What DNS addresses to use with OpenDNS Home VIP ??
What DNS addresses to use with OpenDNS Home VIP ??
-
You can use any address, normal or FamilyShield.
Do you use OpenDNS at all? http://welcome.opendns.com/
If you flush the caches, your settings changes will be immediate.
-
I cannot get any functionality using .222 or .220. I get porn blocking with .123. Any changes in the dashboard do nothing. Even setting filter to none still results in porn blocking. Individual domain blocking does not work either. I do see activity in the stats.
So I am left with the assumption that my setup is either wrong or corrupt.
Any ideas on a fix?
Jerry
-
I came to that conclusion last night also. There must be a configuration issue somewhere. I just don'r see any other way to configure it. I have deleted the config 3 times and recreated. I saw a post that said I should get an email to verify my IP. i"m not getting any but maybe that post was old.
I also don't know what this means..."For individual IP addresses, verification is self-service, if you can click on a link from the network IP address. "
Is there a document somewhere to help with the registration?
Thanks again for your help with this.
Jerry
-
Confirming Your Account
"After you have configured your network (devices) to use OpenDNS you should check your email for an account confirmation email from OpenDNS. Not all email services allow hyperlinks within the content of messages, if the link in your email is not clickable copy and paste the link into your browser to confirm your account. If you click (or copy and paste) the link in the confirmation email you will be taken to your OpenDNS dashboard. "
I did not receive an email (I checked trash and spam also) confirming setup. Could this be why it's not working correctly?
Is there any way to generate this email without contacting support?
Jerry
-
And post a screenshot of this page.
https://dashboard.opendns.com/settings/ -
Here is the info.................
Microsoft Windows [Version 10.0.18363.1016]
(c) 2019 Microsoft Corporation. All rights reserved.C:\Users\l>nslookup -type=txt debug.opendns.com
Server: cdns01.comcast.net
Address: 2001:558:feed::1opendns.com
primary name server = auth1.opendns.com
responsible mail addr = noc.opendns.com
serial = 1598902568
refresh = 16384 (4 hours 33 mins 4 secs)
retry = 2048 (34 mins 8 secs)
expire = 1048576 (12 days 3 hours 16 mins 16 secs)
default TTL = 2560 (42 mins 40 secs)C:\Users\l>nslookup whoami.akamai.net
Server: cdns01.comcast.net
Address: 2001:558:feed::1Non-authoritative answer:
Name: whoami.akamai.net
Address: 69.252.33.23
-
You are clearly not using OpenDNS, but the DNSv6 service of your ISP Comcast. It seems you missed to configure the IPv6 side of things. Configure your IPv6 settings with DNS server addresses from the following list:
::ffff:d043:dede ::ffff:d043:dcdc ::ffff:d043:dedc ::ffff:d043:dcdeThe Organization drop down field, what other options does it show?
-
Hmm.. Then why does it work when I use the Family Shield .123 nameserver in my router?
The organization drop down shows only "home".
From Open DNS doumentation:
We support recursive IPv6 DNS resolution and security filtering for IPv6 traffic. Our IPv6 DNS server addresses are:
- 2620:119:35::35
- 2620:119:53::53
Currently, it is not possible for users to register IPv6 addresses in the OpenDNS Dashboard. Custom content filtering cannot be set for IPv6 traffic.
For users looking for an RFC-compliant DNS service that does not provide any level of filtering, the following IPv6 DNS server addresses can be used instead:
- 2620:0:ccc::2
- 2620:0:ccd::2
Where are the instructions for IPV6 in the setup documentation?
After entering the IPV6 info you provided in my router:
C:\Users\l>nslookup -type=txt debug.opendns.com.
Server: UnKnown
Address: 208.67.222.222*** UnKnown can't find debug.opendns.com.: No response from server
C:\Users\l>nslookup whoami.akamai.net.
Server: UnKnown
Address: 208.67.222.222*** UnKnown can't find whoami.akamai.net.: No response from server
Jerry
-
There is no such official IPv6 setup instructions, just my unofficial ones. This does not always work, because it is a workaround with IPv4 addresses in IPv6 notation. And it seems your router is a case where it does not work. Your other option is to disable IPv6 altogether, ideally on the router.
Also, regarding confirming your account or IP address, there is nothing to confirm. Your screenshot shows that all is set already.
-
I guess that your DNS queries go randomly over IPv4 (then they appear on the stats, and your settings take effect) and over IPv6 (no stats, no settings in effect). You do not really have influence on this behavior unless you can configure both IPv4 and IPv6, or you disable IPv6 connectivity.
Another possibility is that some of your devices raise DNS queries over IPv4 only, whereas others use IPv6.
Another confusing observation I made is that you have your IP address registered with a network label "Hal2000", whereas your stats come from a network label "home". This definitely looks like a configuration mistake. And your stats may be from a totally different user having a different IP address assigned to your network label "home". This user may send DNSv4 queries, whereas the DNSv6 queries are from you...
-
Hmm.. Since Family Shield .123 works fine, does not this point to a problem with the OpenDNS servers with the Home VIP side of things?
Hal 2000 is the friendly name I put in. But I will change it to 'home' and see what happens.
I'm doing testing from just one machine.
I will try a couple things tonight after my students leave for the day and let you know the results.
Thanks, Jerry
-
The problem here is that I do not have subscribed to VIP, but using normal OpenDNS Home, so I cannot analyse from the VIP point of view. But I do not believe that FamilyShield works fine, in comparison to the normal resolver addresses, beside the fact that for DNS queries going to them will always block domains categorized as porn, regardless of your dashboard settings.
It's hard to help you any further in this forum. The better approach is to involve staff to check your account. You can achieve this by raising a support ticket, link "Submit a request" above. Best would be to include a link to this thread where they can obtain useful information from. It can take three weeks to receive a response though.
-
I submitted a support ticket last Saturday.
I have confirmed Family Shield works on all my devices. Just no custom filtering. It appears that OpenDNS is not ready for IPV6. It's probably not a very high priority for Cisco which I understand.
I have used the Barracuda filtering appliance in the past and was quite happy with it. But I would need to get another internal router and the complexity is not something I really want to manage (since I did this stuff for years in an education environment and enjoy not dealing with all the problems of network management since I retired). :)
I do thank you for your attempts to help me get this working.
Jerry
-
Great. If you ever come to a solution or further insights, it would be good to publish them here. It will help other VIP users with the same problems.
And yes, unlike with their commercial service Umbrella, where you can register your IPv6 addresses at the dashboard, their consumer services are not ready yet for IPv6. This is how it should look like (from the Umbrella dashboard):
Because it is established for Umbrella already since a while, there are chances that this becomes available also for the home versions this or next year.
Please sign in to leave a comment.
Comments
22 comments