My OpenDNS is not blocking web sites

Comments

79 comments

  • Avatar
    rotblitz

    First check if you're using OpenDNS at all: http://welcome.opendns.com/

    If not, then check that the OpenDNS resolver addresses are still configured where you configured them, and that no other resolver addresses are in use.

    Else if yes, then post the complete plain text output of the following command here:  nslookup -type=txt debug.opendns.com.

  • Avatar
    Chris Frost

    @heintz_57 I am not seeing any traffic being sent to us from your current IP address. My guess is that you either you have a dated IP address registered in your dashboard, or your DNS is not pointing to us. You can find out your IP address by visiting http://www.whatismyip.com/. Whatever the website reports the IP as, that is address that you need registered. Can you visit https://www.opendns.com/welcome/ and let me know what message appears for you. 

     

  • Avatar
    heintz_57

    I checked the welcome link and received an OOPS message that i am not using Open DNS.  When i go to what is my IP, i get this IP 71.34.134.164.  How do i get the correct ip address registered?  Thank you.

  • Avatar
    heintz_57

    My Open DNS dashboard still shows this ip address - Your current IP is 71.34.134.164,  Does that mean my ip addresses are matching?  I waited several minutes and still can access sites i am trying to block.  Thank you.

  • Avatar
    rotblitz

    "I checked the welcome link and received an OOPS message that i am not using Open DNS."

    That's bad.  This has nothing to do with your IP address.

    "When i go to what is my IP, i get this IP 71.34.134.164...  My Open DNS dashboard still shows this ip address..."

    What IP address you have registered is totally irrelevant and unrelated as long as you even do not use OpenDNS, because your dashboard settings cannot take effect then.  Ensure that you have the OpenDNS resolver addresses correctly configured and that no other resolver addresses are in effect.

    To see possible problems, please copy & paste the complete plain test output of the following commands here:

       nslookup -type=txt debug.opendns.com. 208.67.220.220

       nslookup whoami.akamai.net.

       netsh interface ip show dns

  • Avatar
    heintz_57

    OOPS is bad, got it, but my OpenDNS Updater window says yes under Using Open DNS?  Below are the copy/pastes of the command you sent and the output.

    C:\Documents and Settings\jheintz>nslookup -type=txt debug.opendns.com. 208.67.2
    20.220
    Server: resolver2.opendns.com
    Address: 208.67.220.220

    Non-authoritative answer:
    debug.opendns.com text =

    "server 11.dfw"
    debug.opendns.com text =

    "flags 20 0 2F6 19500007E00400014C3"
    debug.opendns.com text =

    "originid 27927332"
    debug.opendns.com text =

    "actype 2"
    debug.opendns.com text =

    "bundle 7068786"
    debug.opendns.com text =

    "source 71.34.134.164:2865"

     

    C:\Documents and Settings\jheintz>nslookup whoami.akamai.net.
    Server: PK5001Z.PK5001Z
    Address: 192.168.0.1

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 205.171.172.89

     

    C:\Documents and Settings\jheintz>netsh interface ip show dns

    Configuration for interface "Wireless Network Connection 2"
    DNS servers configured through DHCP: 192.168.0.1
    205.171.2.25
    Register with which suffix: Primary only

    Configuration for interface "Network Connect Adapter"
    DNS servers configured through DHCP: None
    Register with which suffix: Primary only

  • Avatar
    Kristy Patullo

    It looks like your computer is using your router and one of Qwest's DNS servers for DNS resolution:

    DNS servers configured through DHCP: 192.168.0.1 <-- Your router 
    205.171.2.25 <--Qwest's DNS server

    Qwest's DNS server will need to be removed from your machine for filtering to work correctly. If you find your computer's IPV4 DNS settings you should be able to remove the 205.171.2.25 address.

    Have you configured your router to use our DNS settings?  If you provide the output of the following command it will show whether or not your router is configured correctly:

       nslookup -type=txt debug.opendns.com. 192.168.0.1

    We have directions to configure the PK5001Z ZyXel router here: https://support.opendns.com/entries/30787100-Configuring-Actiontec-M1000-or-W1000-ZyXel-PK5001Z

     

  • Avatar
    heintz_57

    i tried using the directions in the link you sent and completely messed up my modem connection.  My modem is now reset to factory defaults.  Below is the cmd output.

    C:\Documents and Settings\jheintz>nslookup -type=txt debug.opendns.com. 192.168.
    0.1
    Server: PK5001Z.PK5001Z
    Address: 192.168.0.1

    *** PK5001Z.PK5001Z can't find debug.opendns.com.: Non-existent domain

  • Avatar
    rotblitz

    You still do not use OpenDNS but whatever is configured on this router at 192.168.0.1.

    Now follow the link posted by Kristy to configure OpenDNS on your router, doing exactly and only what is described there:
    https://support.opendns.com/entries/30787100-Configuring-Actiontec-M1000-or-W1000-ZyXel-PK5001Z
    You shouldn't mess it up with this.

    Then flush your caches and test again at http://welcome.opendns.com/ to see if it works.

  • Avatar
    matthewbowers

    I'm having a similar problem. I have blocked a group of sites, which are also religious related and they are not being blocked. I've attached screen shots. I'm using an Apple Time Machine (Router), and an iMAC, running the latest OS.  Please advise. Thank you.




    Screen Shot 2015-05-15 at 11.33.03 AM.png
    Screen Shot 2015-05-15 at 12.06.12 PM.png
    Screen Shot 2015-05-15 at 12.02.37 PM.png
  • Avatar
    rotblitz

    According to your configuration it seems you also have IPv6 connectivity, because you have the OpenDNS IPv6 Sandbox addresses configured: 2620:0:ccc::2 and 2620:0:ccd::2.  But as mentioned in several threads here, if using IPv6 connectivity (for DNS queries), the additional features of OpenDNS (content filtering, individual domain blocking, logs and stats, etc) do not take effect, because you cannot register your IPv6 address at https://dashboard.opendns.com/settings/ yet, just your IPv4 address.

    Therefore, to make use of the additional features, you have to disable IPv6 connectivity over the internet (foremost for DNS if you can), on the router or on the end user devices.

    To see if you're using IPv6 connectivity for your DNS queries and if you configured OpenDNS correctly, you raise a DNS lookup command like:

        nslookup -type=txt debug.opendns.com.

  • Avatar
    holtfamilyhouse

    I'm having the same problem.

    When I try http://welcome.opendns.com/, it works fine.

    Here's what I get when I use the command  nslookup -type=txt debug.opendns.com

    Server: 192.168.0.1

    Address: 192.168.0.1#53

     

    Non-authoritative answer:

    debug.opendns.com text = "server 1.mia"

    debug.opendns.com text = "flags 20 0 72 19500007E0000000441"

    debug.opendns.com text = "originid 36107581"

    debug.opendns.com text = "actype 2"

    debug.opendns.com text = "bundle 7852101"

    debug.opendns.com text = "source 201.217.253.220:60050"

     

    Authoritative answers can be found from:

     

    Can you help me??  Thanks!

     

  • Avatar
    mattwilson9090

    The device you tested from appears to be using your router as your local DNS server, which is a good thing. That means your router needs to be configured to use OpenDNS as it's DNS resolvers, but it appears not to be. You should carefully look at your router's settings to see what is being used for DNS and change them to the OpenDNS addresses.

  • Avatar
    jtoliver44

       nslookup -type=txt debug.opendns.com. 208.67.220.220

       nslookup whoami.akamai.net.

       netsh interface ip show dns

  • Avatar
    rotblitz

    Yes, the complete outputs of these diagnostic commands are useful to indentify most problems with OpenDNS not working as expected.

  • Avatar
    rcheetham

    I am having the same problem. This started happening a week or two ago.

    I have checked my router - it's a D-Link DIR-859. IPv6 is not configured; the DNS 1 and 2 addresses are set to 208.67.220.220 and 208.67.222.222 respectively. There is no 3rd DNS address.

    I hit the welcome.opendns.com page. It says I am using OpenDNS.

    I checked the network address in my updater and it matches my actual address, and it shows on the settings for my network correctly on the OpenDNS dashboard.

    I ran the nslookup -type=txt debug.opendns.com command: here's the output.

    C:\Users\Mary>nslookup -type=txt debug.opendns.com
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    debug.opendns.com text =

    "server 9.yyz"
    debug.opendns.com text =

    "flags 20 0 70 5950800000000000000"
    debug.opendns.com text =

    "originid 0"
    debug.opendns.com text =

    "actype 0"
    debug.opendns.com text =

    "source 204.237.1.57:12628"

     

    I have my filter set to block video sharing, but www.youtube.com and www.vimeo.com and others load up like nothing was wrong.

    I then changed the DNS resolver addresses for the network adapters on my machine to directly reference the OpenDNS servers. 

    C:\Users\Mary>netsh interface ip show dns

    Configuration for interface "Wireless Network Connection"
    Statically Configured DNS Servers: 208.67.222.222
    208.67.220.220
    Register with which suffix: Primary only

    Configuration for interface "Local Area Connection"
    Statically Configured DNS Servers: 208.67.222.222
    208.67.220.220
    Register with which suffix: Primary only

    Configuration for interface "Loopback Pseudo-Interface 1"
    Statically Configured DNS Servers: None
    Register with which suffix: None

    I'm confused. What am I missing in my config? 

     

     

     

  • Avatar
    mark32467

    I have a similar situation, although OpenDNS had been configured and working until recently. My current IP address and my network IP address still match. Would appreciate some guidance. Diagnostic command results are:

     

    C:\Users\mborr>nslookup -type=txt debug.opendns.com. 208.67.220.220
    Server: resolver2.opendns.com
    Address: 208.67.220.220

    Non-authoritative answer:
    debug.opendns.com text =

    "server 1.sea"
    debug.opendns.com text =

    "flags 20 0 50 19500007C00400014C3"
    debug.opendns.com text =

    "originid 46933777"
    debug.opendns.com text =

    "actype 2"
    debug.opendns.com text =

    "bundle 8711365"
    debug.opendns.com text =

    "source 174.25.174.46:59651"

    C:\Users\mborr> nslookup whoami.akamai.net.
    Server: modem.domain
    Address: 192.168.0.1

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 198.36.160.3


    C:\Users\mborr>netsh interface ip show dns

    Configuration for interface "Local Area Connection 3"
    DNS servers configured through DHCP: None
    Register with which suffix: Primary only

    Configuration for interface "Local Area Connection* 32"
    DNS servers configured through DHCP: None
    Register with which suffix: Primary only

    Configuration for interface "Local Area Connection 2"
    DNS servers configured through DHCP: 192.168.0.1
    192.168.0.1
    208.67.222.222
    Register with which suffix: Primary only

    Configuration for interface "Loopback Pseudo-Interface 1"
    Statically Configured DNS Servers: None
    Register with which suffix: Primary only

     

  • Avatar
    rotblitz

    Your router modem.domain at 192.168.0.1 uses QWest's resolver 198.36.160.3, not OpenDNS.  Ensure that you configured only OpenDNS addresses, and that you filled all DNS fields with OpenDNS addresses.

    Btw, for you the first command would have been:  nslookup -type=txt debug.opendns.com.     (without 208.67.220.220)
    It would have returned "non-existent domain".

  • Avatar
    rotblitz

    "My current IP address and my network IP address still match. "

    Fine, but this is irrelevant at this stage, as long as you don't use OpenDNS.  Your settings cannot take effect.  You must first use OpenDNS.

  • Avatar
    mark32467

    @rotblitz: My modem settings have not changed. It's still set to use 208.67.220.220 & 208.67.222.222 as the primary and secondary DNS. OpenDNS blocking had been working for several months. Now, apparently QWest's resolver  at 198.36.160.3 is overriding OpenDNS. Any thoughts as to how I can correct this?

  • Avatar
    rotblitz

    Maybe, if we knew the exact model you're using and had a link to its user manual...

  • Avatar
    mattwilson9090

    Contact Qwest. It's very likely that they are hijacking your DNS traffic and redirecting it to their own DNS servers. If they are, and they won't stop doing this you should look into running DNSCrypt

  • Avatar
    mark32467

    @rotblitz: The user manual can be found here - https://internethelp.centurylink.com/internethelp/modem-c2100t.html.

    @mattwilson9090: I contacted CenturyLink and the rep said that would not be the case.

    Thanks

  • Avatar
    mark32467

    @rotblitz: I ran a second nslookup and got a different result on that IP:

    C:\Users\mborr>nslookup whoami.akamai.net

    Server: modem.domain
    Address: 192.168.0.1

    Non-authoritative answer:
    Name: whoami.akamai.net.foxracing.com
    Address: 146.20.29.44

     

  • Avatar
    rotblitz

    That command was wrong, without the trailing dot.  Therefore you didn't query whoami.akamai.net, but whoami.akamai.net.foxracing.com, i.e. by adding some DNS suffix.  Therefore it returned the result for the wildcard domain foxracing.com.  This is of no use.

    That user manual split over dozens of web pages is not handy enough for me.  Too lazy to work though it.  I was looking for a PDF document with a useful index.  You may want to post a screen shot instead of the page where the OpenDNS addresses are configured.

    And no, your DNS is not hi-jacked, as can be clearly seen by one of your earlier command outputs.

  • Avatar
    mark32467

    @rotblitz: Please see attached.




    DHCP Settings.JPG
  • Avatar
    rotblitz

    This looks good.  Can you also post the WAN status page if something like this exists?

  • Avatar
    mark32467

    @rotblitz: Success! Looking at the WAN settings page for the Centurylink c2100t modem, the default set in the ISP Protocol dropdown was "Auto Select". At that level, no additional configurations are visible, but I noticed that it displayed "IPoE" as the protocol selected. So I chose IPoE from the menu and that opened up additional configuration options (see attached). By selecting the Static DNS button under IPv4 DNS Type, I was able to enter the OpenDNS IP addresses and after applying that change, I was back to using OpenDNS. Thanks for the help! 




    WAN Settings.JPG
  • Avatar
    rotblitz

    Excellent, well done!

  • Avatar
    wrtdns

    I have Successfully Configured OpenDN on OpenWRT Bleeding Edge r49296. The OpenDNS Welcome Page Confirms this with a Orange Checkmark and "Welcome to OpenDNS" message. However, The website blocks I have configured for youtube in the OpenDNS Dashboard are not effective. I did reboot my Router as well as restarted dnsmasq just to flush the cache. Still I can access youtube.However please do note, the sample domain www.internetbadguys.com is indeed blocked for me as it should be.

    Can someone please help me shed some light here ?

    Given bellow is the command output for the assorted commands requested above.

    C:\Users>nslookup whoami.akamai.net.
    5.c.2.5.4.8.e.f.f.f.b.4.a.a.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa
            primary name server = localhost
            responsible mail addr = nobody.invalid
            serial  = 1
            refresh = 600 (10 mins)
            retry   = 1200 (20 mins)
            expire  = 604800 (7 days)
            default TTL = 10800 (3 hours)
    Server:  UnKnown
    Address:  fe80::22aa:4bff:fe84:52c5

    Non-authoritative answer:
    Name:    whoami.akamai.net
    Address:  208.69.36.11

    C:\Users>netsh interface ip show dns

    Configuration for interface "Local Area Connection* 4"
        DNS servers configured through DHCP:  None
        Register with which suffix:           Primary only

    Configuration for interface "Local Area Connection* 3"
        DNS servers configured through DHCP:  None
        Register with which suffix:           Primary only

    Configuration for interface "Ethernet"
        DNS servers configured through DHCP:  192.168.0.1
        Register with which suffix:           Primary only

    Configuration for interface "Wi-Fi"
        DNS servers configured through DHCP:  192.168.0.1
        Register with which suffix:           Primary only

    Configuration for interface "Loopback Pseudo-Interface 1"
        Statically Configured DNS Servers:    None
        Register with which suffix:           Primary only

    C:\Users>nslookup -type=txt debug.opendns.com. 192.168.0.1
    Server:  Router.lan
    Address:  192.168.0.1

    Non-authoritative answer:
    debug.opendns.com       text =

            "server 3.chi"
    debug.opendns.com       text =

            "flags 20 0 50 1950000000000000000"
    debug.opendns.com       text =

            "originid 50786617"
    debug.opendns.com       text =

            "actype 2"
    debug.opendns.com       text =

            "bundle 8884083"
    debug.opendns.com       text =

            "source 63.153.220.194:52584"

Please sign in to leave a comment.