does open dns log websites visited

Comments

13 comments

  • Avatar
    rotblitz

    OpenDNS as DNS service has no way to see what websites have been visited.  But they can log all your DNS traffic which is somehow related also to the websites having been visited.  DNS traffic is related to queries about domain names, so the domain names are contained in your OpenDNS domain stats, see attached image.

    If you want to track websites (full URLs, inc. searches) etc, then check your router for a related feature or download a sniffer tool or run a proxy server.




    domain_stats.PNG
  • Avatar
    john.p.snyder

    matheny17, I have exactly the same question. Did you ever figure out how to do this?

     

     

  • Avatar
    Patrick Colford

    As rotblitz mentioned, our logging does not extend to the full URL of the websites visited, but only reflects domain accessed. For example, if you visited this forum topic (https://support.opendns.com/entries/33445754) the log entry would simply be support.opendns.com. For more robust logging, consider your router's options or download a sniffer tool.

  • Avatar
    john.p.snyder

    Patrick,

    Thanks for the prompt response. can you recommend a sniffer tool?

    John S

     

  • Avatar
    Patrick Colford

    Hi John,

    We don't have a recommendation of any sniffer in particular; we suggest if possible to get screenshots from the sniffer or search for images so that you can make sure you're getting what you want.

  • Avatar
    john.p.snyder

    ok, many thanks

    John S

     

  • Avatar
    cburrows

    Patrick,

    The virtual appliances should have the access logs on them. Can these be exported or syslog'd to a syslog server on the same private network? That would be the correct solution to this problem.

  • Avatar
    john.p.snyder

    I have a Zyxel Q1000Z router and it has a web activity log that I can see. I did some searching on the web and found a code called WallWatcher (http://www.wallwatcher1.com/) that analyzes router logs. Unfortunately, the logs have to be forwarded from the router to the LAN device running wall watcher and I dont see a way to do this forwarding on the router that I have. 

    Do you know of a way that the router logs can be forwarded or otherwise collected from my router? Perhaps there is a simple script that could be written to do this?

    Thanks

    John S

  • Avatar
    mattwilson9090

    You'd need to check support with Zyxel for how to implement that feature since it's a feature of the router's firmware that is completely unrelated to OpenDNS.

  • Avatar
    hittingthat
    Rotblitz. On my blocked domains there is an adult website showing as accessed. It has 2 queries but I did not access that website and I was alone in the house the day it happened. Why are blocked adult content websites showing up. I checked it later on and it redirects to a HARP registration. Why would that happened?
  • Avatar
    rotblitz

    I say it again, OpenDNS as DNS service has no way to see what websites have been visited.

    "Why are blocked adult content websites showing up."

    The domain which you see with 2 DNS queries may have been referenced somewhere and therefore has caused a device in your network to look it up.  These are usually not humans raising DNS queries, but networking programs.  And the domain shows up as blocked because you have it blocked with your settings.

    "it redirects to a HARP registration."

    What is a HARP registration? Home Affordable Refinance Program or Home-heating Appliance Register of Performance ?

    "Why would that happened?"

    Because they wanted this to happen.

  • Avatar
    hittingthat
    I know OpenDns can't know the exact url. My question is: if I did not access a website (my dns configuration is on the iphone) zerozerosevenshemalesdotcom it shows under blocked domain because I have an adult content blocked. I understand it shows there because I have it as block. Why would a site that I did not visited is shoeing up with 2 queries?
    In other words are pages that I dont visit going to show up as If I did....???
  • Avatar
    rotblitz

    "Why would a site that I did not visited is shoeing up with 2 queries?"

    This is what I explained already.  Why do you ask again?
    Again, I said: The domain which you see with 2 DNS queries may have been referenced somewhere and therefore has caused a device in your network to look it up.  These are usually not humans raising DNS queries, but networking programs.

    I also said that DNS lookups relate to web site visits to a minor extend only.

    Further, DNS lookups may not come from web browsers, but from any other networking programs or apps in your case.  Also, if they come from a web browser, most web browsers have DNS prefetching enabled nowadays.  This means that they raise lookups for every domain they may find on any web page they hit, no matter if you will ever visit the related URLs.  Best is to disable DNS prefetching in browsers.  This will significantly clean up your OpenDNS stats as well.

    "In other words are pages that I dont visit going to show up as If I did....???"

    Again a third time: DNS lookups relate to web site visits to a minor extend only.  The OpenDNS stats show the DNS activity of your network, not your web or surfing activities.  And there are no pages showing up in the stats, but domain names.

    And just to mention that the domain in question is wrongly categorized: https://domain.opendns.com/007shemales.com
    It may have been an adult site years ago: https://www.mywot.com/en/scorecard/007shemales.com
    But now it only shows the words "HARP Registration".  It even doesn't redirect to somewhere else.  This doesn't qualify for the current categorization...

Please sign in to leave a comment.