Comments

28 comments

  • Avatar
    jrsutton

    I am very new to OpenDNS, less than three or four days, and here is how I solved my youtube problem, without sacrificing other google offerings, gmail, google calendar, etc.

    I blocked...

    The website itself (works for PCs):
    youtube.com

    Thumbnail domains (PCs, tablets, and phones):
    ytimg.com
    ytimg.l.google.com

    Youtube Applications:
    youtube.l.google.com
    googlevideo.com

    Hopefully this will save someone else a few hours of trial and error...

  • Avatar
    Alexander Harrison

    To block the Youtube app, typically the below domains will do the trick:

    • googlevideo.com
    • ytimg.l.google.com
  • Avatar
    gwinner

    I am a longtime OpenDNS user and have been able to block youtube on my child's ipad by blocking the youtube.com, s.ytimg.com, ytimg.com, and googlevideo.com under the "Manage Individual Domains" section of OpenDNS,

    However, I recently upgraded my router to a Netgear R8000 and I am trying to use the built in parental controls / Netgenie and have been unable to block Youtube with the methods mentioned above.

    Using the built-in parental controls would be a great upgrade because it would enable me to automatically block youtube during certain times of the day without having to login to OpenDNS and switch the blocking on.

    The problem is that netgear.opendns.com does not offer the ability to "Manage Individual Domains". While the R8000 is able to block domains, for some reason it is unable to block HTTPS domains which I believe at least some of the aforementioned domains are.

    As a side note, it seems like blocking the Youtube app on Ipads and Iphones is a common question in these forums, is there a reason why OpenDNS does not block youtube.com, ytimg.com, s.ytimg.com, and googlevideo.com by default when "Video Sharing" is selected to block? It seems like that would solve a lot of problems. 

    At any rate, any advice would be greatly appreciated regarding how I can block youtube on an Ipad utilizing my Netgear R8000 and netgear.opendns.com.

    Thanks in advance.

    Greg

  • Avatar
    tammyinmo

    Blocking the individual sites works, unless you want it to be on a schedule or you want to be able to bypass it using bypass accounts.

  • Avatar
    mattwilson9090

    Domains are not HTTPS, HTTP, FTP, or anything else. Those are all protocols and DNS does not know about protocols, let alone care about them. It only deals with domain names, and if the domain you are trying to block is included in a blocked category, or individually blocked then it will be blocked regardless of the protocol used.

    That said, it sounds like you are trying to block these domains according to schedule. Unfortunately, as I understand it, the time based controls only block categories, not domains, according to schedule. As a test you could try blocking those domains in your blacklist outside of the time based controls just to make sure that you are still using the correct domains. s.ytimg.com has no submissions at all, so it would inherit the categorization of it's parent domain ytimg.com, which currently is nothing.

    Of the domains you list youtube.com is already categorized as "Video Sharing", ytimg.com is awaiting votes on a number of categorizations, but none is finalized and "Video Sharing" has specifically been rejected. Trying to visit the domain directly as a wait only result in page not found so I'm not certain what it's correct categorization should be. googlevideo.com is currently categorized as a Content Delivery Network, but going to the domain as a webpage gives a Google Video search page, so it would appear to be miscategorized.

    To make a long story short, the reason those domains are not blocked when you have "Video Sharing" blocked is that only 1 in 4 of them is categorized that way, and the others eithers are not yet categorized, or appear to be miscategorized. The domain tagging system relies on community input and votes, so you are invited to look at these domains yourself, and either vote on the current proposed domains or flag one or more of them for review.

    One thing to be aware of with anything google related, especially google apps is that google uses a huge number of domain names, and seems to quite often change the ones that they use for their websites and their apps. This makes it very difficult to block or allow any google properties using a DNS based system, which is one reason there are so many questions here regarding google domains. Especially since people so often want to do something very, very specific instead of just blocking everything that's google related

  • Avatar
    andeeau

    I had the same issue on my android tablets. Despite netgear opendns being configured to block video sharing, the youtube app & new youtube kids app would work.

    Accessing via a browser was blocked.

     

    Like Greg, I found too that if I put domains into my R7000, only http:www.youtube.com was blocked but this could be overcome by using https://www.youtube.com

    I have now put youtube.com, l.google.com & googlevideo as blocked domains in netgear opendns under account settings and this is now blocking everything.

     

    However I too want this on a schedule rather than just being blocked.

     

    I agree with Greg, if video sharing is selected this should block these domains and any domains that would normally allow video sharing/streaming!

    I can work around this bu using the netgear network map and taking systems off the 'default level on the router' but this is manual process and no-one should have to do this. The whole point of the setting blocking and adding time blocks is to automate this process.

     

    Opendns please resolve by blocking these additional youtube domains when video sharing is selected!

     

    Andrew

  • Avatar
    tsorensen1220

    The router function doesn't work because they don't bother blocking DNS, they do packet inspection on http and block it on the URL. Which fails completely with https (and rightfully so). If they did DNS blocking it would work regardless of http or https.

    I added the entire list of domains above to OpenDNS's Account Settings->Blacklist/Whitelist, made sure they are all marked as Always Blocked, and then loaded youtube in another tab. The main page loads, videos play, and searches for youtube videos still work as well.

    And while I'd rather not block things, kids are dumb sometimes, and temporary restrictions have to be put in place. And while I can setup my own DNS server to solve this, the entire point of both the Netgear solution and the OpenDNS solution was to avoid having to do exactly that.

  • Avatar
    tsorensen1220

    Shrug. I logged in via Netgear. I'm looking, right now, at https://netgear.opendns.com/account.php?device_id=XXXXXXX&view=info-bwlist . If it shouldn't have that, then that's a configuration issue on OpenDNS's side I'd say.

    As for using OpenDNS resolvers -- I have been for over a decade -- 208.67.222.222 and 208.67.220.220 have been my primary and secondary resolvers across at least 4 different routers, most of them running dd-wrt.

    In general this seems like a general failure of Netgear's poor software rather than OpenDNS, but not entirely. If the blacklist/whitelist functionality doesn't work with Netgear's routers, it shouldn't be part of the control panel (and yes, it is).

  • Avatar
    mattwilson9090

    Regardless of how you think things should work or be displayed, a "normal" OpenDNS account is not compatible with LPC. You need to delete the OpenDNS network that this LPC router is connecting to if you want LPC to work reliably and consistently for you. There are advantages that each of them has over the over, but you cannot combine those advantages, you *have* to choose one or the other for things to work properly.

  • Avatar
    tsorensen1220

    This isn't a "normal" OpenDNS account. The account was created ENTIRELY through the Netgear Genie iPhone App. I then logged into it via the web portal on my router from my laptop. At NO point have I used any other method to connect, create, or manage the account.

  • Avatar
    mattwilson9090

    You made reference to using OpenDNS with other routers, including with dd-wrt so it sounded like you were also using the free OpenDNS Home product or some other OpenDNS product. Just in case, you should double check what, if anything, you have listed at https://dashboard.opendns.com/settings/

    If there is nothing there, and you think this is still caused by a failure of Netgear's software then you should either visit a Netgear support forum or open a support ticket with Netgear. You should of course also make sure that you have the latest firmware for your router.

  • Avatar
    andeeau

    Hi I have had similar 'issues' -  have a Netgear R7000.

    Was wanting to block youtube, on a schedule, as my son would watch videos and use a lot of data.

    I originally started with the router, blocking using terms 'youtube', etc which worked for HTTP only and not for HTTPS.

    Since my router supported (ie. had a built-in open dns client) I created a open dns account, provided the account details into my R7000.

    This changed the DNS on any of my devices to use Open DNS servers.

    Logging into my account, I created a schedule and ticked the items I wanted blocked during that time. One of the items ticked - 'Video Sharing'

    This did work but not completely.  It blocked everything youtube related on a computer or laptop (both HTTP or HTTPS) but it didn't block anything that was viewed via a youtube app on a smartphone or tablet.  Am using the official youtube & youtube kids apps.

     

    The only way around this was to blacklist the address listed at the top of this thread.  Now youtube is blocked completed 24x7 and if I want to let my kids view I use the NetGenie app on my phone and change the filtering level from 'Default level on the router' (ie. what open dns is configured for) to one of the preset levels - low, moderate, high, etc.

     

    BUT, given there is a category to block called 'Video Sharing' I think this should also block youtube if viewed from the official youtube apps for smart devices.  Surely this can done?

  • Avatar
    mattwilson9090

    @andeeau

    Yes, it can be done, but not in the manner that you might be thinking of. Being DNS based, OpenDNS knows nothing about websites, pages, URL's, content, apps, or anything else. It only knows about domain names, such as company.com

    Many companies that have a mobile website or app will host those using a subdomain, such as m.company.com

    Youtube (and by extension Google) is much more complicated. They own many domains, many of which also use subdomains to manage and provide all of their services, and it's not always obvious what goes with what. They also seem to use a different set of domains for mobile apps, sometimes even a different set for apps on different OS's (meaning the android Youtube app could use completely different ones from the one intended for iOS). Sometimes they even seem to use different domains for different versions of the app. To make things even more confusing they even seem to change all of the domains they use for everything from time to time.

    Long story short, these apps can be blocked on the video sharing category if someone identifies the particular set of domains used for a specific app, tags them in OpenDNS, and it then receives enough votes that it's approved. Unfortunately Google doesn't make any of this information available, which makes it even more opaque.

    You can search through these forums to find other threads where people have had limited success with blocking apps this way. Perhaps one of them will give you enough information on blacklisting a set of domains that will work for you.

  • Avatar
    andeeau

    @mattwilson9090

    That all makes sense.

     

    I have already blocked youtube altogether by adding the domains listed at the top of this thread to the blacklist in my opendns account.

     

    However, I feel that given I have 'video sharing' to be blocked on a schedule, I shouldn't have to manually do this.

    Given the domains are now known, surely this should be added to the 'video sharing' preset so when someone uses it, ALL of youtube is blocked and not just part of it.

     

    How does someone 'tag' the domains in OpenDNS as you say?

  • Avatar
    andeeau

    @mattwilson9090

    I said it makes sense, no need to go and get defensive.

    BUT -  I am simply trying to say that this issue with Youtube apps does not appear to be new.  There are many posts about it and many posts again where people have found the domains.

    As I have said twice, I have these identified domains to block youtube altogether so these domains work. Time will tell if the domains change as you say but at the moment they work, so they should be added to the 'video sharing' category.

    IF, they change and youtube apps start to not be blocked then the whole process would have to start again with the identifying of the new domains, voting, approval, etc.

    This can only help improve the 'video sharing' category and opendns as a whole if 'video sharing' blocks more than what it started with right?

    I'll go see now if this has already been tagged.

     

    Cheers

  • Avatar
    jamesschwabii

    @mattwilson9090 

    @andeeau

    I've inputted all of the domains for blocking the youtube app and it just keeps working. 

    What can you suggest?




    Capture.PNG
  • Avatar
    rotblitz

    The first problem I see is that you always enters www subdomains.  This blocks only this, not the main domain and not any other subdomains of it.  I.e. normally what you want to block will not be blocked at all.  So, delete these www subdomains from your list and enter the main domains, e.g. youtube.com, hulu.com, etc.  This will block these and all their subdomains inc www.

    If this still does not work, ensure that you're indeed using OpenDNS:  http://welcome.opendns.com/

    If you don't use OpenDNS, then you can enter into the dashboard whatever you want - it won't have any effect, of course!

  • Avatar
    nabeelrajby

    Please help me out that how to completely block facebook. i already add facebook.com and m.facebook.com in block domains list but still working on android app.

  • Avatar
    geo118

    Well I got fed up!

    My kids waste their time on Youtube to watch idiotic videos of Stampy playing minecraft, but if I block Youtube then they can't use it for playing along with their musical instruments.

    We need an immediate toggle On/Off system.

    So here it is. Attached is a file called "Toggle OpenDNS.cmd". It runs under Windows 7 but will probably run under 8 and 10 also.

    Before using it open it with Notepad or some text editor. There are 3 parameters to replace at the beginning of the file. Instructions are provided in the file.

    1. Your network name. Use the command "netsh interface ipv4 show interfaces" to list your networks. Identify the one you want to enable/disable OpenDNS on, copy the name and paste it into the 1st parameter.

    2. The IP address of your router, if you have configured OpenDNS DNS servers on it, or else just leave the IP address of an OpenDNS server

    3. The IP address of your normal DNS server, or you can leave 8.8.8.8 which is Google's DNS server

    You can save the file anywhere. It needs to be run with administrator privileges to work. If you want to hide it from your kids anyway, put it in some folder and use the search function in the start key to search for it.

    To run it, right click and chose "Run As Administrator". You will be prompted to enter the credentials of an administrator or simply to confirm.

    It will ask you "Enable OpenDNS? Y/N"

    Press Y or N

    The effects are immediate. Remember your browser may have cached some IP addresses but for example with YouTube it works just fine!

    Remember to Enable OpenDNS afterwards if you disable it!

     

     

     



     

     

     




    Toggle OpenDNS.cmd
  • Avatar
    Alexander Harrison

    Hello All,

    A friendly reminder that when an executable file is posted, unless you understand the logic itself we'd strongly recommend not utilizing it as it may do literally anything on your computer. We've opened this one and can confirm it's logic just switches DNS at this time. We're not able to remove the attachment without removing the entire comment so it will remain at this time. 

    Be aware; however, that there are more elegant alternative software programs such as http://changedns.how/ and http://www.sordum.org/7952/dns-jumper-v2-0/ which accomplish the same task and give you some more options. 

    Also, if you'd like to enable the option to bypass blocks such as youtube without turning OpenDNS off, this functionality would be available for Mac and Windows with the OpenDNS Roaming Client + Block Page Bypass + The Certificate from https://support.opendns.com/entries/69573730-Installing-the-OpenDNS-Root-CA. Note that this is a $20/user/year subscription for Umbrella Prosumer available at https://store.opendns.com/umbrella/prosumer. This also lets you set your parents or your own computer to be block free while enforcing blocks on the kids computers (Windows and OSX). 

  • Avatar
    neoexpress

    Hello Sir I need to Block Uc browser App? How to do it? 

     

  • Avatar
    rotblitz

    Blocking individual domains is not supported by LPC but is a specific pure router function as described at http://kb.netgear.com/app/answers/detail/a_id/20483/ 
    This has also scheduling.  Try to block the domain names you listed above with this feature.

  • Avatar
    rotblitz

    You're totally correct with your first paragraph re the URL keyword blocking.  URLs are end-to-end encrypted with HTTPS, so cannot be inspected by a "man in the middle" like a router.

    "I added the entire list of domains above to OpenDNS's Account Settings->Blacklist/Whitelist"

    This however was a massive fault.  You cannot use the normal OpenDNS dashboard with Netgear LPC at the same time.  These are incompatible!  Even more, when using LPC, you must delete any network from https://dashboard.opendns.com/settings/
    Your LPC dashboard is only at https://netgear.opendns.com/ !  And this does not have a blacklist or whitelist.

    If you want to block domains efficiently, also for HTTPS, you must disable LPC on the router, and then you can configure the router with the OpenDNS resolver addresses to use the normal OpenDNS dashboard with whitelisting and blacklisting and also stats.  This is on a DNS level and works also regardless of HTTPS or not.

    The only way to individually block domains with LPC is while adding these to the local hosts file on the end user devices or by using an own proxy server or DNS server.

    "the entire point of both the Netgear solution and the OpenDNS solution"

    That's the fault!  You cannot use both, but either the one or the other, although both are OpenDNS solutions.

  • Avatar
    mattwilson9090

    It doesn't matter how you feel. This is how the technology works, feelings have nothing to do with it. Someone has to identify the domain, submit it so that others can vote upon it, and once enough votes are received that categorization will be approved or denied.

    My point was that the domains for apps are NOT known, and in the case of youtube not only do they keep things cryptic, but they seem to change them periodically. The fact that Google uses multiple sets of domains for the web browser, and apparently different domains for different apps on various different OS'es like Android, iOS or Windows, and sometimes even different versions of the app makes it more difficult and never certain.

    Identifying those domains isn't difficult, but it can be time consuming, and with some apps can mean having the exact same set of hardware and software as someone else in order for it to apply to others. You are welcome to do the work yourself and submit the domains you discover, or to search through the forums and find out if someone else has already found the answer. Unfortunately, since Google changes things periodically I wouldn't be confident that anything older than 6 months or so is still valid.

    For domain tagging click on the Community link at the very top of the page. That will take you to https://community.opendns.com/ where you can read all about tagging, vote on existing submissions, and submit domains of your own.

  • Avatar
    mattwilson9090

    @nabeelrajby Are you using a Netgear router with LPC (Live Parental Controls)? If not, you are posting in the wrong thread and need to post this in a different thread, either one you create (always a good idea when trying to hijack someone else's thread) or another thread devoted to the same EXACT topic as you have.

    Assuming you have a netgear router have you read any of the previous discussion in here? Do you realize that OpenDNS can do nothing to block an app because it knows nothing about anything that is not a domain? If an app doesn't use domains then OpenDNS cannot block it? Have you blocked any of the other domains that are mentioned in this thread? What have you done to discover the domains that the app you are concerned about is using?

  • Avatar
    rotblitz (Edited )

    How is your message related to the topic of this thread "YouTube app blocking"?  I do not see anything YouTube related with your message...

    But well, OpenDNS is not a service to block apps, but to block access to domains only, because OpenDNS is not an app service, but a DNS service, as its name clearly says.  Didn't know?  Now you know!

    You block an app by taking away the smart device from the user, so easy!

    You may be able to block access to the Google Play app store by OpenDNS, while blocking the related domains, e.g. play.l.google.com.  This would have maybe prevented to install the app before it was installed.  Now, when it is installed, you cannot do a lot against it with OpenDNS.

    If you didn't mean to block the app, but the access from the app to UC's proxy and other servers, then you'll want to blacklist at least the following domains at your OpenDNS dashboard:

    • ucweb.com
    • amap.com
    • alibaba.com
    • umengcloud.com
    • uc.cn
    • sm.cn
    • umeng.cloud

    (The domain information derived from this article.)

  • Avatar
    mattwilson9090

    Which you tube app are you referring to?

    This very same issue has been discussed several times in other threads. You could either look through your logs to see what domains you are looking up, or you could search those threads and see what they have to say.

  • Avatar
    rotblitz

    You search for the related threads here and proceed as instructed there, what else?

    https://support.opendns.com/categories/search?utf8=%E2%9C%93&query=youtube+app&for_search=1&commit=Search

    -10

Please sign in to leave a comment.