My OpenDNS is not blocking web sites

Comments

79 comments

  • Avatar
    mattwilson9090

    Is your IP address registered on your OpenDNS dashboard? What have you configured to block? How are you testing that things are blocked or not?

     

    After double checking that clear your DNS cache https://support.opendns.com/entries/26336865 and check if things are being blocked

     

    If that doesn't take care of it, please answer the following questions or provide the following information

     

    Are you trying to block adult websites, what happens when you go to this website? http://www.exampleadultsite.com/

     

    Please copy and paste the complete output of the following commands. If you choose to provide a screenshot rather than pasting the text do not provide a link to a third party website since it's very possible that the security conscious people reading this forum have that domain blocked. Instead use the "Attach file" link at the bottom of this page. Note, the periods at the end of each command are part of the command, do not omit them or the results won't be usable for diagnostic purposes.

     

    nslookup -type=txt debug.opendns.com.

     

    nslookup www.exampleadultsite.com.

     

    ipconfig/all

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @Duke6marlo 
    What of the above measures and diagnostics did you take?  What was the outcome?  Beside this, there are no new insights, all's mentioned above already.

    0
    Comment actions Permalink
  • Avatar
    khalidnazim

    I am on Rogers network in Brampton Ontario and am using Rogers supplied HITRON CGN3ACR Modem/Router. Since yesterday my content filtering using OpenDNS is not working. The HITRON modem/router DNS configuration has not been changed and it still points to OpenDNS Servers.

    I ran all the commands and did all the tests suggested earlier in the post. Details are:

    https://www.opendns.com/welcome/ shows : "Oops…You aren’t using OpenDNS yet. Let’s fix that."

    IP Address on WanIP is 2607:fea8:ddf:f6e4:78a0:241d:d629:3bac ( Seems that my WAN IP is changed to IPv6)



    This is such a strange situation that one day earlier this was all working perfectly and since yesterday the OpenDNS filtering stopped working. Please HELP!

     

     

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    It appears that your ISP might have added IPv6 to your connection. Since OpenDNS does not filter DNS traffic sent to it via IPv6 this could very well account for the sudden loss of OpenDNS filtering.

    Disable IPv6 on your router and test again.

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    https://support.opendns.com/hc/user_images/IUizYYBF9Pzq3zNS0aMVrw.png

    This clearly shows that you're using IPv6 for your DNS traffic.  This IPv6 resolver address 2607:f789:18:10:0:640:7125:5204 is also clearly not an OpenDNS one.  You must ensure that your DNS traffic goes exclusively over IPv4, i.e. to the 208.67.22x.xxx addresses only, to guarantee your dashboard settings and the FamilyShield filtering (from the *.123 addresses) taking effect.

    One option would be to disable IPv6 as a whole, as mattwilson9090 suggested.  Better would be to force only DNS traffic going out via IPv4 only.  This would still allow access to the IPv6 internet which is preferred.

    0
    Comment actions Permalink
  • Avatar
    khalidnazim

    Thanks@mattwilson9090 and @rotblitz for the suggestions. However, I dont know and cannot find out how to:disable IPv6 on Or send DNS Traffic over IPv4 my router (HITRON CGN3). Can you both or anyone else help me do this on the HITRON or if there is another method to achieve this?

    Thanks and regards

    Khalid

     

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I don't have a HITRON device and would have to study online and offline documentation therefore, or had to visit a HITRON specific forum or support site to ask for assistance.  Do you expect me doing this for you?

    Whatsoever, the manual at http://setuprouter.com/router/hitron/cgn3acr/manual-2079.pdf doesn't say anything about IPv6 configuration options.  And this is the reason you better visit a specific forum or support site.  If it cannot be done on the router, then you still may be able to do it on the end devices.

    0
    Comment actions Permalink
  • Avatar
    ecovillage.org.in

    Hi, 

    I'm facing a similar issue,

    OPEN DNS is not blocking any websites.

    I have configured DNS correctly on router.

    below is o/p of some cmd commands:

    C:\Users\User8> nslookup -type=txt debug.opendns.com. 208.67.220.220
    Server: resolver2.opendns.com
    Address: 208.67.220.220

    *** resolver2.opendns.com can't find debug.opendns.com.: Non-existent domain

    C:\Users\User8>nslookup whoami.akamai.net
    Server: UnKnown
    Address: 192.168.0.1

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 74.125.190.9


    C:\Users\User8>netsh interface ip show dns

    Configuration for interface "Ethernet"
    DNS servers configured through DHCP: 192.168.0.1
    Register with which suffix: Primary only

    Configuration for interface "Loopback Pseudo-Interface 1"
    Statically Configured DNS Servers: None
    Register with which suffix: Primary only

     

    P.s. if you can help

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Your DNS queries do not go to OpenDNS, but to another DNS service, probably Google.  It could be that your ISP redirects your DNS traffic.  Call your ISP to opt out from DNS redirection, or try to circumvent this restriction with https://dnscrypt.org/

    0
    Comment actions Permalink
  • Avatar
    westview4100

    Thanks for the help.

     

    192.168.1.2 is our DNS server and we have it forwarding to 208.67.222.222 & 208.67.220.220.

     

    Here are the results I'm getting:

     

    2.1.168.192.in-addr.arpa
            primary name server = localhost
            responsible mail addr = nobody.invalid
            serial  = 1
            refresh = 600 (10 mins)
            retry   = 1200 (20 mins)
            expire  = 604800 (7 days)
            default TTL = 10800 (3 hours)
    Server:  UnKnown
    Address:  192.168.1.2

    westviewbaptist.org
            primary name server = ns1.sharefaithwebsites.net
            responsible mail addr = support.sharefaith.com
            serial  = 2016071912
            refresh = 10800 (3 hours)
            retry   = 3600 (1 hour)
            expire  = 604800 (7 days)
            default TTL = 86400 (1 day)

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    What exact command did you issue to get these results?  What do you want to demonstrate, and what do you want to achieve?  It looks like you executed:

    nslookup -type=soa westviewbaptist.org.

    In case of troubles with OpenDNS and westviewbaptist.org, you better post the outputs of these commands (including the commands):

    nslookup -type=txt debug.opendns.com.
    nslookup whoami.akamai.net.
    nslookup westviewbaptist.org.

     

    0
    Comment actions Permalink
  • Avatar
    westview4100

    Thank you rotblitz...

     

    C:\>nslookup -type=txt debug.opendns.com.
    2.1.168.192.in-addr.arpa
            primary name server = localhost
            responsible mail addr = nobody.invalid
            serial  = 1
            refresh = 600 (10 mins)
            retry   = 1200 (20 mins)
            expire  = 604800 (7 days)
            default TTL = 10800 (3 hours)
    Server:  UnKnown
    Address:  192.168.1.2

    Non-authoritative answer:
    debug.opendns.com       text =

            "server m25.mia"
    debug.opendns.com       text =

            "flags 20 0 50 3950000000000000000"
    debug.opendns.com       text =

            "originid 116137138"
    debug.opendns.com       text =

            "actype 2"
    debug.opendns.com       text =

            "bundle 10598336"
    debug.opendns.com       text =

            "source 75.112.45.210:51978"

    C:>nslookup whoami.akamai.net.
    2.1.168.192.in-addr.arpa
            primary name server = localhost
            responsible mail addr = nobody.invalid
            serial  = 1
            refresh = 600 (10 mins)
            retry   = 1200 (20 mins)
            expire  = 604800 (7 days)
            default TTL = 10800 (3 hours)
    Server:  UnKnown
    Address:  192.168.1.2

    Non-authoritative answer:
    Name:    whoami.akamai.net
    Address:  204.194.239.67


    C:>nslookup westviewbaptist.org.
    2.1.168.192.in-addr.arpa
            primary name server = localhost
            responsible mail addr = nobody.invalid
            serial  = 1
            refresh = 600 (10 mins)
            retry   = 1200 (20 mins)
            expire  = 604800 (7 days)
            default TTL = 10800 (3 hours)
    Server:  UnKnown
    Address:  192.168.1.2

    Non-authoritative answer:
    Name:    westviewbaptist.org
    Address:  207.158.10.208

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    So now, what is your issue?  This looks normal unless you expected to have westviewbaptist.org blocked.  It is not blocked by your OpenDNS settings, and therefore OpenDNS returns its real IP address of 207.158.10.208.

    Is your IP address 75.112.45.210 registered at https://dashboard.opendns.com/settings/ ?
    Is your dashboard network ID 116137138?

    0
    Comment actions Permalink
  • Avatar
    westview4100

    It's was not blocking the example site: http://www.exampleadultsite.com/

    Yes... that's our IP.

    I was looking around our account for the ID and discovered that I did not have the security settings configured.  They were set to NONE. 

    I'm new to configuring OpenDNS and thought I just needed to redirect my DNS to have the "magic" happen.

    I am so sorry to have wasted your time.  It is working as expected now.

    0
    Comment actions Permalink
  • Avatar
    homepaity

    nslookup -type=txt debug.opendns.com

    0
    Comment actions Permalink
  • Avatar
    homepaity

    C:\>nslookup -type=txt debug.opendns.com.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Yes, this is the command which can show relevant information about your usage of OpenDNS.

    0
    Comment actions Permalink
  • Avatar
    superislam444

    nslookup -type=txt debug.opendns.com.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Yes, this is the command which output can show relevant information about your usage of OpenDNS.

    But you really should open your own thread if you have a problem or a question.  This thread is already too full!

    0
    Comment actions Permalink

Please sign in to leave a comment.