Comments

10 comments

  • Avatar
    rotblitz (Edited )

    Your idea comes 3 years too late. 
    See here: https://support.opendns.com/hc/en-us/community/posts/220012967

    You'll want to vote for it there.

    0
    Comment actions Permalink
  • Avatar
    wcoile

    No, OpenDNS is 3 years too late getting IPv6 filtering support.  

    3
    Comment actions Permalink
  • Avatar
    wcoile

    I asked for this years ago, still waiting...

    2
    Comment actions Permalink
  • Avatar
    rotblitz

    IPv6 filtering is there. It's just that you must force your DNS traffic to go only through IPv4. I have entered ::ffff:d043:dedc and ::ffff:d043:dcde as DNSv6 server addresses in my router and get all filtering I want, with brilliant connectivity to the IPv6 internet.

    0
    Comment actions Permalink
  • Avatar
    wcoile

    You CANNOT enter a IPv6 network in the dashboard.  Should be able to enter a /64 for example, like you enter IPv4 /24.  So ZERO custom filtering is available via IPv6, though you fail to admit it in this forum.

     

    The only IPv6 filtering you can get is some default stuff using your suggestion. Better than nothing, but definitely NOT what people clearly want and need and are asking for.

    3
    Comment actions Permalink
  • Avatar
    wcoile

    Checking your suggestion again, I see that it's a hack, and really just sends DNS traffic over IPv4.  That isn't a solution.

     

    ::ffff:d043:dedc decodes to 0:0:0:0:0:ffff:208.67.222.220 which is clearly an IPv4 address rather than a globally routable IPv6 address.  That's a misleading answer.

    2
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    No, not misleading.  That's a valid IPv6 address and a valid answer.  And it works!  You can have OpenDNS filtering and full IPv6 connectivity at the same time.

    "You CANNOT enter a IPv6 network in the dashboard.  Should be able to enter a /64 for example"

    That's exactly the problem, registering IPv6 at the dashboard.  Some ISPs assign /64 prefixes, others /56 prefixes, and others maybe other prefixes.  And unlike with IPv4, each device can have its own IPv6 address, even outside the prefix range.  I can imagine that this is not an easy task for OpenDNS.  Also, a DDNS update feature (or API) to update IPv6 prefixes is missing, and updating with single IPv6 addresses for each single device does not make sense.  And how could an everyday user handle that?

    So, if you come up with complaints, what are your viable technical solutions?

    "rather than a globally routable IPv6 address."

    Well, this is available: 2620:0:ccc::2 and 2620:0:ccd::2
    But because of the other issues with the dashboard these cannot be used to filter yet.  So better use ::ffff:d043:dede and ::ffff:d043:dcdc.

    -3
    Comment actions Permalink
  • Avatar
    wcoile

    OPENDNS NEEDS TO UPDATE THEIR DASHBOARD TO INCLUDE IPV6, AND OPENDNS NEEDS TO COME UP WITH A VIABLE TECHNICAL SOLUTION, NOT *ME*.  IF *YOU* CAN'T HELP, THEN STOP RESPONDING WITH MISLEADING INFORMATION AND IMPLYING THAT OPENDNS DOES FILTERING ON IPV6.  OPENDNS DOES *NOT* FILTER DNS OVER IPV6. PERIOD.  

    You either are trying to mislead folks on this forum, or you don't understand what a real IPv6 address is.  These addresses you keep repeating are just IPv6-formatted IPv4 addresses:

    ::ffff:d043:dede and ::ffff:d043:dcdc

    which is why they decode to the same old IPv4 OpenDNS servers:

    ::ffff:208.67.222.222 and ::ffff:208.67.220.220

    It would be best if the dashboard permits flexible prefix lengths, obviously -- but allowing /64 would be a start.  And obviously anything addresses outside the home network range wouldn't route on that network, which is outside the scope of my point.  

    Makes me wonder if you are just be a hired Cisco employee intent on sowing confusion among the customers, to hide this horrible gap in the OpenDNS capability.

     

    4
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    No,  I'm just a user like you and not affiliated in any way with Cisco or OpenDNS.

    And no, OpenDNS and Cisco do not need to do anything at all for a free service.  Who should force them?  Or have you subscribed to a paid service?

    And you would be satisfied if you could enter an IPv6 prefix at the dashboard and would not come back to complain that no update client is available?  Fine!

    "IF *YOU* CAN'T HELP, THEN STOP RESPONDING WITH MISLEADING INFORMATION"

    The one who shouts is wrong.  And I did not provide misleading information, but a viable and working solution for filtering and IPv6 connectivity under the existing circumstances.  But as you want, I'll no longer respond to you.

    -4
    Comment actions Permalink
  • Avatar
    mattwilson9090

    @wcoile OpenDNS is not the only business that has been slow in providing full IPv6 support. Very, very few security related businesses provide IPv6 support, except at the upper ends of the Enterprise market.

    I'm not going to wade into the rest of this, especially due to your propensity to shout and use all caps, other than to say that OpenDNS management does not really pay attention to these kinds of posts and discussions. Aside from support tickets the primary things they pay attention to in adding features are votes on the suggested features forum. For IPv6, rotblitz provided a link to the primary discussion for this. If you didn't follow that link and vote for it then everything you have said here will have been for naught because it really won't be factored into the metrics.

    0
    Comment actions Permalink

Please sign in to leave a comment.