ExampleAdultSite not blocked as it should

Comments

16 comments

  • Avatar
    rotblitz (Edited )

    You're using the OpenDNS defaults, this indicating that you don't have your IP address registered at https://dashboard.opendns.com/settings/

    "I did not make any changes"

    Yes, you got it, this is the problem.  If your ISP changes your IP address, you must keep it updated at OpenDNS.

  • Avatar
    guillaum

    Yes indeed, I don't use opendns dashboard because I am a netgear user (netgear Live Parental Controls - https://netgear.opendns.com)

    I have read that these systems are incompatible. Using netgear router, I only have to setup netgear LPC.

     

  • Avatar
    rotblitz (Edited )

    Oops, sorry, I had overseen that you posted in the Netgear Live Parental Controls section of the forum...

    It could be that your IP address has recently been registered by another OpenDNS Home user, so that you run into this incompatibility issue you mentioned, because you're using two incompatible services then, LPC and OpenDNS Home, although against your intention.

    You can find it out from the output of the following diagnostic command:

    nslookup -type=txt debug.opendns.com.

    If the originid is not equal to zero, then your IP address is registered by another OpenDNS Home user.  You have two options now:

    1. Disconnect from and reconnect to the internet to possibly get another IP address assigned by your ISP.
       
    2. If this does not work, you must open a support ticket, link "Submit a request" above, to get your IP address released from the registration at OpenDNS.
  • Avatar
    guillaum (Edited )

    Hmmm your comment makes sense.

     

    nslookup -type=txt debug.opendns.com
    Server:        127.0.0.53
    Address:    127.0.0.53#53

    Non-authoritative answer:
    debug.opendns.com    text = "server m49.ash"
    debug.opendns.com    text = "flags 20 0 70 180000000000000000007950800000000000000"
    debug.opendns.com    text = "originid 0"
    debug.opendns.com    text = "actype 0"
    debug.opendns.com    text = "source <masked>:37701"

    Authoritative answers can be found from:

     

    But originid is 0.

     

    I am going to ask my IP released to see if it changes something.

  • Avatar
    rotblitz (Edited )

    Well, your command output raises unexpected surprising news.  Your IP address is not registered at all.

    Your computer uses this DNS server configuration:

    Server:        127.0.0.53
    Address:    127.0.0.53#53

    I would have expected to see your Netgear router's IP address (192.168.x.x) here, not a localhost address of 127.0.0.53.  What is listening on this address and port?  Is it something like DNSCrypt?  What does it use as forwarder address?  DNS traffic must go to/through your Netgear router, else you will not be using LPC.

    And for sure, you are not using LPC just now, else your command output would also show a line like:

         debug.opendns.com    text = "device  0abce7235fb8"

    "I am going to ask my IP released"

    Nope, under these circumstances this does not help at all.  Instead you must reconfigure your computer to obtain the network settings automatically via DHCP from the router, or you must configure your router's IP address 192.168.x.x as the only one DNS server address on this computer.

  • Avatar
    guillaum

    Thank you @rotblitz for your answer. DNS is 127.0.0.53 because ubuntu uses some internal dns cache system I think.

    I answer to myself: problem fixed. Actually I had to launch Netgear Genie app to enable parental control. Because I only have linux, I add to install it on my phone then it worked !

    nslookup -type=txt debug.opendns.com
    Server: 127.0.0.53
    Address: 127.0.0.53#53

    Non-authoritative answer:
    debug.opendns.com text = "server m49.ash"
    debug.opendns.com text = "device 00008128543B9697"
    debug.opendns.com text = "flags 422 0 8010 1800000000000000000039400007E00400014C3"
    debug.opendns.com text = "originid 58916611"
    debug.opendns.com text = "actype 1"
    debug.opendns.com text = "bundle 58916611"
    debug.opendns.com text = "source 71.92.3.163:37701"

    Authoritative answers can be found from:

  • Avatar
    guillaum

    No after a while, I am back to a disabled LPC.

    nslookup -type=txt debug.opendns.com
    Server: 127.0.0.53
    Address: 127.0.0.53#53

    Non-authoritative answer:
    debug.opendns.com text = "server m49.ash"
    debug.opendns.com text = "flags 20 0 70 180000000000000000007950800000000000000"
    debug.opendns.com text = "originid 0"
    debug.opendns.com text = "actype 0"
    debug.opendns.com text = "source 71.92.3.163:37701"

    Authoritative answers can be found from:

     

    It seems active on Genie though.

    Do you know what is going on?

     

  • Avatar
    rotblitz (Edited )

    Yes, you have LPC disabled, but you have the OpenDNS resolver addresses 208.67.x.x configured somewhere, on the computer or on the router.  This would be correct for OpenDNS Home, but not for LPC.  Because your IP address is not registered, you're using the OpenDNS defaults, not individual settings.  This means that www.exampleadultsite.com will not be blocked with this.

    "It seems active on Genie though."

    I've heard that the smartphone Genie apps are not reliable with LPC.  Or the Genie app is confused, because you're using OpenDNS without having LPC enabled.

  • Avatar
    guillaum

    OK, thank you Rotblitz for your answer.

    Indeed my router uses OpenDNS resolver address.

    I installed Genie on my wide's computer (windows).

    I run though the parental control activation.

    I have a successful Status window with a nice summary :

    Live Parental Controls: enabled

    Filtering level: high

    OpenDNS account : myaccount

     

    But it doesn't work.

     

  • Avatar
    rotblitz

    "Indeed my router uses OpenDNS resolver address."

    You should not configure the addresses when using LPC.  This is not part of the instructions.
    https://kb.netgear.com/25687/

    I need to see the complete output of the following diagnostic commands:

    nslookup -type=txt debug.opendns.com.
    nslookup whoami.akamai.net.
    nslookup www.exampleadultsite.com.

     

  • Avatar
    guillaum

    I didn't setup dns server following the instructions. I set it up many years ago at the router installation.

    nslookup -type=txt debug.opendns.com
    Server: 127.0.0.53
    Address: 127.0.0.53#53

    Non-authoritative answer:
    debug.opendns.com text = "server m57.ash"
    debug.opendns.com text = "flags 20 0 70 180000000000000000007950800000000000000"
    debug.opendns.com text = "originid 0"
    debug.opendns.com text = "actype 0"
    debug.opendns.com text = "source myip:50418"

    Authoritative answers can be found from:

     

    nslookup whoami.akamai.net
    Server: 127.0.0.53
    Address: 127.0.0.53#53

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 47.18.177.167

    nslookup www.exampleadultsite.com
    Server: 127.0.0.53
    Address: 127.0.0.53#53

    Non-authoritative answer:
    Name: www.exampleadultsite.com
    Address: 67.215.92.210

     

    Do you have any idea why it is said as enabled but it is not?

     

     

     
  • Avatar
    rotblitz (Edited )

    "I didn't setup dns server following the instructions. I set it up many years ago at the router installation."

    You should undo it if you want to use LPC now.  As I said, this is not part of the LPC instructions, so don't do it.

    We are turning in circles now, see one of my previous comments.

    LPC may be enabled on the router now, but you don't use it although your DNS queries reach OpenDNS and are responded to by OpenDNS.  From your computer's perspective LPC is not enabled, as can be seen from the missing "device" field.  As I said earlier, DNS traffic must go to/through your Netgear router, else you will not be using LPC and your LPC dashboard settings.

    When I say DNS traffic must go to your Netgear router, then this means that your computer must be configured to send DNS traffic to the router's IP address (usually 192.168.0.1 or 192.168.1.1, configured as the only DNS server address on the computer or obtained automatically via DHCP), not to e.g. OpenDNS directly. 

    As you are using your computer's DNS cache or proxy (127.0.0.53), I do not see where this tool forwards the DNS traffic to, but it is likely the 208.67.x.x. OpenDNS resolver addresses.  But it must be your router's IP address to make use of LPC.  If it is not this, another reason for your problems could be that you have the OpenDNS resolver addresses manually configured on the router which you shouldn't do with LPC.

  • Avatar
    guillaum

    I understood your comment.

    I use DHCP (lease from router) and the DNS address given by my router is the router address: 10.0.0.1.

    I would expect, because LPC is enabled, the router to just not use the dns previously entered but to use opendns w: parental control instead.

    I can try to get back to ISP dns server but I don't think it is linked.

  • Avatar
    guillaum

    Hello Rotblitz

     

    I switched to my ISP DNS. Launched genie app. And LPC was detected has disabled. I enabled it and now it works.

    Great, thanks for your help:)

  • Avatar
    rotblitz

    Excellent!  Enjoy!

  • Avatar
    guillaum

    Arrrr

    After one night, back to my initial problem, www.exampleadultsite.com not blocked.

    DNS settings on my router is now back to opendns addresses. And filtering fron opendns is not applied.

    I tried this: Change DNS servers to google (8.8.8.8); Launch Genie. Enable Parental control.

    Get back to DNS settings in router, DNS servers was changed to OpenDNS.

    Very likely that my dns settings are changed by Genie when I enable Parental Control.

     

    And just doing that www.exampleadultsite.com is blocked, but for how long?

Please sign in to leave a comment.