My OpenDNS is not blocking web sites
I have reviewed the documentation and I am sill unable to get web sites blocked. My dashboard shows IP address 97.121.160.114, but my updater box shows IP address 198.105.244.23. I am sure i have a dynamic IP address which is why i have downloaded the updater. The DNS O Matic box is unchecked. Open DNS has worked for me for about a year and i recently discovered the web site protection is no longer functional. It seems to be a dynamic IP address issue, but i cannot figure out how to solve the problem. Thank you.
-
First check if you're using OpenDNS at all: http://welcome.opendns.com/
If not, then check that the OpenDNS resolver addresses are still configured where you configured them, and that no other resolver addresses are in use.
Else if yes, then post the complete plain text output of the following command here: nslookup -type=txt debug.opendns.com.
-
@heintz_57 I am not seeing any traffic being sent to us from your current IP address. My guess is that you either you have a dated IP address registered in your dashboard, or your DNS is not pointing to us. You can find out your IP address by visiting http://www.whatismyip.com/. Whatever the website reports the IP as, that is address that you need registered. Can you visit https://www.opendns.com/welcome/ and let me know what message appears for you.
-
"I checked the welcome link and received an OOPS message that i am not using Open DNS."
That's bad. This has nothing to do with your IP address.
"When i go to what is my IP, i get this IP 71.34.134.164... My Open DNS dashboard still shows this ip address..."
What IP address you have registered is totally irrelevant and unrelated as long as you even do not use OpenDNS, because your dashboard settings cannot take effect then. Ensure that you have the OpenDNS resolver addresses correctly configured and that no other resolver addresses are in effect.
To see possible problems, please copy & paste the complete plain test output of the following commands here:
nslookup -type=txt debug.opendns.com. 208.67.220.220
nslookup whoami.akamai.net.
netsh interface ip show dns
-
OOPS is bad, got it, but my OpenDNS Updater window says yes under Using Open DNS? Below are the copy/pastes of the command you sent and the output.
C:\Documents and Settings\jheintz>nslookup -type=txt debug.opendns.com. 208.67.2
20.220
Server: resolver2.opendns.com
Address: 208.67.220.220Non-authoritative answer:
debug.opendns.com text ="server 11.dfw"
debug.opendns.com text ="flags 20 0 2F6 19500007E00400014C3"
debug.opendns.com text ="originid 27927332"
debug.opendns.com text ="actype 2"
debug.opendns.com text ="bundle 7068786"
debug.opendns.com text ="source 71.34.134.164:2865"
C:\Documents and Settings\jheintz>nslookup whoami.akamai.net.
Server: PK5001Z.PK5001Z
Address: 192.168.0.1Non-authoritative answer:
Name: whoami.akamai.net
Address: 205.171.172.89C:\Documents and Settings\jheintz>netsh interface ip show dns
Configuration for interface "Wireless Network Connection 2"
DNS servers configured through DHCP: 192.168.0.1
205.171.2.25
Register with which suffix: Primary onlyConfiguration for interface "Network Connect Adapter"
DNS servers configured through DHCP: None
Register with which suffix: Primary only -
It looks like your computer is using your router and one of Qwest's DNS servers for DNS resolution:
DNS servers configured through DHCP: 192.168.0.1 <-- Your router
205.171.2.25 <--Qwest's DNS serverQwest's DNS server will need to be removed from your machine for filtering to work correctly. If you find your computer's IPV4 DNS settings you should be able to remove the 205.171.2.25 address.
Have you configured your router to use our DNS settings? If you provide the output of the following command it will show whether or not your router is configured correctly:
nslookup -type=txt debug.opendns.com. 192.168.0.1
We have directions to configure the PK5001Z ZyXel router here: https://support.opendns.com/entries/30787100-Configuring-Actiontec-M1000-or-W1000-ZyXel-PK5001Z
-
i tried using the directions in the link you sent and completely messed up my modem connection. My modem is now reset to factory defaults. Below is the cmd output.
C:\Documents and Settings\jheintz>nslookup -type=txt debug.opendns.com. 192.168.
0.1
Server: PK5001Z.PK5001Z
Address: 192.168.0.1*** PK5001Z.PK5001Z can't find debug.opendns.com.: Non-existent domain
-
You still do not use OpenDNS but whatever is configured on this router at 192.168.0.1.
Now follow the link posted by Kristy to configure OpenDNS on your router, doing exactly and only what is described there:
https://support.opendns.com/entries/30787100-Configuring-Actiontec-M1000-or-W1000-ZyXel-PK5001Z
You shouldn't mess it up with this.Then flush your caches and test again at http://welcome.opendns.com/ to see if it works.
-
I'm having a similar problem. I have blocked a group of sites, which are also religious related and they are not being blocked. I've attached screen shots. I'm using an Apple Time Machine (Router), and an iMAC, running the latest OS. Please advise. Thank you.
Screen Shot 2015-05-15 at 11.33.03 AM.png
Screen Shot 2015-05-15 at 12.06.12 PM.png
Screen Shot 2015-05-15 at 12.02.37 PM.png -
According to your configuration it seems you also have IPv6 connectivity, because you have the OpenDNS IPv6 Sandbox addresses configured: 2620:0:ccc::2 and 2620:0:ccd::2. But as mentioned in several threads here, if using IPv6 connectivity (for DNS queries), the additional features of OpenDNS (content filtering, individual domain blocking, logs and stats, etc) do not take effect, because you cannot register your IPv6 address at https://dashboard.opendns.com/settings/ yet, just your IPv4 address.
Therefore, to make use of the additional features, you have to disable IPv6 connectivity over the internet (foremost for DNS if you can), on the router or on the end user devices.
To see if you're using IPv6 connectivity for your DNS queries and if you configured OpenDNS correctly, you raise a DNS lookup command like:
nslookup -type=txt debug.opendns.com.
-
I'm having the same problem.
When I try http://welcome.opendns.com/, it works fine.
Here's what I get when I use the command nslookup -type=txt debug.opendns.com
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
debug.opendns.com text = "server 1.mia"
debug.opendns.com text = "flags 20 0 72 19500007E0000000441"
debug.opendns.com text = "originid 36107581"
debug.opendns.com text = "actype 2"
debug.opendns.com text = "bundle 7852101"
debug.opendns.com text = "source 201.217.253.220:60050"
Authoritative answers can be found from:
Can you help me?? Thanks!
-
The device you tested from appears to be using your router as your local DNS server, which is a good thing. That means your router needs to be configured to use OpenDNS as it's DNS resolvers, but it appears not to be. You should carefully look at your router's settings to see what is being used for DNS and change them to the OpenDNS addresses.
-
I am having the same problem. This started happening a week or two ago.
I have checked my router - it's a D-Link DIR-859. IPv6 is not configured; the DNS 1 and 2 addresses are set to 208.67.220.220 and 208.67.222.222 respectively. There is no 3rd DNS address.
I hit the welcome.opendns.com page. It says I am using OpenDNS.
I checked the network address in my updater and it matches my actual address, and it shows on the settings for my network correctly on the OpenDNS dashboard.
I ran the nslookup -type=txt debug.opendns.com command: here's the output.
C:\Users\Mary>nslookup -type=txt debug.opendns.com
Server: resolver1.opendns.com
Address: 208.67.222.222Non-authoritative answer:
debug.opendns.com text ="server 9.yyz"
debug.opendns.com text ="flags 20 0 70 5950800000000000000"
debug.opendns.com text ="originid 0"
debug.opendns.com text ="actype 0"
debug.opendns.com text ="source 204.237.1.57:12628"
I have my filter set to block video sharing, but www.youtube.com and www.vimeo.com and others load up like nothing was wrong.
I then changed the DNS resolver addresses for the network adapters on my machine to directly reference the OpenDNS servers.
C:\Users\Mary>netsh interface ip show dns
Configuration for interface "Wireless Network Connection"
Statically Configured DNS Servers: 208.67.222.222
208.67.220.220
Register with which suffix: Primary onlyConfiguration for interface "Local Area Connection"
Statically Configured DNS Servers: 208.67.222.222
208.67.220.220
Register with which suffix: Primary onlyConfiguration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: None
Register with which suffix: NoneI'm confused. What am I missing in my config?
-
I have a similar situation, although OpenDNS had been configured and working until recently. My current IP address and my network IP address still match. Would appreciate some guidance. Diagnostic command results are:
C:\Users\mborr>nslookup -type=txt debug.opendns.com. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220Non-authoritative answer:
debug.opendns.com text ="server 1.sea"
debug.opendns.com text ="flags 20 0 50 19500007C00400014C3"
debug.opendns.com text ="originid 46933777"
debug.opendns.com text ="actype 2"
debug.opendns.com text ="bundle 8711365"
debug.opendns.com text ="source 174.25.174.46:59651"
C:\Users\mborr> nslookup whoami.akamai.net.
Server: modem.domain
Address: 192.168.0.1Non-authoritative answer:
Name: whoami.akamai.net
Address: 198.36.160.3
C:\Users\mborr>netsh interface ip show dnsConfiguration for interface "Local Area Connection 3"
DNS servers configured through DHCP: None
Register with which suffix: Primary onlyConfiguration for interface "Local Area Connection* 32"
DNS servers configured through DHCP: None
Register with which suffix: Primary onlyConfiguration for interface "Local Area Connection 2"
DNS servers configured through DHCP: 192.168.0.1
192.168.0.1
208.67.222.222
Register with which suffix: Primary onlyConfiguration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: None
Register with which suffix: Primary only -
Your router modem.domain at 192.168.0.1 uses QWest's resolver 198.36.160.3, not OpenDNS. Ensure that you configured only OpenDNS addresses, and that you filled all DNS fields with OpenDNS addresses.
Btw, for you the first command would have been: nslookup -type=txt debug.opendns.com. (without 208.67.220.220)
It would have returned "non-existent domain". -
@rotblitz: My modem settings have not changed. It's still set to use 208.67.220.220 & 208.67.222.222 as the primary and secondary DNS. OpenDNS blocking had been working for several months. Now, apparently QWest's resolver at 198.36.160.3 is overriding OpenDNS. Any thoughts as to how I can correct this?
-
@rotblitz: The user manual can be found here - https://internethelp.centurylink.com/internethelp/modem-c2100t.html.
@mattwilson9090: I contacted CenturyLink and the rep said that would not be the case.
Thanks
-
That command was wrong, without the trailing dot. Therefore you didn't query whoami.akamai.net, but whoami.akamai.net.foxracing.com, i.e. by adding some DNS suffix. Therefore it returned the result for the wildcard domain foxracing.com. This is of no use.
That user manual split over dozens of web pages is not handy enough for me. Too lazy to work though it. I was looking for a PDF document with a useful index. You may want to post a screen shot instead of the page where the OpenDNS addresses are configured.
And no, your DNS is not hi-jacked, as can be clearly seen by one of your earlier command outputs.
-
@rotblitz: Please see attached.
DHCP Settings.JPG -
@rotblitz: Success! Looking at the WAN settings page for the Centurylink c2100t modem, the default set in the ISP Protocol dropdown was "Auto Select". At that level, no additional configurations are visible, but I noticed that it displayed "IPoE" as the protocol selected. So I chose IPoE from the menu and that opened up additional configuration options (see attached). By selecting the Static DNS button under IPv4 DNS Type, I was able to enter the OpenDNS IP addresses and after applying that change, I was back to using OpenDNS. Thanks for the help!
WAN Settings.JPG -
I have Successfully Configured OpenDN on OpenWRT Bleeding Edge r49296. The OpenDNS Welcome Page Confirms this with a Orange Checkmark and "Welcome to OpenDNS" message. However, The website blocks I have configured for youtube in the OpenDNS Dashboard are not effective. I did reboot my Router as well as restarted dnsmasq just to flush the cache. Still I can access youtube.However please do note, the sample domain www.internetbadguys.com is indeed blocked for me as it should be.
Can someone please help me shed some light here ?
Given bellow is the command output for the assorted commands requested above.
C:\Users>nslookup whoami.akamai.net.
5.c.2.5.4.8.e.f.f.f.b.4.a.a.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: fe80::22aa:4bff:fe84:52c5
Non-authoritative answer:
Name: whoami.akamai.net
Address: 208.69.36.11
C:\Users>netsh interface ip show dns
Configuration for interface "Local Area Connection* 4"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
Configuration for interface "Local Area Connection* 3"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
Configuration for interface "Ethernet"
DNS servers configured through DHCP: 192.168.0.1
Register with which suffix: Primary only
Configuration for interface "Wi-Fi"
DNS servers configured through DHCP: 192.168.0.1
Register with which suffix: Primary only
Configuration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: None
Register with which suffix: Primary only
C:\Users>nslookup -type=txt debug.opendns.com. 192.168.0.1
Server: Router.lan
Address: 192.168.0.1
Non-authoritative answer:
debug.opendns.com text =
"server 3.chi"
debug.opendns.com text =
"flags 20 0 50 1950000000000000000"
debug.opendns.com text =
"originid 50786617"
debug.opendns.com text =
"actype 2"
debug.opendns.com text =
"bundle 8884083"
debug.opendns.com text =
"source 63.153.220.194:52584"
Please sign in to leave a comment.
Comments
79 comments