I am puzzled. I'm seeing odd blocking of pornography/nudity related sites in the reports. It tends to be during the day, during weekdays. A consistent pattern of the same several dozen sites. Almost always with 2 hits each. I have put I place an Untangle firewall with web filtering set to flag but not block, so I should see all wired or wireless traffic. Yet I'm not seeing matching attempts in the web filter logs to the URL's being reported by OpenDNS. When I test internally, I'll try the OpenDNS test site internetbedguys.com and I'll see the OpenDNS block URL in the web filter log. Looking at the full URL captured I can see the URL internetbadguys.com in the OpenDNS block page. What I don't understand is how I'm not seeing the internal source of these OpenDNS blocked events. I can see that if I just do an NSLookup to those websites, that will trigger the logged URL's in OpenDNS but obviously not in the web filter. But I cannot understand a scenario on my internal network that would once per day do an NSLookup on a long list of pornography sites, but not attempt to connect to them. So I'm left wondering if there's a logging bug at OpenDNS and I'm seeing someone else's events in addition to my own, or if I'm just not grokking this basis of this network pattern. Any tips?
Please sign in to leave a comment.