Open DNS Filtering Not Working

Comments

12 comments

  • Avatar
    rotblitz

    Copy & paste the complete plain text output of the following diagnostic commands to here:
    nslookup -type=txt debug.opendns.com.
    nslookup whoami.akamai.net.
    nslookup www.exampleadultsite.com.

    -1
    Comment actions Permalink
  • Avatar
    ed.k

    C:\Users\edk>nslookup -type=txt debug.opendns.com
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    opendns.com
    primary name server = auth1.opendns.com
    responsible mail addr = noc.opendns.com
    serial = 1567446110
    refresh = 16384 (4 hours 33 mins 4 secs)
    retry = 2048 (34 mins 8 secs)
    expire = 1048576 (12 days 3 hours 16 mins 16 secs)
    default TTL = 2560 (42 mins 40 secs)

    C:\Users\edk>nslookup whoami.akamai.net
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 69.252.244.149


    C:\Users\edk>nslookup www.exampleadultsite.com
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    Name: www.exampleadultsite.com
    Address: 146.112.255.155

    C:\Users\edk>nslookup www.pornhub.com
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    Name: pornhub.com
    Address: 66.254.114.41
    Aliases: www.pornhub.com

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    You are not using OpenDNS, but Comcast’s DNS service. You must call Comcast to opt out from this DNS redirection.

    0
    Comment actions Permalink
  • Avatar
    ed.k

    I don't understand - everything above shows that I'm using OpenDNS - where do you see Comcast?

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Nothing shows you're using OpenDNS, but to the contrary.  The evidences:

    1. A TXT request for debug.opendns.com returns NXDOMAIN and an SOA record for opendns.com.  This is being returned if OpenDNS is not being used.  OpenDNS would return a bunch of TXT records in this case.
    2. Querying the diagnostic domain whoami.akamai.net reveals 69.252.244.149 as the source of the DNS query which is a Comcast owned IP address, not an OpenDNS IP address, saying the query came from Comcast, not from OpenDNS.

    If you need another proof, you visit the test site http://welcome.opendns.com/
    or see the output of "nslookup -type=txt which.opendns.com.".

    Again, your DNS traffic is being redirected.  You must call your ISP to opt out from this redirection.

    0
    Comment actions Permalink
  • Avatar
    ed.k

    ok - that makes sense now

    I wasn't sure how Comcast could be intercepting those DNS requests

    But apparently they turned on something called "Advanced Security"

    I went into my xFi settings and disabled it.

    I have a router sitting behind their modem, so apparently they are able to tweak settings on my behalf.

    Here's a screenshot for anyone down the road who might run into this - Under Network / Security

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Great!  I think I have heard about this already before.
    And a similar issue is described at https://support.opendns.com/hc/en-us/articles/227988687

    And I've also seen cases where Comcast interfered with the DNS traffic for redirection - apparently not in your case.

    0
    Comment actions Permalink
  • Avatar
    denmarkten

    Hi - please can someone help me too. The filtering was working for several years. I have recently upgraded my internet service with Utility Wharehouse and now, even though I have my filtering set to high, porn sites etc are visible. 

    Please can someone help me resolve this. Thanks

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Ok, I’m waiting for the information I have asked for above.

    0
    Comment actions Permalink
  • Avatar
    fnovak313

    Hello, thank you rotblitz for posting this answer. I tried the command you recommended and got this:

    debug.opendns.com text =

    "server r6.prg1"
    debug.opendns.com text =

    "flags 40020 0 70 180000000000000000007950800000000000000"
    debug.opendns.com text =

    "originid 0"
    debug.opendns.com text =

    "orgflags 2000000"
    debug.opendns.com text =

    "actype 0"
    debug.opendns.com text =

    "source 46.13.45.172:34985"

    C:\Users\filip>nslookup whoami.akamai.net.
    Server: Comtrend.Home
    Address: 10.0.0.138

    Non-authoritative answer:
    Name: whoami.akamai.net
    Addresses: 2a04:e4c0:15::69
    146.112.129.69


    C:\Users\filip>nslookup www.exampleadultsite.com.

    Could you please point me to what is wrong with my openDNS? It doesn't filter at all.

    Thank you!

    Filip

    0
    Comment actions Permalink
  • Avatar
    stonelar

    I'm having the same problem as described in this thread. Here are my query results:

    nslookup -type=txt debug.opendns.com
    Server: RT-AX82U-22F0
    Address: 10.0.0.1

    Non-authoritative answer:
    debug.opendns.com text =

    "server m55.lax"
    debug.opendns.com text =

    "flags 40020 0 50 180000000000000000003B504027F00F11896F3"
    debug.opendns.com text =

    "originid 526481053"
    debug.opendns.com text =

    "actype 2"
    debug.opendns.com text =

    "bundle 13172242"
    debug.opendns.com text =

    "source 76.221.173.243:41196"

    =================================================

    nslookup whoami.akamai.net
    Server: RT-AX82U-22F0
    Address: 10.0.0.1

    Non-authoritative answer:
    Name: whoami.akamai.net

    Address: 162.253.68.178

    =================================================

    nslookup www.exampleadultsite.com
    Server: RT-AX82U-22F0
    Address: 10.0.0.1

    Non-authoritative answer:
    Name: www.exampleadultsite.com
    Addresses: ::ffff:146.112.61.106
    146.112.255.155

    =================================================

    nslookup -type=txt which.opendns.com
    Server: RT-AX82U-22F0
    Address: 10.0.0.1

    Non-authoritative answer:
    which.opendns.com text =

    "r2001.lax"

     

    More info: When I try welcome.opendns.com I also get the big red "X" indicating that my configuration is not working with OpenDNS. Furthermore, I have an ASUS router which is successfully registered with DNS-O-Matic and it's updating my dynamic IP on a regular basis.

    Please help!

    1
    Comment actions Permalink
  • Avatar
    stonelar (Edited )

    I think I may have solved my problem (above) by setting up "Firewall - Network Services Filter" rules on my router. This is something I tried before and it didn't work, but this time it seems I have all the puzzle pieces, and it's working. Here is the "deny" list I made in my (Asus) router config:

    P.S. I spoke too soon :( now it's back to not working again for unknown reasons. It was working fine for a couple of minutes though, which is more than I could ever get it to work before. Maybe I'm having the same issue as that Comcast person that needed to call his isp.

    P.S.S. My phone is showing positive working results, but my computer isn't. It's almost as if as soon as I opened the welcome.opendns.com page on my phone, my desktop stopped working... or is that a coincidence?

    0
    Comment actions Permalink

Please sign in to leave a comment.