My main network has a Draytek router port 53 locked down with OpenDNS. I thought this makes things very secure, and prevent other DNS services from being used on connected devices. I thought there was nothing that could break this (other than dodgy use via Tor)
However I was wrong, because I have discovered that ANOTHER OPENDNS PRODUCT HELPS TO TO BREAK THIS WITH EASE.
if you take a netgear router and connect it to the main network then you are able to configure the filter on the 2nd router to override the main network. You can do this by creating another OpenDNS account and set the filter category to 'none' and nothing will be blocked on the sub-network. Similarly you can switch the filter off on the Network Map of the genie app.
I believe that this is a major vulnerability that destroys the whole OpenDNS concept.
A kid could take a cheap Netgear DSL router and connect and thereby bypass the existing filter. The existing filter should not be ignored and a secondary filter on the same IP should honor existing settings. I hope OpenDNS can close this loophole soon.
Please sign in to leave a comment.