OpenDNS conflict with Securly?
Hi, I have been successfully using OpenDNS parent control on a R7960 router, until today. It turned out that the kids' school uses Securly, and if OpenDNS parent control is on, all the school iPad cannot access Internet. If I disable parent control on the router, the school iPads work fine. The school IT department has little to say about this incompatibility. Does anybody here have the same issue? Anyone can shed light on whether OpenDNS could "unblock" Securly? I'd like to keep using OpenDNS since it has been working for me. Thanks,
Harry
-
Thanks for the info, rotbliz, but I don't see yet why Securly DNS matter in this case, sorry for being obtuse. Even without OpenDNS, Comcast defaults to its own DNS. Comcast's own DNS works fine with Securly; when I turn off OpenDNS parent control, the school iPads with Securly work fine on our Comcast internet.
I would appreciate it if you could elaborate a bit more on this subject.
Harry
-
"I don't see yet why Securly DNS matter in this case"
Correct, it doesn't matter what other DNS service you will be using with LPC, because...
LPC is something you actively enable on the router, and this feature prevents from using any other DNS service by the end user devices like Securly DNS or Comcast DNS. Comcast DNS is not something you can actively enable on the router, it is default as you say, and therefore end user devices can easily use their own DNS, e.g. Securly DNS or OpenDNS. And no, the school devices do not "work fine" with Comcast DNS, because they use Securly DNS solely. Still being obtuse?
-
Hi Harry -
IT admin here - We're seeing the same issue for students on Linksys routers (incl. Orbi). I believe we are up to 10 students with the same issue at home.
We are working with Securly support and they have been in contact with OpenDNS. However, Securly support hasn't been able to get anywhere with OpenDNS support. I just put in a support request with OpenDNS...keeping my fingers crossed. If others have this issue, please put in a support request with OpenDNS.
-
I appreciate the info and have forwarded it to the admin at the school, thank you. We do have another case at school and have filed support requests with OpenDNS. In the meantime, I have switched to the other option on the router, Circle with Disney. The free basic plan seems OK/comparable in terms of blocking video sharing sites etc. But the setup went in effect less than an hour ago, so I keep my fingers crossed.
Harry
-
A bit more info from Securly -
Thank you for reaching out to us. It appears that Umbrella blocks or rather does not resolve one of Securly subdomains google.com.1.findme2.1.prx.uswest.v1api.securly.comCircle does a decent job...just make sure to exempt your student's device from Circle filtering.
-
Umbrella does resolve this subdomain, but to a localhost address of 127.0.0.2. If one has a policy enabled to block domains with private or localhost IP addresses, then this may be the problem.
nslookup google.com.1.findme2.1.prx.uswest.v1api.securly.com.
Server: local.odns1.prv
Address: 10.165.23.19
Non-authoritative answer:
Name: google.com.1.findme2.1.prx.uswest.v1api.securly.com
Address: 127.0.0.2 -
Has anyone been able to get anywhere with this? I have 2 daughters with school iPads that have always been fine at home, until this week (new school year started so starting to use them again)--the school tech dept can't find anything wrong with the devices, but this week they no longer work when connected to our wifi. They will work when phones are used as a hotspot and on school wifi. I have a Netgear Nighthawk router, they have Securly on their iPads. Only Zoom works if they have a password to manually enter (clicking link won't work)
-
Vly: your experience is identical to mine. mwallace indicated above that a fix (from the Securly side) might be coming, but it looks like it didn't land on time; or it might not be viable. I switched to the Circle option (free, not premium) for parent control on the NightHawk router and that worked.
-
Having the same issue here. I use OpenDNS to secure things for my job, and come to find out the Securly proxy doesn't like OpenDNS...
So I have to use the open internet, which not only do I have limited control on what they do on their school computers, their non-school devices have access to everything.
-
As of yesterday, Securly had to postphone the fix. We're waiting on an update from DevOps regarding the new ETA. Using the built-in free Circle (vs. OpenDNS) is an interesting approach. Last year, parents had to create a Circle exception for Securly devices. However, given Harry's response perhaps that's no longer necessary.
Is anyone out there willing to test enabling Circle "free" on their router with a Securly filtered device? Please note, the built-in free Circle is only supported on select wireless routers.
For those technically included, Circle has an interesting write-up in their use of ARP spoofing and custom DNS settings: https://support.meetcircle.com/hc/en-us/articles/360026364652-Circle-and-Custom-DNS-Settings
-
Sorry to hear about the delay, please keep us posted!
For those who want to try Circle Free, the control app for your phone is "Circle 1st Gen" not the other Circle. I'm on Android but imagine it's the same in App Store. In my case it works well with Netgear R7960P -- perhaps the "Circle exception" has been made official & default.
Harry
-
I found this post after trying to figure out why my daughters school iPad couldn't browse the web. I too narrowed it down to Securly Home being installed on the iPad and having my DNS servers set to OpenDNS. Whats strange is the schools Chromebooks which also have Securly Home on them work just fine, its only the iPad. If I change my DNS servers to Google everything works fine or if I change the iPad itself to use DNS 8.8.8.8 thus bypassing my routers DNS set to OpenDNS everything works as well. I may use this as a workaround until OpenDNS can resolve the issue. All of the requests from the iPad go to 192.168.1.166.kfzi7k9j7lez.1.mip.uswest.v1api.securly.com
-
rotblitz, was your comment directed at me or someone else in this post? If it was directed at my post I don't believe its releated to Netgear or LPC (Live Parental Control) because I don't have a Netgear router. My home setup consists of an Asus router and my Asus is forwarding DNS requests to Pi-Hole to block Ads which is then in turn forwarding DNS to OpenDNS. On the iPad in question when I have Pi-Hole set to forward DNS to OpenDNS I cannot browse the internet as the requests to Securly Home are being blocked or not processed correctly by OpenDNS. When I change Pi-Hole to forward DNS to Google (ECS) everything works perfectly on the iPad. Unless I am missing something everything seems to be pointing to an OpenDNS issue. For the time being I changed Pi-Hole back to OpenDNS for all other devices and on the iPad in question I manually set its DNS to 8.8.8.8 in the WiFi settings so my daughter can use her iPad but its just not being blocked by Pi-Hols Ad blocking or OpenDNS content filtering but at least she can use the device. Thanks!
Please sign in to leave a comment.
Comments
24 comments