Open DNS Filtering Not Working

Comments

7 comments

  • Avatar
    rotblitz

    Copy & paste the complete plain text output of the following diagnostic commands to here:
    nslookup -type=txt debug.opendns.com.
    nslookup whoami.akamai.net.
    nslookup www.exampleadultsite.com.

    0
    Comment actions Permalink
  • Avatar
    ed.k

    C:\Users\edk>nslookup -type=txt debug.opendns.com
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    opendns.com
    primary name server = auth1.opendns.com
    responsible mail addr = noc.opendns.com
    serial = 1567446110
    refresh = 16384 (4 hours 33 mins 4 secs)
    retry = 2048 (34 mins 8 secs)
    expire = 1048576 (12 days 3 hours 16 mins 16 secs)
    default TTL = 2560 (42 mins 40 secs)

    C:\Users\edk>nslookup whoami.akamai.net
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 69.252.244.149


    C:\Users\edk>nslookup www.exampleadultsite.com
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    Name: www.exampleadultsite.com
    Address: 146.112.255.155

    C:\Users\edk>nslookup www.pornhub.com
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    Name: pornhub.com
    Address: 66.254.114.41
    Aliases: www.pornhub.com

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    You are not using OpenDNS, but Comcast’s DNS service. You must call Comcast to opt out from this DNS redirection.

    0
    Comment actions Permalink
  • Avatar
    ed.k

    I don't understand - everything above shows that I'm using OpenDNS - where do you see Comcast?

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Nothing shows you're using OpenDNS, but to the contrary.  The evidences:

    1. A TXT request for debug.opendns.com returns NXDOMAIN and an SOA record for opendns.com.  This is being returned if OpenDNS is not being used.  OpenDNS would return a bunch of TXT records in this case.
    2. Querying the diagnostic domain whoami.akamai.net reveals 69.252.244.149 as the source of the DNS query which is a Comcast owned IP address, not an OpenDNS IP address, saying the query came from Comcast, not from OpenDNS.

    If you need another proof, you visit the test site http://welcome.opendns.com/
    or see the output of "nslookup -type=txt which.opendns.com.".

    Again, your DNS traffic is being redirected.  You must call your ISP to opt out from this redirection.

    0
    Comment actions Permalink
  • Avatar
    ed.k

    ok - that makes sense now

    I wasn't sure how Comcast could be intercepting those DNS requests

    But apparently they turned on something called "Advanced Security"

    I went into my xFi settings and disabled it.

    I have a router sitting behind their modem, so apparently they are able to tweak settings on my behalf.

    Here's a screenshot for anyone down the road who might run into this - Under Network / Security

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Great!  I think I have heard about this already before.
    And a similar issue is described at https://support.opendns.com/hc/en-us/articles/227988687

    And I've also seen cases where Comcast interfered with the DNS traffic for redirection - apparently not in your case.

    0
    Comment actions Permalink

Please sign in to leave a comment.