Is it possible to use OpenDNS with my own router on Comcast/Xfinity?

Comments

14 comments

  • Avatar
    rotblitz

    Copy & paste the complete plain text output of the following diagnostic commands to here.
    nslookup -type=txt debug.opendns.com.
    nslookup whoami.akamai.net.

    0
    Comment actions Permalink
  • Avatar
    acousticbiker (Edited )

    Thanks - in case I shouldn't be publishing these servers/addresses, I've anonymized them somewhat:

    nslookup -type=txt debug.opendns.com

    Server: 2601:xxx:4102:21ec:9272:40ff:fe0c:1a41

    Address: 2601:283:yyyy:21ec:9272:40ff:fe0c:1a41#53

    Non-authoritative answer:

    *** Can't find debug.opendns.com: No answer

    Authoritative answers can be found from:

     

    nslookup whoami.akamai.net

    Server: 2601:xxx:4102:21ec:9272:40ff:fe0c:1a41

    Address: 2601:283:yyyy:21ec:9272:40ff:fe0c:1a41#53

    Non-authoritative answer:

    Name: whoami.akamai.net

    Address: 76.xx.yyy.1

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    As you assumed, you are using a DNSv6 service, not OpenDNS. If you cannot configure IPv6 DNS servers, you should disable IPv6 altogether.

    0
    Comment actions Permalink
  • Avatar
    acousticbiker

    On my Mac, Airport Utility shows the following options for IPv6:

    'Configure IPv6': "Automatically" (currently selected), "Link-local only", "Manually"

    'IPv6 Mode': "Native" (currently selected), "Tunnel"

    And then a checkbox (currently selected) next to "Enable IPv6 Connection Sharing"

    I don't see a way to disable IPv6 altogether. Any suggestions on settings? Is there any disadvantage to disabling IPv6?

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    "Link-local only" sounds like the correct option.  This should disable external IPv6 connectivity.

    Another option is possibly "Manually" if this allows to configure DNS server addresses from the following list:
    ::ffff:d043:dedc   ::ffff:d043:dcde   ::ffff:d043:dede   ::ffff:d043:dcdc

    The disadvantage of disabling IPv6 is that you cannot reach IPv6-only destinations, and that your internet may be a bit slower.

    0
    Comment actions Permalink
  • Avatar
    acousticbiker (Edited )

    Thanks for your help, rotblitz. Looking into it more, I think I’d prefer not to turn off IPv6.

    Is there an advantage to using the manual addresses you provided over the addresses OpenDNS offers (which I just noticed)? https://www.opendns.com/about/innovations/ipv6/

    I just tried entering the OpenDNS IPv6 addresses manually into my router and the welcome.opendns.com test is now successful, but OpenDNS Updater shows IP as ‘unavailable’ and content does not appear to be filtered

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Correct, these IPv6 addresses do not support your dashboard settings. Only the addresses provided by me take care of your dashboard settings.

    0
    Comment actions Permalink
  • Avatar
    acousticbiker

    Ok, so I entered the first two of your suggested addresses into my router settings and kept it at "Automatic" and see that OpenDNS Updater now shows my IP and the content filter works. Interestingly, when I went back into my router settings, I see that the IPv6 addresses were changed to: 

    ::ffff:208.67.222.220

    ::ffff:208.67.220.222

    Also, when I got to the network settings on my computer, I still see the following DNS addresses (same as before, without the ability to change it manually):

    10.0.1.1 and the address from the debug above

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Great, this is all exactly as it should be.

    0
    Comment actions Permalink
  • Avatar
    acousticbiker

    Thanks for all the help!

    0
    Comment actions Permalink
  • Avatar
    acousticbiker

    rotblitz, I'm back trying to setup OpenDNS in a different location. After entering the OpenDNS addresses, it looks like OpenDNS is still not being used. So I've run the diagnostics you mentioned in the hope you can kindly help again:

    nslookup -type=txt debug.opendns.com

    Server: 192.168.0.1

    Address: 192.168.0.1#53

    Non-authoritative answer:

    *** Can't find debug.opendns.com: No answer

    Authoritative answers can be found from:

    opendns.com

    origin = auth1.opendns.com

    mail addr = noc.opendns.com

    serial = 1590788679

    refresh = 16384

    retry = 2048

    expire = 1048576

    minimum = 2560

    nslookup whoami.akamai.net

    Server: 192.168.0.1

    Address: 192.168.0.1#53

    Non-authoritative answer:

    Name: whoami.akamai.net

    Address: 76.xx.47.yyy

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    You‘re not using OpenDNS, but a DNS service 76.xx.47.yyy. As if you haven’t configured your router at 192.168.0.1.

    0
    Comment actions Permalink
  • Avatar
    acousticbiker

    Hmm, any idea on how I might be able to fix? I’m using a TP-Link TL-WR902AC router on Comcast and have entered the OpenDNS addresses in the DHCP settings. IPv6 is off by default.

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    If you enter the OpenDNS addresses into the DHCP settings, they would become visible on your computer instead of 192.168.0.1.
    I don’t know your router, so cannot provide instructions.

    Update: I had a quick check at your user manual, and you really should configure it on the WAN side, not under DHCP.  “Set DNS server manually”

    0
    Comment actions Permalink

Please sign in to leave a comment.