Web content filtering lost with DNSCrypt enabled

Comments

6 comments

  • Avatar
    rotblitz

    What does a visit at http://welcome.opendns.com/ show up with?

    Post the complete plain text output of the following diagnostic command here:

       nslookup -type=txt debug.opendns.com.

    In case of Windows, post also the following command output:

      netsh interface ip show dns

  • Avatar
    glenn2

    Rotblitz,

    I get the "welcome to opendns" on the test page.

    Here are the results:


    1.0.0.127.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial = 1
    refresh = 600 (10 mins)
    retry = 1200 (20 mins)
    expire = 604800 (7 days)
    default TTL = 10800 (3 hours)
    (root) ??? unknown type 41 ???
    Server: UnKnown
    Address: 127.0.0.1

    Non-authoritative answer:
    debug.opendns.com text =

    "server 11.ash"
    debug.opendns.com text =

    "flags 20 0 70 5950800000000000000"
    debug.opendns.com text =

    "originid 0"
    debug.opendns.com text =

    "actype 0"
    debug.opendns.com text =

    "source <my ip address>:62817"
    debug.opendns.com text =

    "dnscrypt enabled (71447764594D3377)"

    (root) ??? unknown type 41 ???

    and...

     

    Configuration for interface "Tripwire Tunnel Connection"
    Statically Configured DNS Servers: None
    Register with which suffix: Primary only

    Configuration for interface "Local Area Connection 8"
    DNS servers configured through DHCP: None
    Register with which suffix: Primary only

    Configuration for interface "Local Area Connection"
    Statically Configured DNS Servers: 127.0.0.1
    Register with which suffix: Primary only

    Configuration for interface "Loopback Pseudo-Interface 1"
    Statically Configured DNS Servers: None
    Register with which suffix: Primary only

     

  • Avatar
    rotblitz

    This looks all fine as should be with one exception.

    Your local network DNS configuration points to 127.0.0.1 as should be.  This is where the dnscrypt-proxy is listening to catch your DNS queries.  You're using the OpenDNS Ashburn/Virginia data center ("server 11.ash").  You have successfully "dnscrypt enabled".

    The problem is that your IP address <my ip address> is not registered with your dashboard network at https://dashboard.opendns.com/settings/ ("originid 0").
    Update it manually there, and run an Updater going forward.  Else OpenDNS cannot associate your DNS queries with your settings, and you'll face the standard behavior of OpenDNS.

  • Avatar
    glenn2

    First, thank you.. I added my IP address as an additional network and it works.

    What's odd is that I have OpenDNS already set through the router with DDNS done through it so now I basically have 2 networks in my OpenDNS account and they both have the same IP address. I guess using the DNSCrypt resolver can't associate with the regular open ones even though it's the same IP address and the same network.

    I guess we just uncovered a bug??

  • Avatar
    rotblitz

    That's true.  Normally it is not possible to register an IP address more than once, across all OpenDNS.  Having "2 networks in my OpenDNS account and they both have the same IP address" therefore looks like a big bug!  Let's see what staff have to answer.  You may want to raise a support ticket in addition with a link to this thread.

    "I guess using the DNSCrypt resolver can't associate with the regular open ones"

    There is no "DNSCrypt resolver".  These are the standard OpenDNS resolver IP addresses via ports 53, 443 and 5353 which can be used with or without DNSCrypt.

  • Avatar
    glenn2

    I have opened a support ticket and will report back here. Thanks for the help & info!

Please sign in to leave a comment.