OpenDNS Family

Comments

10 comments

  • Avatar
    rotblitz (Edited )

    “searching for adult site”

    If you want to block search engines, then you must explicitly block this category of domains. Else these domains will surely not be blocked, because they are not adult sites.

    Also, the instructions you have followed may have caused you to use the wrong resolver addresses. The correct addresses for FamilyShield are:
    208.67.222.123 and 208.67.220.123

    0
    Comment actions Permalink
  • 0
    Comment actions Permalink
  • 0
    Comment actions Permalink
  • Avatar
    trailheadarts

    Thank you, I've configured per instructions successfully and tested successfully resulting in the message response "your browsing safer, faster, etc..."

    Searching "adult sites" now results in a warning page saying "your connection is not private" using chrome. So sites seem to be blocked. Searching "adult sites" in MS Edge pulls up as much porn as is available on the internet - no blocking, no warning. 

    The page descriptions indicate OpenDNS is  "Preconfigured to block adult content". When configured per the original instructions and tested, all indicate it's operating properly. The real-world application results in no blocked adult content. 

    Please advise why a configuration per instruction and successful testing results in access to porn sites. Thank you. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    "your connection is not private"

    If you prefer to see the block page, you need to download and install the Cisco CA root certificate.
    https://support.opendns.com/hc/en-us/articles/227987007-Block-Page-Errors-Installing-the-Cisco-Umbrella-Root-CA

    “Searching "adult sites" in MS Edge pulls up as much porn as is available on the internet - no blocking, no warning.”

    This is Bing.  I mentioned already that you need to block the search engine category of domains if you want search engines being blocked. Search engines are not adult sites.

    "Preconfigured to block adult content"

    This definition is not precise. It should read: preconfigured to block domains which are categorized as mainly containing adult content.

    “Please advise why a configuration per instruction and successful testing results in access to porn sites.”

    I’m a user like you, and I’m not in the position to provide advices here. But I can try helping you to work around any hurdles.

    0
    Comment actions Permalink
  • Avatar
    trailheadarts (Edited )

    ... So my 5 year old can browse to a porn site by accident after successfully setting up and testing OpenDNS Family on my router? And I ask because I can currently browse to any porn site after setting this up and testing per the sites supplied by OpenDNS. 

    And I'll add, I appreciate the fact that you've volunteered to take the time to try to help.

     

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    “So my 5 year old can browse to a porn site by accident after successfully setting up and testing OpenDNS Family on my router?”

    No, not if everything is setup correctly, and your router, your browser and your ISP do not sabotage what you want to achieve.

    “I can currently browse to any porn site”

    Something is wrong. Open a command prompt window, and copy & paste the complete plain text output of the following diagnostic commands to here:

    nslookup -type=txt debug.opendns.com. 208.67.220.220
    nslookup -type=txt which.opendns.com.
    nslookup whoami.akamai.net.
    netsh interface ipv4 show config
    netsh interface ipv6 show dns

    Also, tell me what browser you are using.  Always MS Edge?

    0
    Comment actions Permalink
  • Avatar
    trailheadarts

    nslookup -type=txt debug.opendns.com. 208.67.220.220

    Microsoft Windows [Version 10.0.19041.572]
    (c) 2020 Microsoft Corporation. All rights reserved.

    C:\Users\trail>nslookup -type=txt debug.opendns.com. 208.67.220.220
    Server: resolver2.opendns.com
    Address: 208.67.220.220

    Non-authoritative answer:
    debug.opendns.com text =

    "server r7.den1"
    debug.opendns.com text =

    "flags 40020 0 40 1800000000000000000039FD000000000000000"
    debug.opendns.com text =

    "originid 493318636"
    debug.opendns.com text =

    "orgid 4906486"
    debug.opendns.com text =

    "orgflags A6"
    debug.opendns.com text =

    "actype 0"
    debug.opendns.com text =

    "bundle 7061336"
    debug.opendns.com text =

    "source 24.8.102.13:52588"

    C:\Users\trail>

    nslookup -type=txt which.opendns.com.

    Microsoft Windows [Version 10.0.19041.572]
    (c) 2020 Microsoft Corporation. All rights reserved.

    C:\Users\trail>nslookup -type=txt which.opendns.com.
    Server: cdns01.comcast.net
    Address: 2001:558:feed::1

    Non-authoritative answer:
    which.opendns.com text =

    "I am not an OpenDNS resolver."

    C:\Users\trail>

    nslookup whoami.akamai.net.

    Microsoft Windows [Version 10.0.19041.572]
    (c) 2020 Microsoft Corporation. All rights reserved.

    C:\Users\trail>nslookup whoami.akamai.net.
    Server: cdns01.comcast.net
    Address: 2001:558:feed::1

    Non-authoritative answer:
    Name: whoami.akamai.net
    Address: 76.96.47.195


    C:\Users\trail>

    netsh interface ipv4 show config

    Microsoft Windows [Version 10.0.19041.572]
    (c) 2020 Microsoft Corporation. All rights reserved.

    C:\Users\trail>netsh interface ipv4 show config

    Configuration for interface "Local Area Connection* 1"
    DHCP enabled: Yes
    InterfaceMetric: 25
    DNS servers configured through DHCP: None
    Register with which suffix: Primary only
    WINS servers configured through DHCP: None

    Configuration for interface "Local Area Connection* 2"
    DHCP enabled: Yes
    InterfaceMetric: 25
    DNS servers configured through DHCP: None
    Register with which suffix: Primary only
    WINS servers configured through DHCP: None

    Configuration for interface "Wi-Fi"
    DHCP enabled: Yes
    IP Address: 192.168.0.4
    Subnet Prefix: 192.168.0.0/24 (mask 255.255.255.0)
    Default Gateway: 192.168.0.1
    Gateway Metric: 0
    InterfaceMetric: 50
    DNS servers configured through DHCP: 208.67.222.123
    208.67.220.123
    Register with which suffix: Primary only
    WINS servers configured through DHCP: None

    Configuration for interface "Bluetooth Network Connection 2"
    DHCP enabled: Yes
    InterfaceMetric: 65
    DNS servers configured through DHCP: None
    Register with which suffix: Primary only
    WINS servers configured through DHCP: None

    Configuration for interface "Loopback Pseudo-Interface 1"
    DHCP enabled: No
    IP Address: 127.0.0.1
    Subnet Prefix: 127.0.0.0/8 (mask 255.0.0.0)
    InterfaceMetric: 75
    Statically Configured DNS Servers: None
    Register with which suffix: Primary only
    Statically Configured WINS Servers: None


    C:\Users\trail>

    netsh interface ipv6 show dns

    Microsoft Windows [Version 10.0.19041.572]
    (c) 2020 Microsoft Corporation. All rights reserved.

    C:\Users\trail>netsh interface ipv6 show dns

    Configuration for interface "Local Area Connection* 1"
    DNS servers configured through DHCP: fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    Register with which suffix: Primary only

    Configuration for interface "Local Area Connection* 2"
    DNS servers configured through DHCP: fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    Register with which suffix: Primary only

    Configuration for interface "Wi-Fi"
    DNS servers configured through DHCP: 2001:558:feed::1
    2001:558:feed::2
    Register with which suffix: Primary only

    Configuration for interface "Bluetooth Network Connection 2"
    DNS servers configured through DHCP: fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    Register with which suffix: Primary only

    Configuration for interface "Loopback Pseudo-Interface 1"
    Statically Configured DNS Servers: fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    Register with which suffix: Primary only


    C:\Users\trail>

    0
    Comment actions Permalink
  • Avatar
    trailheadarts

    Also, I'm testing on Chrome and Edge. Chrome gives me a warning page "connection is not private" which seems to be a block even when I tell it to proceed anyway I get the message again. Edge has no restrictions on navigating to a porn site. 

    Thank you. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    You did not configure IPv6, therefore you're using your ISPs (Comcast's) DNSv6 service, not OpenDNS:

    Server: cdns01.comcast.net
    Address: 2001:558:feed::1

    Configuration for interface "Wi-Fi"
    DNS servers configured through DHCP: 2001:558:feed::1
    2001:558:feed::2

    Use these resolver addresses in your IPv6 settings: ::ffff:d043:de7b and ::ffff:d043:dc7b
    Or alternatively: 2620:119:35::123 and 2620:119:53::123 

    If you cannot do this on your router or on end user devices, then you better disable IPv6 altogether.

    Regarding Chrome, you must disable Lite mode and must disable or reconfigure secure DNS to use OpenDNS FamilyShield.
    https://support.opendns.com/hc/en-us/articles/360038086532

    Regarding the warning page "connection is not private", you must download and install a certificate to suppress this browser warning.
    https://support.opendns.com/hc/en-us/articles/227987007

    0
    Comment actions Permalink

Please sign in to leave a comment.