Trying to whitelist (NEVER BLOCK) a site

Comments

32 comments

  • Avatar
    rotblitz

    Then copy & paste the plain text output of the following commands here:

    nslookup -type=txt debug.opendns.com.
    nslookup www.example.com.                  (where www.example.com is the domain you want to block)

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "cleared cache and history"

    Not history, just cache. Also, flush your local resolver cache from an elevated command prompt window: ipconfig /flushdns

    0
    Comment actions Permalink
  • Avatar
    doorman

    Hey jamez, were you able to resolve the issue?  I'm getting the same problem.  

    0
    Comment actions Permalink
  • Avatar
    jamezpowell
    No it still won't white list the domain. I also discovered that if you log into a bypass account and visit a blocked site, that site will then load on the same machine after logging out of the bypass account. Basic cache deletion from the browser doesn’t seem to fix that either.
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "if you log into a bypass account"

    Ah, so this is not OpenDNS Home Basic?  This is new information.  What OpenDNS version is it?

    And, where are the outputs of the commands I listed above?

    Or did you open a support ticket?

    0
    Comment actions Permalink
  • Avatar
    doorman

    Rotblitz, I finally figured out what's wrong with my setup, based on your past posts elsewhere in the forum.

    I have a NetGear router which turn out to have it's own OpenDNS dashboard. I didn't realize until now that this is a different site from the regular OpenDNS dashboard. Now the sites are no longer blocked after I added them to the NEVER BLOCK list in the Netgear OpenDNS dashboard.

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Ah, yes, LPC. Excellent!

    0
    Comment actions Permalink
  • Avatar
    Dominic Bannister

    Hi,

    Looking at your account, I see that you have both the NETGEAR LPC service and our network based service. We do not recommend having both services in your account. Please submit a support ticket and let us know which service you would like to use, this will prevent future filtering conflicts.

    Thanks

    0
    Comment actions Permalink
  • Avatar
    justagirl3

    I was told to hold only the domain name like...youtube.com or bing.com now www. before it.  This is listed on this site somewhere.

     

    0
    Comment actions Permalink
  • Avatar
    buckybuoy

    I've whitelisted hardees.com several times this morning.  It will take, and I'm able to navigate to the website, but within a minute, or so, it is blocked again.

    I have cleared my cache used the terminal command  ipconfig /flushdns.

    What gives?

    0
    Comment actions Permalink
  • Avatar
    buckybuoy

    Should read "cleared my browser cache and used the terminal command  ipconfig /flushdns."

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    So, does it disappear from the whitelist each time???

    0
    Comment actions Permalink
  • Avatar
    buckybuoy

    No, it  doesn't disappear from the Whitelist.

    I just got the OpenDNS blocked site for hardees.com.  Checked the list and it's there.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Do you have an OpenDNS dashboard account in addition to the account you use for managing things via LPC? Which one are you using to whitelist hardeee's?

    It sounds like you might have both, since a few minutes is usually the time you are told to wait to expect things to propagate if you make a change in the OpenDNS dashboard. That could account for making a change and then seeing it "disappear" a few minutes later.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @buckybuoy
    "No, it  doesn't disappear from the Whitelist."

    Then, how could you have "whitelisted hardees.com several times this morning"?  This is obviously the wrong approach.

    What about posting the commands I initially have shown in this thread?  This would give us significantly and immediately more insight.

       nslookup -type=txt debug.opendns.com.
       nslookup  hardees.com.
       nslookup  www.hardees.com.

    Just saying "it doesn't work" is of no help for us helping you.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Also not sure why hardees.com is blocked for you at all.  It is not in any category:
    https://domain.opendns.com/hardees.com
    What did you do to get it blocked in the first place???

    hardees.com is an alias of CKEMKTPRDLB-20131022-983025467.us-east-1.elb.amazonaws.com.  Did you possibly block amazonaws.com or its subdomains by mistake or in error?

    0
    Comment actions Permalink
  • Avatar
    buckybuoy

    Yes, amazonaws.com IS BLOCKED!  I'll unblock it now . . . Standby . . .

    0
    Comment actions Permalink
  • Avatar
    buckybuoy

    YES!  Deleting amazonaws.com worked!  I can now navigate to hardees.com and hallmarkecards.com.

    You're a genius . . . a little prickly, but, still, a genius.

    Thanks for your help.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Yes, hallmarkecards.com seem to use the Amazon AWS CDN (Content Delivery Networks) service too (*.cloudfront.net).

    Also, I do not understand why someone would block a CDN service.  This is the worst idea ever.  Doing this will break far too many web sites, because so many depend on such services. mainly the ones from Amazon or Akamai, some also from CloudFlare, Incapsula and the likes.

    0
    Comment actions Permalink
  • Avatar
    thsfilter

    Thank you so much! This forum helped me to solve a problem I have been having for some time. 

    0
    Comment actions Permalink
  • Avatar
    tariq

    I want to Whitelist (unblock) WhatsApp but do not know the domain name that I should add to the WhiteList. Does anyone know how to do this?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Is WhatsApp blocked for you?  You check your blocked domains at https://dashboard.opendns.com/stats/all/blockeddomains to find out the related domains to whitelist.  After my experience, this would be whatsapp.net.  Do not unnecessarily whitelist domains which are not actually blocked.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Is WhatsApp blocked for you?  You check your blocked domains to find out the related domains to whitelist.  After my experience, this would be whatsapp.net.  Do not unnecessarily whitelist domains which are not actually blocked.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I cannot answer.  It says:

    To prevent unwanted messages in the community, your comment is pending review by a moderator. When it is approved, it will be published.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Whitelist whatsapp.net, but only if it is actually blocked.

    0
    Comment actions Permalink
  • Avatar
    merookie

    Hello, I have added snapchat.com, app.snapchat.com and chat-gateway169-prod.chat.snapchat.com in trying to allow my daughter to use snapchat app on the iPhone, no success. Any idea what I am missing. Thanks for your time and consideration..

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Firstly, are you using a Netgear router with LPC? If not then you should post your question in a thread that is not about LPC, or start an entirely new thread.

    Also, there is no need to add all of those domains to your whitelist, since two of them are subdomains of snapchat.com. Whitelisting snapchat.com will cause all of it's subdomains to be whitelisted as well.

    It's entirely possible that the snapchat app communicates with hard coded IP addresses, in which case OpenDNS can't do anything for you since the app wouldn't use in the first place. What happens when you do try to connect to snapchat? How is that different from when you are connected to a different network (such as the phone providers data network or a public WiFi hotspot)?

    If you were using the OpenDNS Home product I'd tell you to check your OpenDNS stats and logs to see what is being blocked, but that isn't an option wih LPC since it doesn't have that capability. There might be some other logs on your router that give you some insight into where the traffic is going, which might guide you in figuring out what domains you need to whitelist.

    You could try user some sort of network sniffer, such as wireshark, to figure out where traffic is going, but that may be beyond your technical comfort level or ability.

    You could also search these forums for snapchat related threads, as well as general internet searches to see if they give any insight into the domains that snapchat using for the version of the iOS app you are currently changing. Note, it's entirely possible that the domains the app uses could change with the version of the app your are using, and possibly even with the version of iOS. Unfortunately most vendors are rather opaque when it comes to figuring out what domains they use with your apps so it could take a while for you to find out what domain or domains you need to whitelist.

    0
    Comment actions Permalink
  • Avatar
    merookie

    Thanks mattwilson9090 for your time.

    I am using Netgear LPC. When unblocking snapchat.com did not work then I included subdomains for trials and also these were getting hit and blocked when trying to run snapcat app on iPhone. I have created few time blocks and allowed Video Sharing category (snapchat was getting blocked because of this category) in these blocks. This mean that I have to allow category to let snapchat run, ideally I wanted to white list snapchat.com only not whole category. Thanks..

     

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Like I said, adding those subdomains is pointless. If you already have the domain whitelisted adding subdomains only serves to use up one of your whitelist slots, it won't magically start whitelisting the subdomain, but not the domain itself.

    Unblocking the video sharing category like you've done does validate that the snapchat app is using a domain to reach the servers rather than an IP address. That's a good thing. Now you can either continue unblocking the snapchat domain that you've been doing, or you can follow some of the ideas I suggested for ways to figure out exactly which domain the snapchat app is using, which obviously is not snapchat.com. That's not an uncommon thing, since many apps either use different domains from the primary one, though some do make things easier on people by using subdomains.

    0
    Comment actions Permalink

Please sign in to leave a comment.