OpenDNS Not working at all on any device

Comments

13 comments

  • Avatar
    rotblitz (Edited )

    It seems your DNS queries go out over IPv6.
    https://diagnostic.opendns.com/myip
    Therefore your DNS queries do not go to OpenDNS, because you did not configure IPv6.

    Because you cannot register an IPv6 address at the dashboard yet, you must tweak the process to convert your DNS queries to IPv4. Therefore you configure your IPv6 settings with DNS server addresses from the following list:
    ::ffff:d043:dedc ::ffff:d043:dcde ::ffff:d043:dede ::ffff:d043:dcdc

    There are routers where this does not work. In this case the only other option is to disable IPv6 altogether.

    Further, your IPv4 address was not registered at your dashboard when you executed the commands.

    0
    Comment actions Permalink
  • Avatar
    a2ofamily

    Thanks for the reply.  Maybe I should also expand on this and provide you and update on what I have done to try this.  I will also run the commands I have seen you post and hope they are updated.  My ultimate goal here is to restrict certain clients (mainly my kids) and leave it open for the rest.  Can I do this with only the AC68U using opendns? 

    Since I am not sure if i can do this, I am trying current to continue using the ac68u unrestricted.  I have attached a second router to this which is an RT-N66R where I have set the DNS servers and I would have the clients I want to restrict going to this device.  

    My preference would be only to have the single router so hoping you can comment here.  

    I am still not able to get opendns to work it seems.  I have shut ipv6 off on both routers.  I am not sure what the below are or if still needed if i have shut ipv6 off? 

    ::ffff:d043:dedc ::ffff:d043:dcde ::ffff:d043:dede ::ffff:d043:dcdc

    I will run those commands you mention in other posts and post below that maybe it helps.  

     

    0
    Comment actions Permalink
  • Avatar
    a2ofamily

    C:\>nslookup -type=txt debug.opendns.com. 208.67.220.220
    Server: resolver2.opendns.com
    Address: 208.67.220.220

    Non-authoritative answer:
    debug.opendns.com text =

    "server m71.chi"
    debug.opendns.com text =

    "flags 40020 0 70 180000000000000000007950800000000000000"
    debug.opendns.com text =

    "originid 0"
    debug.opendns.com text =

    "actype 0"
    debug.opendns.com text =

    "source 96.2.89.44:62025"

    C:\>nslookup -type=txt which.opendns.com.
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    which.opendns.com text =

    "m61.chi"

    C:\>nslookup whoami.akamai.net.
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Non-authoritative answer:
    Name: whoami.akamai.net
    Addresses: 2620:0:cc5::75
    208.69.36.199


    C:\>nslookup domain that I know should be blocked.
    Usage:
    nslookup [-opt ...] # interactive mode using default server
    nslookup [-opt ...] - server # interactive mode using 'server'
    nslookup [-opt ...] host # just look up 'host' using default server
    nslookup [-opt ...] host server # just look up 'host' using 'server'

    C:\>netsh interface ipv4 show config

    Configuration for interface "Ethernet 2"
    DHCP enabled: Yes
    InterfaceMetric: 24
    DNS servers configured through DHCP: 10.110.182.1
    Register with which suffix: Primary only
    WINS servers configured through DHCP: None

    Configuration for interface "Ethernet"
    DHCP enabled: Yes
    IP Address: 192.168.2.220
    Subnet Prefix: 192.168.2.0/24 (mask 255.255.255.0)
    Default Gateway: 192.168.2.1
    Gateway Metric: 0
    InterfaceMetric: 25
    DNS servers configured through DHCP: 208.67.222.222
    192.168.2.1
    Register with which suffix: Primary only
    WINS servers configured through DHCP: None

    Configuration for interface "Ethernet 3"
    DHCP enabled: Yes
    InterfaceMetric: 35
    DNS servers configured through DHCP: None
    Register with which suffix: Primary only
    WINS servers configured through DHCP: None

    Configuration for interface "Loopback Pseudo-Interface 1"
    DHCP enabled: No
    IP Address: 127.0.0.1
    Subnet Prefix: 127.0.0.0/8 (mask 255.0.0.0)
    InterfaceMetric: 75
    Statically Configured DNS Servers: None
    Register with which suffix: Primary only
    Statically Configured WINS Servers: None

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    If you configure OpenDNS on the router, then you configure another DNS service on the devices which you want to exempt from OpenDNS. Or the other way around, as you want.

    Your router does not work as expected and returns mixed DNS server addresses:

    DNS servers configured through DHCP: 208.67.222.222
    192.168.2.1

    Refer to your router supplier, or try with a firmware upgrade.

    Also, your IP address is still not registered at your OpenDNS dashboard.

    0
    Comment actions Permalink
  • Avatar
    a2ofamily

    Thanks for the reply.  Are you saying I can go with just the single router and configure a dns server to use per client?  

    Gosh I thought i registered the address now.  I went here:  https://diagnostic.opendns.com/myip and verified the address is registered.  Am I supposed to do something else maybe to be sure it is registered?  

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Yes, you can configure per client with one router.

    You register your IPv4 address here:
    https://dashboard.opendns.com/settings/

    0
    Comment actions Permalink
  • Avatar
    a2ofamily

    I did that already.  The one i registered is the one that shows via the link above in addition to the very top of the screen you mention. 

    I will setup the ac68u only.  Can i default to opendns and then remove it for machines I don't want to run through it?  

    0
    Comment actions Permalink
  • Avatar
    a2ofamily (Edited )

    I verified the info here: https://support.opendns.com/hc/en-us/articles/228007727

    i checked here again as well and it gives me the welcome screen which I think means it is working:  welcome.opendns.com

    Something is not working it seems.    

    I also check the "Total Requests" for my IP and it is always zero.  

    I have turned aiprotection off as well

    Hoping someone might have some ideas.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    As long as your IP address is not registered at your dashboard, your dashboard settings do not take effect.

    And your mixed IP addresses from your router is the other problem.

    0
    Comment actions Permalink
  • Avatar
    a2ofamily

    Thanks rotblitz for the help here.  

    I seem to be getting different ip addresses as now when i come in i have a new one.  The WAN address on the router is a different one yet which I am assuming is my public ip?  

    I am not sure what you mean by mixed ip addresses.  How do i resolve these things to get this to work?  

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    I don’t know your router, so cannot help.

    And your IP address issue is probably an IP address mismatch, see
    https://support.opendns.com/hc/en-us/articles/115003766106-Dynamic-IP-Addresses-Error-Messages

    Run the diagnostics and raise a support ticket, link “Submit a request” above, with the links to your diagnostic results and this thread.
    https://support.opendns.com/hc/en-us/articles/227988487-Diagnostic-Tool-Link-and-Instructions

    1
    Comment actions Permalink
  • Avatar
    a2ofamily (Edited )

    I created a support ticket but i haven't had much luck with them as I created one early on and wait for a response and over 10 days now with no response.  I ran the diagnostics tool and included that too in the ticket.

    It did start to work for a period of time maybe 18 hours or so.  I noticed also when logging into the opendns site that it was showing the 24.....address and things were locking down and looking good.  This morning it reverted back to the 165.....and all is open again.

    Any idea why this would have happened?  

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I have heard that a response to a ticket can take three weeks or more.

    Not sure why you think your IP addresses are 24.* and 165.*.  From your outputs above I can see that they have been 208.107.77.63 and 96.2.89.44.  It seems your ISP often assigns new IP addresses to you.  The Updater's job is to keep them updated at your dashboard.  Ensure that the Updater can do its job, i.e. that its computer is running and the admin is logged in (in case you use the official Updater).

    And according to the KB article I linked to above, you can prove what IP addresses OpenDNS sees from you:

    DNS IP address: nslookup myip.opendns.com.
    Web IP address: http://myip.dnsomatic.com/

    The resulting IP address should be the same, else you have a mismatch.

    0
    Comment actions Permalink

Please sign in to leave a comment.