Comments

18 comments

  • Avatar
    Rob Gregg

    Hi,

    Thanks for getting in touch, sorry to hear you're struggling with the IP updater. This issue is usually caused by the way your ISP handles DNS traffic, I would recommend getting in touch with them and asking whether you are behind a transparent proxy. 

    If you are still experiencing problems after discussing this with your ISP I would recommend opening a ticket with us.

    0
    Comment actions Permalink
  • Avatar
    arthurwv

    I called them the first with no help.  I called again and was on hold for over an hour. Asked to speak to a supervisor and of course they had no idea what to do.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    So see if your DNS traffic IP address is indeed different from your web traffic IP address:

       Your DNS IP address:  nslookup myip.opendns.com.

       Your web IP address:   http://myip.dnsomatic.com/

    It is your DNS IP address which must be registered at https://dashboard.opendns.com/settings/ to make the additional features of OpenDNS work
    (blocking by category, blocking or whitelisting individually, stats and logs).

    To see why there is a mismatch, you may want to run this test to see if you're behind a proxy:
    http://www.lagado.com/proxy-test

    See also: https://support.opendns.com/entries/63421664

    0
    Comment actions Permalink
  • Avatar
    arthurwv

    my web ip: 184.9.191.46   which is the DNS IP address

    And the proxy test results :

    Proxy Test

    This request appears NOT to have come via a proxy.

    The request appears to have originated from ip address 184.9.191.46

     

    The Lagado Proxy Test shows details of any proxy servers you are using. It is especially useful to expose transparent proxies. These are proxies inserted between your browser and the web, typically by your ISP, and often without you knowing.

    Sometimes a proxy will be deliberately hidden so it won't be exposed by this test. In this case you can use the Cache Test to expose stealthed transparent proxy caches.

     

    The Raw Details

    Here are the raw details of the request received by this server.

    Remote   IP Address 184.9.191.46

    Request   Protocol HTTP/1.1   Method GET

    Request Headers

    Host www.lagado.com
    Connection keep-alive
    Accept text/html,​application/xhtml+xml,​application/xml;q=0.9,​image/webp,​*/*;q=0.8
    Upgrade-Insecure-Requests 1
    User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
    Accept-Encoding gzip, deflate, sdch
    Accept-Language en-US,en;q=0.8

     

     

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Apparently not behind a proxy, but there are other ISP tweaks like NAT, DNS redirection and staff which cannot easily be investigated.

    "my web ip: 184.9.191.46   which is the DNS IP address"

    Does this mean both are identical?  Then there is no IP address mismatch at all, and the Updater's warning was a false positive for whatever reason.  Something else must confuse the Updater.

    0
    Comment actions Permalink
  • Avatar
    arthurwv

    They are identical.     Where you typed "Your DNS IP address:  nslookup myip.opendns.com.", is there anything I need to do with that?  I don't know if this will help, but I am attaching what Updater is showing.

     




    Image1.jpg
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "Where you typed "Your DNS IP address:  nslookup myip.opendns.com.", is there anything I need to do with that?"

    Yes, you open a command prompt window and enter the command to see what your DNS IP address is.

    "They are identical."  -  How can you know if you didn't execute that nslookup command?

    "I don't know if this will help, but I am attaching what Updater is showing."

    Yes, this is the reason why you're posting here.  I know.

    0
    Comment actions Permalink
  • Avatar
    arthurwv

    Oh sorry.  Didn't realize it was a command prompt.  I meant my IP and the one registered at opendns.  




    Image2.jpg
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    You should not have queried myip.opendns.com.netgear.com, but only myip.opendns.com.  You ignored the trailing dot as part of the command.
    And weird that this returns two different public IP addresses.  Something seems to hi-jack your NXDOMAIN results.  And this is Search Guide Inc located in Boulder/USA.  See that you can get rid of this!

    And you would not have needed to post a screen shot.  A copy & paste of the raw text would have been sufficient.

    As you missed to enter the trailing dot to indicate an FQDN, try again:

       nslookup myip.opendns.com.

    And check also your web IP address again: http://myip.dnsomatic.com/ - it might have changed in between.

    0
    Comment actions Permalink
  • Avatar
    arthurwv

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\dr andy>myip.opendns.com.
    'myip.opendns.com.' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Users\dr andy>nslookup myip.opendns.com.
    Server: dslrouter.netgear.com
    Address: 192.168.254.254

    Non-authoritative answer:
    Name: myip.opendns.com
    Addresses: 198.105.244.114
    198.105.254.114


    C:\Users\dr andy>

     

    Andy the web IP address is still the same.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    This DNS lookup has been hi-jacked by Search Guide again, so I think you don't use OpenDNS at all.  Now post the output of these comands (trailing dots are part of it!):

       nslookup -type=txt which.opendns.com.

       nslookup -type=txt which.opendns.com. 208.67.220.220

    0
    Comment actions Permalink
  • Avatar
    rolltide1017

    What does "hi-jacked by Search Guide" mean?  I'm getting those same 198 address when using nslookup and I'm also getting the mismatch error.  I had to exchange my router and modem with Charter today and the new equipment is not working with OpenDNS.  It was fine yesterday with my old modem and Netgear router but, we were having to reboot both of them so often that I just decided to exchange them.  The new router from Charter is not a Netgear but a Sagemcom Fast 5260.

    0
    Comment actions Permalink
  • Avatar
    cobalt-phoenix

    Well, your question has been answered by Rob Gregg from OpenDNS above already.  If you have configured your new router with the OpenDNS resolver addresses, and it does not work, e.g. http://welcome.opendns.com/ indicates you're not using OpenDNS, ask your ISP to find out what you have to do to use a 3rd party DNS service.

    You can also copy & paste the complete plain text output of the diagnostic commands above, plus the IP address returned from http://myip.dnsomatic.com/ so that we see more.

    0
    Comment actions Permalink
  • Avatar
    rolltide1017

    Just wondering if the "hi-jacked by search guide" meant I have malware.

     

    My web IP from http://myip.dnsomatic.com/ is: 71.82.1.108

     

    Here is the results from http://www.lagado.com/proxy-test:

    This request appears NOT to have come via a proxy.

    The request appears to have originated from host 71-82-1-108.dhcp.leds.al.charter.com which has ip address 71.82.1.108

     

    The Lagado Proxy Test shows details of any proxy servers you are using. It is especially useful to expose transparent proxies. These are proxies inserted between your browser and the web, typically by your ISP, and often without you knowing.

    Sometimes a proxy will be deliberately hidden so it won't be exposed by this test. In this case you can use the Cache Test to expose stealthed transparent proxy caches.

     

    The Raw Details

    Here are the raw details of the request received by this server.

    Remote   Host 71-82-1-108.dhcp.leds.al.charter.com   IP Address 71.82.1.108

    Request   Protocol HTTP/1.1   Method GET

    Request Headers

    Host www.lagado.com
    Connection keep-alive
    Accept text/html,​application/xhtml+xml,​application/xml;q=0.9,​image/webp,​*/*;q=0.8
    Upgrade-Insecure-Requests 1
    User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
    Accept-Encoding gzip, deflate, sdch
    Accept-Language en-US,en;q=0.8,gl;q=0.6

    This Server   Host www.lagado.com   IP Address 27.131.76.84

    Date: Saturday 19 Mar 2016 1:21:08 GMT+1100

     

    Here is my nslookup myip.opendns.com results:

    Server: HG6Box
    Address: 10.6.18.4

    Non-authoritative answer:
    Name: myip.opendns.com
    Addresses: 198.105.244.24
    198.105.254.24

     

    Here is my nslookup -type=test which.opendns.com.:

    Server: HG6Box
    Address: 10.6.18.4

    Non-authoritative answer:
    which.opendns.com text =

    "I am not an OpenDNS resolver."

     

    Here is my nslookup -type=txt which.opendns.com. 208.67.220.220 results:

    Server: resolver2.opendns.com
    Address: 208.67.220.220

    Non-authoritative answer:
    which.opendns.com text =

    "9.ash"

    0
    Comment actions Permalink
  • Avatar
    cobalt-phoenix

    "Just wondering if the "hi-jacked by search guide" meant I have malware."

    Having malware would mean that you installed malicious software on your computer.  Did you get the impression you have that?  And even if you installed some software allowing Search Guide to hi-jack your DNS, I'm not sure if this can classified as malware.  I would rather classify it as adware.  In this case you may want to uninstall this software.

    "I am not an OpenDNS resolver."

    (You meant "txt", not "test", right?)  This result indicates that you don't have the OpenDNS resolver addresses configured on your HG6Box at 10.6.18.4.  Configuring the OpenDNS resolver addresses is the first and most important step to use OpenDNS at all.  So, do it now! 
    https://support.opendns.com/categories/20080020

    "9.ash"

    This result indicates that you could use OpenDNS if you had configured it to use it.

    "The request appears to have originated from host 71-82-1-108.dhcp.leds.al.charter.com which has ip address 71.82.1.108"

    Name: myip.opendns.com
    Addresses: 198.105.244.24
                         198.105.254.24

    This is where the IP address mismatch becomes evident.  Your ISP Charter has sold your DNS traffic to Search Guide to make extra money for serving you with unwanted advertisements.  Else your DNS IP address would be the same as your web IP address: 71.82.1.108.  You'll have to contact Charter to see how you can opt out from the DNS hi-jacking.

    0
    Comment actions Permalink
  • Avatar
    rolltide1017
    First, I'd like to say thanks for responding, I really appreciate it. I don have the OpneDNS resolver programmed in my router. That's my problem, I have my router set to use OpenDNS but, it is not using OpenDNS. Anyway, I figured out what was causing the problem, the router from Charter (a Sagemcom, never heard of this brand). I tried changing my laptops IPv4 setting to use OpenDNS, instead of getting it from the router, and everything worked correctly. OpenDNS filter also started working, but only on my laptop. So, I brought home an old Linksys router from work, plugged it up and programmed it for OpenDNS and... everything work like it should. So, I have concluded that something funny is going on in this new router from Charter. Not sure if it is a Charter specific firmware that is blocking third party DNS servers or if Sagemcom has a deal with Search Guide to force it on users. Either way, I don't understand why they let you manually enter a DNS server if the router is just going to ignore the setting. Today I went out and bought a new router and took the other one back to Charter. Everything is working correctly now. Thanks again for taking the time to read and comment on my posts.
    0
    Comment actions Permalink
  • Avatar
    mhp2019

    I have been struggling with this for two days, opened a ticket with OPEN DNS and my cable company. OpenDNS has yet to respond, WOW and I pay for this service too? OPENDNS says to check if my ISP put me behind a proxy. ISP says current connection is not behind a proxy setting and you can check yours here at this link (http://www.whatsmyip.org/more-info-about-you/)

    When I ran on wireless setting, OPENDNS worked fine per web content filtering, when I shut off wireless and plugged in ethernet, address went from ISP Public IP to 92.242.140.2 address in question..WTH? So here is the fix I have so far and it is working. In network options, configure IPv6 to MANUAL setting, not automatic and release and renew IPv4 binding on the NIC and verify your using all three OPENDNS IP address. See if that helps and I hoped I save someone hours of no responsiveness and aggravation..Enjoy!

    1
    Comment actions Permalink
  • Avatar
    bjchez

    Old thread I know. But for the randoms out there who stumble across this by way of googleing the issue, try disabling IPV6 on your adapter settings.

    This is what worked for me after fighting with settings for about 2 hours.

    0
    Comment actions Permalink

Please sign in to leave a comment.