OpenDNS conflict with Securly?

Comments

23 comments

  • Avatar
    rotblitz (Edited )

    Also Securly seems to be or to include a DNS service, same as OpenDNS.  You can use only one DNS service at any time.  You cannot keep OpenDNS for the school devices.

    0
    Comment actions Permalink
  • Avatar
    antialiasing

    Thanks for the info, rotbliz, but I don't see yet why Securly DNS matter in this case, sorry for being obtuse. Even without OpenDNS, Comcast defaults to its own DNS. Comcast's own DNS works fine with Securly; when I turn off OpenDNS parent control, the school iPads with Securly work fine on our Comcast internet.

    I would appreciate it if you could elaborate a bit more on this subject.

    Harry

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    "I don't see yet why Securly DNS matter in this case"

    Correct, it doesn't matter what other DNS service you will be using with LPC, because...

    LPC is something you actively enable on the router, and this feature prevents from using any other DNS service by the end user devices like Securly DNS or Comcast DNS.  Comcast DNS is not something you can actively enable on the router, it is default as you say, and therefore end user devices can easily use their own DNS, e.g. Securly DNS or OpenDNS.  And no, the school devices do not "work fine" with Comcast DNS, because they use Securly DNS solely.  Still being obtuse?

    0
    Comment actions Permalink
  • Avatar
    mwallace (Edited )

    Hi Harry - 

    IT admin here - We're seeing the same issue for students on Linksys routers (incl. Orbi). I believe we are up to 10 students with the same issue at home.

    We are working with Securly support and they have been in contact with OpenDNS. However, Securly support hasn't been able to get anywhere with OpenDNS support. I just put in a support request with OpenDNS...keeping my fingers crossed. If others have this issue, please put in a support request with OpenDNS. 

    0
    Comment actions Permalink
  • Avatar
    antialiasing

    I appreciate the info and have forwarded it to the admin at the school, thank you. We do have another case at school and have filed support requests with OpenDNS. In the meantime, I have switched to the other option on the router, Circle with Disney. The free basic plan seems OK/comparable in terms of blocking video sharing sites etc. But the setup went in effect less than an hour ago, so I keep my fingers crossed.

    Harry

    0
    Comment actions Permalink
  • Avatar
    mwallace

    A bit more info from Securly -


    Thank you for reaching out to us. It appears that Umbrella blocks or rather does not resolve one of Securly subdomains google.com.1.findme2.1.prx.uswest.v1api.securly.com

    Circle does a decent job...just make sure to exempt your student's device from Circle filtering. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Umbrella does resolve this subdomain, but to a localhost address of 127.0.0.2.  If one has a policy enabled to block domains with private or localhost IP addresses, then this may be the problem.

    nslookup google.com.1.findme2.1.prx.uswest.v1api.securly.com.
    Server: local.odns1.prv
    Address: 10.165.23.19

    Non-authoritative answer:
    Name: google.com.1.findme2.1.prx.uswest.v1api.securly.com
    Address: 127.0.0.2

     

    0
    Comment actions Permalink
  • Avatar
    mwallace

    FYI - Securly engineering is working on a workaround that may be out later this week. OpenDNS support has been unresponsive. 

    0
    Comment actions Permalink
  • Avatar
    antialiasing

    I appreciate the update; the prospect of a workaround is encouraging! Please kindly update this thread when the fix arrives later this week. Thank you!

    Harry

    0
    Comment actions Permalink
  • Avatar
    antialiasing

    BTW mwallace: Re your reply today at 10:27 -- Circle does not appear to block Securly so School iPads work fine under Circle; or in other words, no need to exempt kids' School iPads from Circle. Regards,

    Harry

    0
    Comment actions Permalink
  • Avatar
    vly

    Has anyone been able to get anywhere with this?  I have 2 daughters with school iPads that have always been fine at home, until this week (new school year started so starting to use them again)--the school tech dept can't find anything wrong with the devices, but this week they no longer work when connected to our wifi.  They will work when phones are used as a hotspot and on school wifi. I have a Netgear Nighthawk router, they have Securly on their iPads. Only Zoom works if they have a password to manually enter (clicking link won't work)

    0
    Comment actions Permalink
  • Avatar
    antialiasing

    Vly: your experience is identical to mine. mwallace indicated above that a fix (from the Securly side) might be coming, but it looks like it didn't land on time; or it might not be viable. I switched to the Circle option (free, not premium) for parent control on the NightHawk router and that worked.

    0
    Comment actions Permalink
  • Avatar
    thedavedave

    Having the same issue here. I use OpenDNS to secure things for my job, and come to find out the Securly proxy doesn't like OpenDNS...

    So I have to use the open internet, which not only do I have limited control on what they do on their school computers, their non-school devices have access to everything.

     

    0
    Comment actions Permalink
  • Avatar
    mwallace (Edited )

    As of yesterday, Securly had to postphone the fix. We're waiting on an update from DevOps regarding the new ETA. Using the built-in free Circle  (vs. OpenDNS) is an interesting approach. Last year, parents had to create a Circle exception for Securly devices. However, given Harry's response perhaps that's no longer necessary. 

    Is anyone out there willing to test enabling Circle "free" on their router with a Securly filtered device? Please note, the built-in free Circle is only supported on select wireless routers.

    For those technically included, Circle has an interesting write-up in their use of ARP spoofing and custom DNS settings: https://support.meetcircle.com/hc/en-us/articles/360026364652-Circle-and-Custom-DNS-Settings

     

    0
    Comment actions Permalink
  • Avatar
    antialiasing

    Sorry to hear about the delay, please keep us posted!

    For those who want to try Circle Free, the control app for your phone is "Circle 1st Gen" not the other Circle. I'm on Android but imagine it's the same in App Store. In my case it works well with Netgear R7960P -- perhaps the "Circle exception" has been made official & default.

    Harry

    0
    Comment actions Permalink
  • Avatar
    latenighter

    I found this post after trying to figure out why my daughters school iPad couldn't browse the web.  I too narrowed it down to Securly Home being installed on the iPad and having my DNS servers set to OpenDNS.  Whats strange is the schools Chromebooks which also have Securly Home on them work just fine, its only the iPad.  If I change my DNS servers to Google everything works fine or if I change the iPad itself to use DNS 8.8.8.8 thus bypassing my routers DNS set to OpenDNS everything works as well.  I may use this as a workaround until OpenDNS can resolve the issue.  All of the requests from the iPad go to 192.168.1.166.kfzi7k9j7lez.1.mip.uswest.v1api.securly.com

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I say it again: LPC is something you actively enable on the router, and this feature prevents from using any other DNS service by the end user devices like Securly DNS or Comcast DNS.

    If there is something to be fixed, it must be fixed by Netgear, not by OpenDNS.

    0
    Comment actions Permalink
  • Avatar
    latenighter

    rotblitz, was your comment directed at me or someone else in this post?  If it was directed at my post I don't believe its releated to Netgear or LPC (Live Parental Control) because I don't have a Netgear router.  My home setup consists of an Asus router and my Asus is forwarding DNS requests to Pi-Hole to block Ads which is then in turn forwarding DNS to OpenDNS.  On the iPad in question when I have Pi-Hole set to forward DNS to OpenDNS I cannot browse the internet as the requests to Securly Home are being blocked or not processed correctly by OpenDNS.  When I change Pi-Hole to forward DNS to Google (ECS) everything works perfectly on the iPad.  Unless I am missing something everything seems to be pointing to an OpenDNS issue.  For the time being I changed Pi-Hole back to OpenDNS for all other devices and on the iPad in question I manually set its DNS to 8.8.8.8 in the WiFi settings so my daughter can use her iPad but its just not being blocked by Pi-Hols Ad blocking or OpenDNS content filtering but at least she can use the device.  Thanks!

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    My message was for all who try to use Netgear LPC and another DNS service like Securly at the same time. So not to you.

    0
    Comment actions Permalink
  • Avatar
    mwallace

    Securly rolled out a fix yesterday afternoon! I'm still testing with a few students. However, could anyone on this post confirm that the fix is working for them?

    0
    Comment actions Permalink
  • Avatar
    cdenesha

    mwallace How is your testing going? I am still not sure if my school's student iPads are working at home.

    thanks,

    chris, IT

    0
    Comment actions Permalink
  • Avatar
    mwallace

    Hi Chris - I just tested with 6-7 student iPads and the fix is working!

    0
    Comment actions Permalink
  • Avatar
    cdenesha

    @mwallace I’ll ask the families who submitted tech tickets.

    So are you IT support for iPads also, using Securly? Please reach out to me on Twitter!

    0
    Comment actions Permalink

Please sign in to leave a comment.