OpenDNS not blocking sites - only one computer works
Running OpenDNS updater on one mac with Snow Leopard 10.6.8. Sites block just fine.
IP address in OpenDNS Updater running on Snow Leopard mac matches dashboard.
BUT
Using macOS 10.14.4 Mojave on another Mac sites are NOT blocked!
2 other computer using Windows 10 and sites NOT blocked!
Checked Network settings DNS show 208.67.223.123 and 208.67.223.123
opening https://welcome.opendns.com/ gives Oops error message, OpenDNS "
You aren't using OpenDNS yet."
running command nslookup -type=txt debug.opendns.com. 192.168.0.1 gives
";; connection timed out; no servers could be reached"
Not sure what else to look for. Please help!
-
Thanks for quick reply.
Sorry just updated description...
Also just tested your new command. Results:
Server: 2607:f798:18:10:0:640:7125:5204
Address: 2607:f798:18:10::640:7125:5204#53Non-authoritative answer:
*** Can't find debug.opendns.com: No answerAuthoritative answers can be found from:
opendns.com
origin = auth1.opendns.com
mail addr = noc.opendns.com
serial = 1593870357
refresh = 16384
retry = 2048
expire = 1048576
minimum = 2560 -
“Checked Network settings DNS show 208.67.223.123 and 208.67.223.123”
These should be 208.67.222.123 and 208.67.220.123.
As you can clearly see, you’re using a DNSv6 service, not OpenDNS.
Server: 2607:f798:18:10:0:640:7125:5204
Address: 2607:f798:18:10::640:7125:5204#53You must configure IPv6 with the IPv4 equivalent addresses for FamilyShield to make it work.
::ffff:208.67.222.123
::ffff:208.67.220.123 -
Sorry, correction: DNS shows 208.67.223.123 and 208.67.220.123.
When were these changed to 208.67.222.123 and 208.67.220.123?
Also why would the first line work with one computer but not all the others?
For the IPv6 entries, were do I place those? In the router DNS settings there is only one field for IPv6 vs 2 for v4.
-
Can anyone else provide help on this? I tried turning off IPv6 in the router (I think it I did anyway) but it had no impact. I have one field for IPv6 for an DNS IP address but I do not know what, if anything, should go in there to make this work if IPv6 is on.
Trying to put ::ffff:208.67.222.123 or ::ffff:208.67.220.123 as suggested by rotblitz gives an error that the IP address is invalid.
I'm not sure what else to try.
-
Ok...that did the trick! THANKS. Blocking works this way.
Very odd behaviour though...
First, router only allows me to enter ONE DNS IPv6 entry. I enter say ::ffff:d043:de7b and the router converts that to ::ffff:208.67.222.123 and I can save that. BUT if I enter ::ffff:208.67.222.123 directly OR if I click in the DNS field after it converts and try to save, it says the IP is invalid.
Regardless, it works.
BUT I notice that what this seems to do is create a "dummy" entry that forces networked devices trying to use IPv6 to default back to use IPv4 DNS entries because when I look at the network settings for networked devices, they now only show entries for the IPv4 DNS's but none for IPv6. Is that what is supposed to happen?
This seems only like a work-around. If so, is there a more robust long-term solution for OpenDNS to support IPv6?
-
Ok, so the more I search the more I discover and learn BUT the more I have questions.This is what I believe I understand and some questions. Please let me know if anything is not correct.
1. ::ffff:d043:de7b and ::ffff:d043:dc7b are the IPv6 equivalent of the IPv4 DNS resolvers for OpenDNS FamilyShield ONLY. These are equivalent to IPv4 208.67.222.123 and 208.67.222.123.
2. Regular OpenDNS servers for IPv4 are 208.67.222.222 and 208.67.220.220.
3. The IPv6 equivalents are to be entered into the IPv6 DNS resolver field(s) either on the router or the computer or device.
4. Any address starting with "::", "fc", "fd", or "fe" are unable to work with the public IPv6 Internet. (source: http://www.test-ipv6.com/ faq:No IPv6 tab) Therefore, using these CANNOT access ANY IPv6 referenced sites.
5. You seem to have listed 4 IPv4 equivalents to the IPv6 DNS entries but there are only 2 above in 1. (source: https://support.opendns.com/hc/en-us/community/posts/220012967-IPv6-Web-Filtering). Please clarify.
::ffff:d043:dede = ::ffff:208.67.222.222
::ffff:d043:dcdc = ::ffff:208.67.220.220
::ffff:d043:dedc = ::ffff:208.67.222.220
::ffff:d043:dcde = ::ffff:208.67.220.222Does OpenDNS actually have 4 regular servers (they only list the first 2 on their site)?
6. If I only have one IPv6 field in my router, is there any way to enter more than one into one field using some kind of separate, e.g. semi-colon, space, no-space, etc, or does that mean I can only use one of the two?
7. OpenDNS now HAS IPv6 DNS resolvers listed here: https://www.opendns.com/about/innovations/ipv6/. They are:
- 2620:119:35::35
- 2620:119:53::53
These are listed as Cisco Umbrella. Can these truly be used/with for OpenDNS WITH filtering?
8. The OpenDNS site does NOT directly list the IPv6 DNS resolvers from 7. above. The OpenDNS site only lists IPv4 address for the account. The OpenDNS Updater still only works with IPv4.
a. is there an OpenDNS Updater to dynamic IPv6? If not, is there one in the works and what to do in the meantime?
b. is OpenDNS filtering truly compatible with IPv6?
9. My IP address from ISP seems to still be v4 based on what I see in OpenDNS Updater and Dashboard and using WhatIsMyIPAddress.com. Yet my ISP seems to have enabled IPv6...so how does this all work, especially the Dynamic IP? What issue am I likely to run into, if any?
I know that is a lot. Any help would be appreciated.
-
1. Should be 208.67.222.123 and 208.67.220.123.
2. + 5. There are 4 addresses.
4. Your DNS traffic is being forced to IPv4. This still can resolve IPv6 destinations (AAAA records). You have full IPv6 access to all IPv6 destinations.
6. No, you can use only one.
7. + 8. You cannot register your IPv6 address at the dashboard yet, so DNSv6 does not regard your dashboard settings.
8. a+b: No.
9. Your ISP certainly provides dual-stack connectivity which allows this workaround tweak. No issue expected. The robust long-term solution is to include what’s with Umbrella already, that you can register also your IPv6 address(es) at the dashboard.
Please sign in to leave a comment.
Comments
16 comments