Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthordmcdonald1
    • CommentTimeFeb 24th 2012
     permalink
    Are all sites that show up in the blocked sites stats actually attempted to visit or are these URL's showing up from links on other pages or search results? I have a user that has a huge volume of gay sites showing up but hardly any other porn types? Is the user trying each site that shows up or is this coming from search pages?
    • CommentAuthormaintenance
    • CommentTimeFeb 24th 2012 edited
     permalink
    If there is a very large amount, something is at least visiting sites that get advertising or some type of content loaded from these domains, or links to pages at these domains. If browsers have link prefetching enabled (which is by default in some cases), every possible link on a page has a DNS lookup issued for it. So someone could be looking at sites (including forums) where pornography might be linked-to, or there could be a form of malware somewhere on a system which is trying to reach these domains. Or they could be trying to directly surf sites with pornography. But not necessarily.

    And, of course, if a domain is blocked, the site at that domain isn't visited at all.
    • CommentAuthordmcdonald1
    • CommentTimeFeb 24th 2012
     permalink
    What I'm trying to find out is, is the user typing in one request in the Google search window and getting 20 Blocked Domain entries in DNS, or is he only getting 1 Blocked Domain entry when he selects one item from the search list? I was unable to find anything referring to prefetching in Safari or Firefox. This is a Mac on a Linksys E2000 router home network with DNS filtering set fairly tight cause we have little ones in the house .
  1.  permalink
    I don't know about Safari, but FF comes with prefetching enabled. AFAIK, FF doesn't have a GUI setting for prefetching like SeaMonkey. So, enter about:config in the address bar, and click through the joke message about "voiding your warranty". Enter the word prefetch in the search field. You should get some entries, probably two, which you want to set to either true or false to turn them off. In FF4, for example:
    network.dns.disablePrefetch;true
    network.prefetch-next;false

    What no one can tell you from stats is whether a person using a browser typed an address in the bar or clicked a bookmark or link to generate a DNS lookup. Most sites load content from many domains, including scripts, ads, images, comments, whatever. There is no way to say what caused the lookup - this is not like a browser's visited site history, but a collection of all DNS lookups leaving your network and generated by any possible means. E.g., your OS looks for updates, it generates DNS lookups for the update domain(s). Surf the forum here, and it will cause lookups for at least five domains. Visit a site about gay-related issues, and you might get DNS lookups for gay porn sites from advertising or whatever, depending on the sort of site it is, or how much control it has over context-based advertising on the site. Some sites will cause lookups to 30 or 50 domains - no kidding.
    • CommentAuthorrotblitz
    • CommentTimeFeb 25th 2012 edited
     permalink
    Beside what @maintenance correctly said:

    "Are all sites blocked actually visited?"

    Generally no. The stats do not reflect sites having been visited, but domains having been looked up and eventually blocked. This is a huge difference. DNS is just the phone book, not the phone lines. Reading (looking up) a phone number in the phone directory proves in no way it has ever been used for calling (visiting).

    As your network does not send any information about "visits" to OpenDNS, OpenDNS can just show the lookups you sent to them, not the visits.

    "or are these URL's showing up from links on other pages or search results?"

    Again, the stats are not about URLs, just about domains. Again a huge difference.

    Regarding DNS prefetching in browsers:

    In FireFox this is enabled by default, and even the config values may be missing. You may need to introduce them:
    network.dns.disablePrefetch = true (boolean)
    network.dns.disablePrefetchFromHTTPS = true (boolean)

    And maybe also (this has indirect influence on DNS prefetching):
    network.prefetch-next = false (boolean)

    For Safari DNS prefetching is enabled by default as well.
    To disable it see here: http://support.apple.com/kb/TS3408

    You'll be surprised how different your OpenDNS domain stats look after having disabled DNS prefetching!

This discussion has been inactive for longer than 30 days, and is thus closed.