As stated, I am using the Netgear orbi MESH system with RBK50 router with latest firmware.
For several days, I have been trying to solve an issue where a specific site has been unreachable.
And, the "Never Block" setting is not being honored by the system.
My current OpenDNS settings are "Custom" with no categories selected. But, I have enabled everything under "Security Settings" (Anti Adware, Phishing, and Internal IP)
I have also tried "None" Block Nothing - to no avail.
I have added 'af.mil' to the Never Block list. In desperation, I also added kadena.af.mil although, the first setting should have opened it up.
I have flushed DNS cache on my computer many...many times. I have even reset the cache(stats) on OpenDNS several times.
There is no way to manually flush the cache on the Orbi, so, I have switched to "Obtain DNS servers Automatically" and rebooted. (tried this several times.)
The end result is always the same. The automatically-obtained DNS servers DO allow access to kadena.af.mil.
But, once I change back to OpenDNS servers, The site is unreachable. The curious thing is that I do not see the OpenDNS block page. Just the browser's "Server cannot be reached" page.
nslookupfor opendns.org gives this output:
$ nslookup -timeout=10 -type=txt debug.opendns.com.
debug.opendns.com text = "server m41.hkg" <----- Why hkg? Shouldn't it be using Tokyo?
debug.opendns.com text = "flags 20 0 8050 180000000000000000003B50000000000000000"
debug.opendns.com text = "originid 163089020"
debug.opendns.com text = "actype 2"
debug.opendns.com text = "bundle 11292604"
debug.opendns.com text = "source 18.104.22.168:59692"
nslookup for kadena.af.mil gives this output:
;; Got SERVFAIL reply from 22.214.171.124, trying next server
;; Got SERVFAIL reply from 126.96.36.199, trying next server
** server can't find kadena.af.mil: SERVFAIL
What should I try next? I can't keep switching to my ISP's DNS servers every time I need to access this domain. (Note: this block also applies to several other '.mil' domains.)
The only thing I can theorize at this point is; Somehow the site servers are rejecting the connections based upon it touching an OpenDNS server. But, I do not understand HOW they would determine which DNS server the lookup was performed on.
So, I am back to square-one.
Thank you for any assistance.
Please sign in to leave a comment.