Netgear Orbi RBK50 using OpenDNS parental controls - Never Block not working for me

Follow

steedvlx600

July 10, 2018 06:54

As stated, I am using the Netgear orbi MESH system with RBK50 router with latest firmware.

For several days, I have been trying to solve an issue where a specific site has been unreachable.
And, the "Never Block" setting is not being honored by the system.

My current OpenDNS settings are "Custom" with no categories selected. But, I have enabled everything under "Security Settings" (Anti Adware, Phishing, and Internal IP)
I have also tried "None" Block Nothing - to no avail.

I have added 'af.mil' to the Never Block list. In desperation, I also added kadena.af.mil although, the first setting should have opened it up.

I have flushed DNS cache on my computer many...many times. I have even reset the cache(stats) on OpenDNS several times.
There is no way to manually flush the cache on the Orbi, so, I have switched to "Obtain DNS servers Automatically" and rebooted. (tried this several times.)

The end result is always the same. The automatically-obtained DNS servers DO allow access to kadena.af.mil.

But, once I change back to OpenDNS servers, The site is unreachable. The curious thing is that I do not see the OpenDNS block page. Just the browser's "Server cannot be reached" page.

nslookupfor opendns.org gives this output:
$ nslookup -timeout=10 -type=txt debug.opendns.com.
Server:        208.67.222.222
Address:    208.67.222.222#53

Non-authoritative answer:
debug.opendns.com    text = "server m41.hkg" <----- Why hkg? Shouldn't it be using Tokyo?
debug.opendns.com    text = "flags 20 0 8050 180000000000000000003B50000000000000000"
debug.opendns.com    text = "originid 163089020"
debug.opendns.com    text = "actype 2"
debug.opendns.com    text = "bundle 11292604"
debug.opendns.com    text = "source 221.171.185.125:59692"

nslookup for kadena.af.mil gives this output:

;; Got SERVFAIL reply from 208.67.222.222, trying next server
;; Got SERVFAIL reply from 208.67.220.220, trying next server
Server:        1xx.24.1xx.1
Address:    1xx.24.1xx.1
** server can't find kadena.af.mil: SERVFAIL

What should I try next? I can't keep switching to my ISP's DNS servers every time I need to access this domain. (Note: this block also applies to several other '.mil' domains.)

The only thing I can theorize at this point is; Somehow the site servers are rejecting the connections based upon it touching an OpenDNS server. But, I do not understand HOW they would determine which DNS server the lookup was performed on.
So, I am back to square-one.

Thank you for any assistance.
 

0

• 

  steedvlx600 July 13, 2018 11:26 (Edited July 13, 2018 11:28)

  Aw C'mon... Anybody??? Anything?... at all?
  
  It would seem that there are black holes in the OpenDNS database... As in; There are no entries for these .mil domains.
  How can that be?

  0

  Permalink
• 

  rotblitz July 31, 2018 18:01

  I do not see a relation to OpenDNS, but the domain kadena.af.mil hasn't an A or AAAA record assigned, just TXT records:

  nslookup -type=txt kadena.af.mil.
  Server:  local
  Address:  10.165.232.15
  
  Non-authoritative answer:
  kadena.af.mil   text =  "MS=ms72587166"
  kadena.af.mil   text =  "v=spf1 -all"

  If you think it is an issue with OpenDNS, raise a support ticket, link "Submit a request" above.

  0

  Permalink
• 

  steedvlx600 August 01, 2018 11:28

  Thanks for the response. But, I have no idea what that means.
  
  The "relation to OpenDNS" is that (as stated) when I am using the OpenDNS servers, I cannot access that website nor any like them.
  When using my ISP's DNS servers, I have no problem accessing them.
  
  Therefore, I asked the question because it does have something to do with using the OpenDNS servers. I will look up the meaning of this A record thing. But, if my regular DNS servers can look it up, why can't OpenDNS?

  0

  Permalink
• 

  rotblitz August 01, 2018 17:30 (Edited August 01, 2018 17:32)

  "I have no idea what that means."

  You'll get the idea in a second.  It means that no IP address is associated with kadena.af.mil, (i.e. no A(ddress) record configured), therefore nothing and nobody can establish a HTTP connection to this domain.  The domain owner would have to configure this A record.

  Also, something is totally wrong on your end.  Your output of "nslookup -timeout=10 -type=txt debug.opendns.com." proves that you do not have Live Parental Controls enabled on your router, but you're using normal OpenDNS Home with your IP address (221.171.185.125 at the time when you executed the command) registered at the OpenDNS Home dashboard which should not be the case.  Your LPC dashboard is only at https://netgear.opendns.com/

  And your DNS lookup for kadena.af.mil went through two OpenDNS server addresses and a DNS server address of "1xx.24.1xx.1" which doesn't look like the Netgear router's address which is to be used with LPC or OpenDNS Home.  You should not configure any DNS server addresses with LPC, even not OpenDNS addresses, far from additional ones like "1xx.24.1xx.1".

  After all, the problems are with you, not with OpenDNS or LPC.  If you meant to be using Live Parental Controls (LPC), to get LPC working:

  • Visit https://dashboard.opendns.com/settings/ to delete any network from there.
    As said, your dashboard is only at https://netgear.opendns.com/
  • Follow only these instructions to set up LPC: https://kb.netgear.com/25687/

  "But, if my regular DNS servers can look it up, why can't OpenDNS?"

  This question is rather meaningless as long as you don't use OpenDNS or LPC or your "regular" DNS servers the way they should be used.

  And again, If you're still facing issues, raise a support ticket, link "Submit a request" above.  We other users have only limited options to help you.  Staff is in a better position.
  

  0

  Permalink

Please sign in to leave a comment.