blocking both http and https sites for youtube. Help!

Comments

8 comments

  • Avatar
    rotblitz

    "I have added youtube (and all variants like youtube.com www.youtube...) as keyword blocking."

    The keyword youtube alone should do it already.  But yes, I have heard that keyword blocking doesn't work with HTTPS, because the data stream is encrypted then, so keywords cannot be recognized in the data stream.

    "i have the current content filtering set as high. This should block video donwloading right?"

    There's no "video downloading" category.  High should block "Video Sharing".  Or select custom and check the category "Video Sharing".

    "I'm afraid it still doesnt restrict access to https youtube."

    Something may be wrong with your configuration.  Post the complete plain text output of the following command here:

       nslookup -timeout=8 -type=txt debug.opendns.com.

    "I have also deleted browsing history if this might be the issue."

    This is not an issue and is useless.  Not the browser history is of interest here, but the browser cache (temporary internet files), and also the local resolver cache.
    https://support.opendns.com/entries/26336865-Clearing-the-DNS-Cache-on-Computers-and-Web-Browsers

    0
    Comment actions Permalink
  • Avatar
    sunilshah_99

    hello rotblitz, 

    thank you for your response. I have confirmed that content filtering on opendns (via genie) is on custom and video sharing is blocked. However I can still access https but not http youtube. I got onto cmd drive and typed in your command, nslookup....

     

    this is the reply i received on the c drive: 

    server : unknown

    address 10.0.0.2

    ***unknonwn cant find debug.opendns.com.: Non existen domain

     

    Please advise how to go forward. 

    One more issue is that I we have students who continuously come and go - I cant clear the caches on their computers or smartphones. So I need a command that will block all attempts to log into youtube.com even if their smartphone was on this site successfully before.

    Is this possible? At the moment, even my pc seems to log on without an issue.

    Please advise. thank you in advance!

    0
    Comment actions Permalink
  • Avatar
    sunilshah_99

    Rotblitz, just to confirm, on my pc I have flushed the dns cache. Yet I can still access https://youtube.com  What am I doing wrong?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I got onto cmd drive and typed in your command, nslookup...."

    Your nslookup output proves that you don't use OpenDNS at all yet.  Your DNS queries do not reach OpenDNS, so OpenDNS can't do anything for your settings taking effect.  You should see a related message when visiting http://welcome.opendns.com/

    "However I can still access https but not http youtube."

    The fact that http://www.youtube.com/ is being blocked is most likely due to a keyword in the router blacklist, and the block page is most likely from the router, not from OpenDNS.

    Are you sure that Genie supports your router model for LPC?
    http://kb.netgear.com/app/answers/detail/a_id/24686/
    It seems that LPC is not enabled yet, or that your ISP redirects your DNS queries to their DNS service.
    ISP redirection can be proved with:  nslookup  -type=txt  which.opendns.com.  208.67.220.220

    "I cant clear the caches on their computers or smartphones."

    No, you can't.  But this is not so much important as you think it may be.  It's more important to use OpenDNS at all which is not the case yet.

    0
    Comment actions Permalink
  • Avatar
    sunilshah_99

    Hello Rotblitz, first thank you for your patience with me a non-techie! Your questions:

    -I have confirmed my router Netgear DGN 2200 is one on  the compatible list. (it is rebranded by South African Telkom, my ISP, but I am pretty sure it works as the Genie LPC dashboard shows I am connected).

     when i typed command:  nslookup  -type=txt  which.opendns.com.  208.67.220.220

    the response was "I am not an open dns resovler' 

    I believe I am logged onto the dns dashboard, as I see my email and a message saying my current ip is 105.228.73.103

    I can also go to the link (via the open dns page) to the netgear LPC page, where I see my current custom settings.

    However, when i type  http://welcome.opendns.com/ it says 'oops  I am not yet using opendns yet.'  I can get onto the internetbadguys site and it asks me to setup dns account again I dont want to mess it up, so I wont set it up again (i think I am already set up via LPC). I will await your expert  instructions.

     

    thank you again!

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "the response was "I am not an open dns resovler' "

    Yes, this proves that your DNS queries are being redirected by your ISP (South African Telkom) to their own DNS service.  This prevents you from using OpenDNS, no matter if normally or via LPC.  You're out of luck then.  You may contact your ISP to ask for opting out of this DNS hi-jacking.

    "However, when i type  http://welcome.opendns.com/ it says 'oops  I am not yet using opendns yet.'"

    Yes, this is consistent with your nslookup outputs.

    You can prove this DNS hi-jacking also here: https://dnsleaktest.com/ - you will see your ISP's DNS servers, not OpenDNS'.

    0
    Comment actions Permalink
  • Avatar
    sunilshah_99

    Rotblitz,

    this is becoming a lot more difficult than I thought. After an hour wait on phone I finally talked to my ISP who said 'they do not provide static IP addresses anymore. I need to contact an IT person to set one up."

    Questions:

    Would having a static IP address that I own solve the problem?

    Can I get one on my own from opendns or do I have to go to some IT guy?

    If I get one (even via an IT guy) would this then allow me to use Open DNS and LPC?

    Incredible (to me a non-techie) how difficult a simple function that I presume many businesses need (blocking certain sites) has become.

    I presume the complexity is because my ISP has hijacked my static ISP address....

    thank you for your patience! I hope this will be useful to other users...

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "they do not provide static IP addresses anymore"

    Fine, did you request a static IP address from them?  Hopefully not.  You should have requested to opt out from their DNS redirection to become able to use a 3rd  party DNS service.  This has absolutely nothing to do with a static IP address.

    "Would having a static IP address that I own solve the problem?"  -  No.

    "Can I get one on my own from opendns or do I have to go to some IT guy?"  -  Neither, nobody in the world can provide you with a static IP address but your ISP.

    "because my ISP has hijacked my static ISP address...."  -  No, they didn't.  They hi-jack your DNS queries, not your whatever you call it.

    And again, to save you fruitless efforts, you're out of luck with using OpenDNS with your Netgear router if you can't opt out from your ISP's DNS redirection or if you can't change to a different ISP not redirecting your DNS queries.

    0
    Comment actions Permalink

Please sign in to leave a comment.