Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorjjs
    • CommentTimeJul 9th 2012
     permalink
    For a friend, I've set up FamilyShield for DNS on his Belkin router, flushed the Windows Vista PC caches and rebooted both the router and PC, but it is still not working.

    For a test, I use www.YouPorn.com, which is normally blocked by FamilyShield, but is NOT blocked on the Vista machine.

    Please advise.
  1.  permalink
    Are there DNS IPs other than the router LAN IP in the Vista network settings? Remove them.

    Can you use OpenDNS at all?
    nslookup -type=txt debug.opendns.com. 208.67.220.220
    • CommentAuthorjjs
    • CommentTimeJul 12th 2012
     permalink
    Yes. Here is the response:

    debug.opendns.com text =

    "server 1.lax"
    debug.opendns.com text =

    "flags 20 0 2f4 0"
    debug.opendns.com text =

    "id 0"
    debug.opendns.com text =

    "source 199.59.233.190:56514"
  2.  permalink
    Well, we now know that you can use OpenDNS, but we don't know the answer to the first question yet.

    ipconfig /all

    nslookup opendns.com.

    And if there is a proxy in use, or a browser with a proxy (like Opera with Turbo Mode engaged), the machine will not use OpenDNS, at least in the browser.
    • CommentAuthorrotblitz
    • CommentTimeJul 13th 2012
     permalink
    Try this:
    nslookup -type=txt debug.opendns.com.

    And we would need to see the complete output, also the part about the server being used.
    • CommentAuthorjjs
    • CommentTimeJul 20th 2012
     permalink
    Here are the IPCONFIG/ALL results:


    Windows IP Configuration

    Host Name . . . . . . . . . . . . : pagold-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : Belkin

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : Belkin
    Description . . . . . . . . . . . : Intel(R) 82566DC-2 Gigabit Network Connection
    Physical Address. . . . . . . . . : 00-1D-60-71-AF-95
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::5dd9:1d95:6885:80bb%68(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Friday, July 20, 2012 11:05:06 AM
    Lease Expires . . . . . . . . . . : Monday, August 26, 2148 5:36:08 PM
    Default Gateway . . . . . . . . . : 192.168.2.1
    DHCP Server . . . . . . . . . . . : 192.168.2.1
    DHCPv6 IAID . . . . . . . . . . . : 1174412640
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-7F-C5-E5-00-1D-60-71-AF-95
    DNS Servers . . . . . . . . . . . : 192.168.2.1
    NetBIOS over Tcpip. . . . . . . . : Enabled




    IN ADDITION, THERE ARE ABOUT 40+ ENTRIES FOR "TUNNEL ADAPTER"; THEY WON'T ALL FIT, SO HERE ARE THE FIRST THREE:

    Tunnel adapter Local Area Connection* 6:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{A014C691-CE53-4D04-A2F9-30802C6AA25A}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 7:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    • CommentAuthorjjs
    • CommentTimeJul 20th 2012
     permalink
    Here are the "nslookup" results:

    Server:
    Address: 192.168.2.1

    debug.opendns.com text =

    "server 1.lax"
    debug.opendns.com text =

    "flags 20 0 2f4 0"
    debug.opendns.com text =

    "id 0"
    debug.opendns.com text =

    "source 199.59.233.190:32768"
  3.  permalink
    Tunnel adapters: Largely irrelevant unless you are using IPv6 (which requires 6 to 4 tunnels on the still IPv4 internet. Although seeing as there are so many, I have to ask if this is a laptop that moves around networks and the user likes to use IPv6 for whatever reason. Either that, or someone recreated the local area connections a million times at some point.

    If the Belkin's IP address is 192.168.2.1, and the FS addresses (and no others, but with every DNS address field filled) are in the WAN forwarders of the Belkin router, I can't see what's wrong there.

    Except if IPv6 is in use, in which case you may have to make sure IPv6 settings contain no other DNS addresses. Try disabling IPv6 and see what happens. There is little point in using it anyway. If everything works with this disabled, you know where to look. (No, there are no IPv6 DNS addresses for FS or regular OpenDNS with filtering).

    No proxy or VPN can be in use, unless you are certain that the FS addresses are used for DNS at the other end. Browsers like Opera with Turbo Mode engaged use Opera caching proxy servers.
    • CommentAuthorjjs
    • CommentTimeJul 22nd 2012
     permalink
    OK, I used the MicroSoft FIXIT at http://support.microsoft.com/kb/929852 to disable IPv6 (the first button).

    No difference. Here are the ipconfig /all results:


    Windows IP Configuration

    Host Name . . . . . . . . . . . . : pagold-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : Belkin

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : Belkin
    Description . . . . . . . . . . . : Intel(R) 82566DC-2 Gigabit Network Connection
    Physical Address. . . . . . . . . : 00-1D-60-71-AF-95
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Saturday, July 21, 2012 6:45:53 PM
    Lease Expires . . . . . . . . . . : Wednesday, August 28, 2148 1:21:53 AM
    Default Gateway . . . . . . . . . : 192.168.2.1
    DHCP Server . . . . . . . . . . . : 192.168.2.1
    DNS Servers . . . . . . . . . . . : 192.168.2.1
    NetBIOS over Tcpip. . . . . . . . : Enabled


    Any ideas?


    --Johnathan
  4.  permalink
    Aside from making certain of the settings on the Belkin as I previously described, I can only suspect a transparent proxy, or other wise installed software/browser add-ons/configured proxies in the browser. I can't find any of those things for you.

    Use both proxy tests here:
    http://www.lagado.com/text/tools_b7f5.htm "Proxy test" and "Cache test". The second is a bit more work. Otherwise, you would ask the ISP and hope for an accurate answer from their support people. (What is the ISP?)

    OK, or maybe the router is trash. Have you tried configuring the DNS addresses in the Vista network settings? Could be a memory issue as well. Power off the router for five minutes (or until you are sure any capacitors have fully discharged) and reboot it.
    • CommentAuthorrotblitz
    • CommentTimeJul 22nd 2012
     permalink
    Copy & paste also the complete output of (exactly as you see):
    nslookup www.exampleadultsite.com.
    • CommentAuthorjjs
    • CommentTimeJul 23rd 2012
     permalink
    NSLOOKUP results on the problem computer (WinVista):

    C:\Users\pagold>nslookup www.youporn.com
    Server:
    Address: 192.168.2.1

    Non-authoritative answer:
    Name: www.youporn.com.Belkin
    Address: 67.215.65.132


    C:\Users\pagold>




    NSLOOKUP results on MY computer (WinXP):

    C:\Documents and Settings\Administrator>nslookup www.youporn.com
    Server: resolver1-fs.opendns.com
    Address: 208.67.222.123

    Non-authoritative answer:
    Name: www.youporn.com
    Address: 67.215.65.130


    C:\Documents and Settings\Administrator>
    • CommentAuthorjjs
    • CommentTimeJul 23rd 2012
     permalink
    LAGADO Proxy Test:

    Proxy Test

    This request appears NOT to have come via a proxy.

    The request appears to have originated from ip address 199.59.233.190



    The Lagado Proxy Test shows details of any proxy servers you are using. It is especially useful to expose transparent proxies. These are proxies inserted between your browser and the web, typically by your ISP, and often without you knowing.

    Sometimes a proxy will be deliberately hidden so it won't be exposed by this test. In this case you can use the Cache Test to expose stealthed transparent proxy caches.


    The Raw Details

    Here are the raw details of the request received by this server.

    Remote IP Address 199.59.233.190

    Request Protocol HTTP/1.1 Method GET
    Request Headers
    Host www.lagado.com
    User-Agent Mozilla/5.0 (Windows NT 6.0; rv:14.0) Gecko/20100101 Firefox/14.0.1
    Accept text/html,​application/xhtml+xml,​application/xml;q=0.9,​*/*;q=0.8
    Accept-Language en-us,en;q=0.5
    Accept-Encoding gzip, deflate
    DNT 1
    Connection keep-alive
    Referer http://www.lagado.com/text/tools_b7f5.htm

    This Server Host www.lagado.com IP Address 210.50.6.232

    Date: Tuesday 24 Jul 2012 2:44:26 GMT+1000

    Please Note: The conclusion that the request did not come via a proxy is based on the absense of the Via, Forwarded, X-Forwarded-For and Client-ip headers. It is still possible that a proxy is handling the request without announcing itself in the recommended way. (see rfc2616 & draft-ietf-http-v10-spec-01 & Squid Configuration Guide & Squid Release Notes 1.1)
    • CommentAuthorjjs
    • CommentTimeJul 23rd 2012
     permalink
    LAGATO Cache Test.

    No problem on serial number or page age.
    • CommentAuthorrotblitz
    • CommentTimeJul 23rd 2012 edited
     permalink
    I said "exactly as you see", and you saw:
    nslookup www.exampleadultsite.com.
    What's so difficult to just type this combination of characters? Including the trailing dot and everything?

    Not sure why you post things from another computer (WinXP).
    • CommentAuthorjjs
    • CommentTimeJul 23rd 2012
     permalink
    PROBLEM SOLVED!

    Turns out an operator headspace adjustment was needed. I put in the OpenDNS address .222 and .220), instead of the FamilyShield address (both .123).

    Sorry to have wasted your time.


    --Johnathan

    P.S. I was posting from another computer, as I was assisting someone remotely.
    Thankful People: maintenance

This discussion has been inactive for longer than 30 days, and is thus closed.