Unable to get LPS to work on Netgear WNDR4500

Comments

14 comments

  • Avatar
    tkldonon

    Hi

    I would start by checking https://www.opendns.com/welcome/

    If you get a welcome, then you are being seen by OpenDNS and the issue is the filters.

    If you get an "oops" then your DNS redirect is not working and that is closer to home.

    You also said that you have had OpenDNS before and now are using LPC and ive seen other posts that state that having two accounts like this causes problems and you need to get OpenDNS to clear your records so that you can start again.

    Of you check the FAQ and then drop them an email, they can confirm if you do have an old account.

    From a networking perspective, make sure your router DNS is set to open DNS and that your Modem is not providing it to the router.

     

    0
    Comment actions Permalink
  • Avatar
    ranson

    Yes I get a welcome from https://www.opendns.com/welcome/.

    I no longer have a network registered at OpenDNS. When I log onto the dashboard I see:

     

    You suggest I check the FAQ and drop OpenDNS an email, but I'm not sure what I would be looking for. Can you give me more detail?

    Yes my router is using OpenDNS

     

    0
    Comment actions Permalink
  • Avatar
    ranson

    Oops, posted graphics don't seem to come show in my comments.

    These are the graphics I was trying to post:




    Dashboard.GIF
    Netgear DNS servers.GIF
    0
    Comment actions Permalink
  • Avatar
    ranson

    And now it works intermittently.

    My son complained OpenDNS was blocking YouTube -- which it probably should on high filter settings -- then a couple of minutes later it wasn't. I tried the same thing and at first it didn't block, and then after a while it did, and shortly thereafter it didn't again.

    It didn't seem to make any difference whether i cleared the cache ("ipconfig /flushdns") or not.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I no longer have a network registered at OpenDNS."

    Fine, but your current IP address could still be registered with another OpenDNS network.  Post the complete plain text output of the following diagnostic command:

       nslookup -type=txt debug.opendns.com.

     
    Also, regarding Netgear DNS servers.GIF, did you set this manually on your Netgear router?  You shouldn't!  You just enable LPC via the Genie program/app.

    0
    Comment actions Permalink
  • Avatar
    ranson

    Hi Rotblitz

    The output of the command is as follows:

    nslookup -type=txt debug.opendns.com
    d.1.d.6.0.5.e.f.f.f.1.0.4.4.6.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa
            primary name server = localhost
            responsible mail addr = nobody.invalid
            serial  = 1
            refresh = 600 (10 mins)
            retry   = 1200 (20 mins)
            expire  = 604800 (7 days)
            default TTL = 10800 (3 hours)
    Server:  UnKnown
    Address:  fe80::7644:1ff:fe50:6d1d

    Non-authoritative answer:
    debug.opendns.com       text =

            "server 9.syd"
    debug.opendns.com       text =

            "device EF0A0AA0000C6E3A"
    debug.opendns.com       text =

            "flags 422 0 2F4 5950800000000000000"
    debug.opendns.com       text =

            "originid 0"
    debug.opendns.com       text =

            "actype 0"
    debug.opendns.com       text =

            "source 110.22.115.91:32771"

    I set up the DNS servers manually when I was using a network registered with OpenDNS. I subsequently enabled LPC using the Genie application but without resetting the DNS servers entry manually.

    Will that cause a problem? If so, what is the appropriate solution to resolve it?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "Server:  UnKnown
    Address:  fe80::7644:1ff:fe50:6d1d"

    Do you see that you sent your DNS queries through an IPv6 connection?  You must disable IPv6 and leave just IPv4, on the router or on the computer.  As soon as you disable IPv6 and clear your caches, it will work.  Ensure that you do not have a network defined at https://dashboard.opendns.com/settings/
    Your dashboard is only at https://netgear.opendns.com/

    0
    Comment actions Permalink
  • Avatar
    ranson

    I see the IPv6 but I don't understand its significance.

    Does it mean that my computer is sending DNS queries using IPv6? Or is it the router?
    What is the result of using IPv6 instead of IPv4?

    I have since set the router's IPv6 setting to "Disabled" instead of "AutoDetect" (which it had been). The other options are "6to4 Tunnel"; "Pass Through"; "Fixed"; "DHCP"; "PPPoE"; or "Auto Config". Unfortunately the router manual and help files don't seem to explain any of these, so it was a stab in the dark.

    That made no difference to the output of the nslookup command until I rebooted the computer. Then it changed the IP address to 192.168.1.1 as below:

    >nslookup -type=txt debug.opendns.com
    1.1.168.192.in-addr.arpa
            primary name server = localhost
            responsible mail addr = nobody.invalid
            serial  = 1
            refresh = 600 (10 mins)
            retry   = 1200 (20 mins)
            expire  = 604800 (7 days)
            default TTL = 10800 (3 hours)
    Server:  UnKnown
    Address:  192.168.1.1

    Non-authoritative answer:
    debug.opendns.com       text =

            "server 11.sin"
    debug.opendns.com       text =

            "device 00002CECF3B95E16"
    debug.opendns.com       text =

            "flags 422 0 B6 1940000000000000000"
    debug.opendns.com       text =

            "originid 28031828"
    debug.opendns.com       text =

            "actype 1"
    debug.opendns.com       text =

            "bundle 28031828"
    debug.opendns.com       text =

            "source 110.22.115.91:32771"

    However, even after making these changes, clearing my dns cache, setting the LPC filter setting to High, rebooting my computer and my router and waiting far more than the recommended 3 minutes, almost nothing seems to be blocked by the filter.

    The only single website that is blocked is a proxy site "unblockingproxy.net". I recently had that blocked in the router itself, interestingly though, the blocking is happening at OpenDNS. The message comes from the URL "http://block.opendns.com/main?wc=EwVuG....".

    I did have a network added at https://dashboard.opendns.com/settings/ over the weekend. I wanted to test whether setting the filtering at the main OpenDNS dashboard would work, and it did. So it doesn't seem to be that I am not connecting to OpenDNS properly.

    I have since removed that network, so now I have no network defined at dashboard.opendns.com.

    Any idea of where to go from here??

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    What it most likely means is that your ISP is providing native IPv6 to you, and since IPv6 is configured on both the computer and router your traffic, especially the DNS lookups that rotblitz referred to, are going out via IPv6. It's a chain, and all pieces are necessary for it to work that way.

    The significance is that your computer and network are exposed to IPv6 traffic, and in relation to OpenDNS it is that it doesn't filter any IPv6 traffic.

    There are multiple advantages to using IPv6, especially internally to your LAN but even though your ISP is providing an IPv6 connection it's unlikely that you are prepared to safely handle IPv6 traffic so the simplest thing to do is to leave it configured for the internal network and disable it on the router, as you've already done. Not to be insulting, but if you don't know what those other terms mean on the router the best thing you can do for now is to leave it disabled unless or until you are able to learn more about IPv6. Very few people have the hardware and software (including internet services like OpenDNS) to safely use IPv6 on the internet so it's best not to use it for now.

    'll leave it to rotblitz to analyze the latest nslookup, but it looks like there is something else going on that the IPv6 traffic was masking. In the meantime what other domains are you using to test if traffic is being blocked or not?


    I did have a network added at https://dashboard.opendns.com/settings/ over the weekend. I wanted to test whether setting the filtering at the main OpenDNS dashboard would work, and it did. So it doesn't seem to be that I am not connecting to OpenDNS properly.

    I have since removed that network, so now I have no network defined at dashboard.opendns.com.

    Any idea of where to go from here??

    0
    Comment actions Permalink
  • Avatar
    ranson

    Other sites I have checked that fail to be blocked are:

    facebook.com (should be blocked by social networking filter)

    youtube.com (should be blocked by video sharing)

    playboy.com (should be blocked by pornography)

    gmail.com (should be blocked by webmail)

    dropbox.com (should be blocked by file storage)

    thepiratebay.com  (redirects to thepiratebay.se, should be blocked by P2P/file sharing)

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Have you cleared the browser cache as well as the DNS cache?

    0
    Comment actions Permalink
  • Avatar
    ranson

    Yes, I have cleared my firefox cache, and also tried with chrome and even IE

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "Does it mean that my computer is sending DNS queries using IPv6? Or is it the router?"

    Both, else IPv6 would not work.

    "What is the result of using IPv6 instead of IPv4?"

    Not fully sure about LPC, but it could well be that content filtering does not take effect if DNS queries are sent via IPv6.  OpenDNS staff will be able to confirm this.

    "Then it changed the IP address to 192.168.1.1"

    Yep well done!  Your DNS queries seem to go out over IPv4 now.

    "However, even after making these changes, clearing my dns cache, setting the LPC filter setting to High, rebooting my computer and my router and waiting far more than the recommended 3 minutes, almost nothing seems to be blocked by the filter."

    Yes, sure, and this will not change as long as your IP address 110.22.115.91 is registered with OpenDNS network ID 28031828.

    "I have since removed that network, so now I have no network defined at dashboard.opendns.com."

    Really?  No matter, your IP address is still registered with OpenDNS, and this is an attempt to use both in parallel, LPC and OpenDNS Home.  These are incompatible and lead to exactly the effects you're seeing.  So everything is normal.

    So visit https://dashboard.opendns.com/settings/ again to see if you really have deleted the network there.
    Your LPC dashboard is only at https://netgear.opendns.com/

    If there is no network at https://dashboard.opendns.com/settings/, then you must raise a support ticket to get your IP address released from network ID 28031828.

    As soon as the IP address registration has been deactivated, and you flushed your caches, your LPC settings will take effect.

    0
    Comment actions Permalink
  • Avatar
    Alexander Harrison

    Based on the test above from Rotblitz's question -         "device 00002CECF3B95E16" - that device ID belongs to your bypass account which is set to no filtering which would explain why you're not seeing any filtering. I'd recommend signing out of the bypass account or configuring some filtering on it to enable those settings for that computer. 

    0
    Comment actions Permalink

Please sign in to leave a comment.