OpenDNS not working via Router Setup

Comments

14 comments

  • Avatar
    mattwilson9090

    Have you made any recent changes on your network, or with your ISP?

    It appears that things are configured properly on your router and your PC but there are some things you should check. I think I'm seeing something odd in the nslookup results, but I'm not as experienced with those as other so I'll et them comment

    1) Make sure that your public IP address is properly registered on your OpenDNS dashboard

    2) Disable IPv6 on the router

    3) Make sure that your router has the latest firmwareinstalled

    0
    Comment actions Permalink
  • Avatar
    joeraven

    Thanks mattwilson9090 for your quick response.

    The only other incident that happened to my network is that I inadvertently installed a botnet, got blocked by my ISP a couple of times; I finally removed it after I identified the offending software ( around July). I was also hosting a website using dyn.com service. I took the DNS hosting offline recently and no longer host any website. I need to start having web filtering at home so my kids can surf the internet safely.

    By the way, IPv6 is disabled on my router and my public IP is registered with OpenDNS.

    0
    Comment actions Permalink
  • Avatar
    joeraven

    The router also has the latest and greatest firmware.

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Definitely, your ISP is redirecting your DNS queries to their own DNS service, so that they don't reach OpenDNS.  You'll have to contact your ISP to opt out from this DNS hi-jacking.

    If this is not with success. you may be able to circumvent this redirection by using DNSCrypt: https://dnscrypt.info/

    0
    Comment actions Permalink
  • Avatar
    joeraven

    Thanks rotblitz. I contacted my ISP and was of little help since the issue is still there. They said that my router might be the issue, but I am sure it is not since I also performed a device setup on my PC without a change in the outcome. I will give DNSCrypt a try although at this point, I am willing to go for a paid solution; a router with DNSCrypt already installed would be sweet. I am also willing to spend time to setup my own router with DNSCrypt.

    0
    Comment actions Permalink
  • Avatar
    joeraven

    I tried DNSCrypt on my PC and I was pleasantly surprised that it worked not only on my PC but also on the clients connected to the network.  I suspect that my PC must be running all the time to protect the network. My next step should be trying this on a router setup. 

    Thanks again for all your help!

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    No, your router is not the issue, as can be seen from your command outputs.

    Before you invest in a router to run DNSCrypt on it, ensure that DNSCrypt really solves the problem.  Or perform a pre-test without DNSCrypt:

        nslookup -type=txt -port=443 debug.opendns.com. 208.67.220.220

        nslookup -type=txt -port=443 -vc debug.opendns.com. 208.67.220.220

        nslookup -type=txt -port=5353 debug.opendns.com. 208.67.220.220

        nslookup -type=txt -port=5353 -vc debug.opendns.com. 208.67.220.220

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Oh, my last message was overlapping with yours.

    "I tried DNSCrypt on my PC and I was pleasantly surprised that it worked not only on my PC but also on the clients connected to the network."

    Oh no, it should work only on the PC then.  If it also works on the other devices now, calling your ISP has helped, and you may be able to use OpenDNS just normal, without further measures.

    This is the test you can perform on every device:  http://welcome.opendns.com/

    0
    Comment actions Permalink
  • Avatar
    joeraven

    Ok good.  I am debating whether to uninstall DNSCrypt or not. I suppose it doesn't hurt to leave it installed. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Sure, using DNSCrypt is a good idea, generally.  It is just a bit more efforts, especially if you install it on every device.

    0
    Comment actions Permalink
  • Avatar
    Eden

    Hi joeraven,

    Sorry to hear you are having issues. DNSCrypt usually doesn't affect OpenDNS usage, though it does encrypt your DNS queries from your computer to your designated DNS resolver. Could you please submit a support ticket so we can take a closer look at your case? Please run our diagnostic tool according to instructions here: https://opendns.zendesk.com/entries/21841580-Diagnostic-Tool-Link-and-Instructions and submit the URL of the finished test to us.

    Cheers!

    0
    Comment actions Permalink
  • Avatar
    joeraven

    Hi Eden,

    OpenDNS is working for me now as long as I disable Avast's Secure DNS. I found in another thread that my Avast antivirus' Secure DNS feature interferes with OpenDNS web filtering. Furthermore, my kids have the same antivirus. So all three PCs were effectively encrypting DNS queries and thus not redirecting them to OpenDNS. I also found out that Avast uses the same DNS encrypting software DNSCrypt. So basically, if anyone on my network wants to circumvent  OpenDNS web filtering, all they have to do is enable Avast's Secure DNS feature or at least that is my conclusion. Let me know if you think I still need to submit a support ticket, but I think the root cause problem is Avast's DNS encrypting feature. Thanks again for your response. 

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Absolutely no reason to open a ticket.  You found the root cause, and you fixed it.

    0
    Comment actions Permalink
  • Avatar
    Eden

    Hi joeraven,

    Yes, Avast's Secure DNS does cause conflicts with OpenDNS, so I'm glad to hear that it's working now that you've turned it off. If you'd like to read up about this topic, please take a look at this article: https://support.opendns.com/entries/57943894-Avast-2015-Security-Suite-Secure-DNS-and-OpenDNS. If you are happy with the results now, then you won't need to open a ticket. If you run into problems in the future though, feel free to talk to us!

    Cheers!

    0
    Comment actions Permalink

Please sign in to leave a comment.