network.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "you would still be able to report on what was accessed and when"

    But not with the OpenDNS stats and logs...
    Maybe with the browser history?

    0
    Comment actions Permalink
  • Avatar
    Brian Hartvigsen

    With OpenDNS stats and logs.  As long as the DNS requests are coming to us, we can report.  What is important to remember is that none of the filtering we report will actually have done anything.  So you could use the Stats for insights into what happens on your network but not for any enforcement. (Since the actual requests for content are going through what appears to be a proxy.)

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "you could use the Stats for insights into what happens on your network"

    Weird.  How can you capture DNS queries for/from a specific network if the source DNS IP address isn't registered with an OpenDNS network?

    0
    Comment actions Permalink
  • Avatar
    Brian Hartvigsen

    Ah, there is the miscommunication.  So in this case DNS is coming from you to OpenDNS, but the HTTP transaction is being redirected to a proxy.  So we are fulfilling the DNS request, you just aren't actually connecting to what you think you are (generally due to a redirect on traffic to port 80 and/or 443.)

    If you DNS is being redirected, there is nothing we can do for you as we won't see the DNS requests.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Whatever, fact is that a source DNS IP address must be registered with an OpenDNS network for both, content filtering and stats, taking effect for that network and its settings.  Only customization (of block, guide and phishing pages) is based on the source web (HTTP) IP address.

    0
    Comment actions Permalink
  • Avatar
    Brian Hartvigsen

    Actually that's not true anymore either.  We have been using a system for almost 2 years that detects where your DNS requests originate from without using your IP address.  The only time we use IP addresses for customizations is if that system fails.

    0
    Comment actions Permalink
  • Avatar
    cripser

    I am still using the same ISP but since upgrading my cable modem and Linksys router I have this same mis-match issue.  Linksys support said that I may be able to manually enter the DNS IP address into my router's set-up screen but they said that they can't offer advise on anything but their products.  Thoughts?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    First thought is that the "DNS IP and HTTP IP mismatch" is unrelated to where or whether you configure the OpenDNS resolver addresses.  What of the two do you want to discuss?  All two?  Well...

    1. Configuring the OpenDNS resolver addresses 208.67.22x.xxx
      Linksys routers normally have three DNS fields on the DHCP/LAN configuration side.  You'll have to fill all of them.
      The available addresses are: 208.67.222.222; 208.67.220.220; 208.67.222.220; 208.67.220.222
      If you tell me your exact router model, I may be able to help further.
       
    2. DNS IP and HTTP IP mismatch
      Find your DNS IP address:  nslookup myip.opendns.com.
      Find your web IP address:  http://myip.dnsomatic.com/
      Only if these two are not equal, then you have a mismatch which can cause troubles with associating your settings with your DNS lookups, i.e. your settings may not take effect.

    So, what else can I help with?

    0
    Comment actions Permalink
  • Avatar
    slayback

    I am having s similar issue. and my dns ip address and web ip address do not match.

    so what do I do?

    Thanks!

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    You read this thread: https://support.opendns.com/entries/63421664

    You will find that you have to register your dashboard network with your DNS IP address, not with your web IP address.

    0
    Comment actions Permalink
  • Avatar
    keysgate

    same problem here, it was the third DNS field was not filled in. After filling in the third DNS field in my router all was resolved. Thank you

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "same problem here"

    Nope, this was in no way an IP address mismatch.

    0
    Comment actions Permalink

Please sign in to leave a comment.