Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorpsuedo885
    • CommentTimeJul 20th 2012
     permalink
    I've been using OpenDNS for more than 2 yrs now and everything was fine until recently when it stopped working entirely. The only thing I can relate is that my ISP DNS servers have been changed, but I don't even use them.
    My configuration is 1 pc specific; that's I change the DNS servers of my Linux or Windows machine and check with http://www.opendns.com/welcome/
    **Some notes
    - The DNS's I use are 208.67.222.222 as 1ry, 208.67.220.220 as 2ry.
    - Although all the sites resolve correctly I always get "the Oops" page meaning that there's somthing wrong with my configuration and no phishing sites get blocked even the internetbadguys.com test page.
    - Tried different browsers and made sure that all are configured to follow system settings when connecting.

    Any help?
    • CommentAuthormaintenance
    • CommentTimeJul 20th 2012 edited
     permalink
    Maybe your ISP is redirecting DNS or using a proxy. Try

    nslookup -type=txt debug.opendns.com.
    nslookup -type=txt debug.opendns.com. 208.67.220.220

    or

    dig -t txt debug.opendns.com
    dig -t txt debug.opendns.com @208.67.220.220

    and post the outputs here.
    ____
    edited to correct second dig command missing @ for specifying DNS server address.
    Thankful People: zelus
    • CommentAuthorRed Prince
    • CommentTimeJul 20th 2012
     permalink
    “My configuration is 1 pc specific; that's I change the DNS servers of my Linux or Windows machine and check with http://www.opendns.com/welcome/

    That is wrong, as that address will always say you are using OpenDNS. Use http://welcome.opendns.com instead. That will redirect you to the above URL if you are using OpenDNS, and to a different one if are not.
    Thankful People: zelus, maintenance
    • CommentAuthormaintenance
    • CommentTimeJul 20th 2012 edited
     permalink
    Nice. I dind't even notice that. edit: And I can't spell didn't.
    • CommentAuthorpsuedo885
    • CommentTimeJul 22nd 2012
     permalink
    @maintenance Here is the output
    nslookup -type=txt debug.opendns.com
    Server: 127.0.0.1
    Address: 127.0.0.1#53

    ** server can't find debug.opendns.com: NXDOMAIN
    _________
    nslookup -type=txt debug.opendns.com. 208.67.220.220
    Server: 208.67.220.220
    Address: 208.67.220.220#53

    ** server can't find debug.opendns.com.: NXDOMAIN
    _________
    dig -t txt debug.opendns.com

    ; <<>> DiG 9.8.1-P1 <<>> -t txt debug.opendns.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40958
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;debug.opendns.com. IN TXT

    ;; AUTHORITY SECTION:
    opendns.com. 2418 IN SOA auth1.opendns.com. hostmaster.opendns.com. 1342822202 16384 2048 1048576 2560

    ;; Query time: 12 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sun Jul 22 04:48:25 2012
    ;; MSG SIZE rcvd: 88
    _________
    dig -t txt debug.opendns.com 208.67.220.220

    ; <<>> DiG 9.8.1-P1 <<>> -t txt debug.opendns.com 208.67.220.220
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10706
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;debug.opendns.com. IN TXT

    ;; AUTHORITY SECTION:
    opendns.com. 2359 IN SOA auth1.opendns.com. hostmaster.opendns.com. 1342822202 16384 2048 1048576 2560

    ;; Query time: 10 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sun Jul 22 04:49:24 2012
    ;; MSG SIZE rcvd: 88

    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55901
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;208.67.220.220. IN TXT

    ;; AUTHORITY SECTION:
    . 4309 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2012072101 1800 900 604800 86400

    ;; Query time: 10 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sun Jul 22 04:49:24 2012
    ;; MSG SIZE rcvd: 107
  1.  permalink
    "Server: 127.0.0.1"

    So what information have you left out here about running a local DNS server on the machines or using DNSCrypt?

    "nslookup -type=txt debug.opendns.com. 208.67.220.220
    Server: 208.67.220.220
    Address: 208.67.220.220#53

    ** server can't find debug.opendns.com.: NXDOMAIN"

    Your ISP is lying to you. The query did not go to OpenDNS servers.

    Note:
    "nslookup -type=txt debug.opendns.com"
    Use the trailing dot as specified and required by MS nslookup.
    nslookup -type=txt debug.opendns.com.
    Not important now, and you obviously have DNS suffixes disabled, but this is part of the normal instructions for nslookup.

    "; <<>> DiG 9.8.1-P1 <<>> -t txt debug.opendns.com 208.67.220.220"

    This also may not matter given your nslookup results, but I borked that one by omitting the "@" and not catching my typo.
    dig -t txt debug.opendns.com @208.67.220.220 is the correct syntax.
    I have amended my original.

    Let us know what is up with 127.0.0.1, and you might want to ask your ISP or test for proxies. http://www.lagado.com/text/tools_b7f5.htm "Proxy test" and "Cache test". The second is a bit more work.
    • CommentAuthorpsuedo885
    • CommentTimeJul 22nd 2012 edited
     permalink
    @maintenance
    **Let's start with the tests @Lagado.com
    1- Proxy Test showed "This request appears NOT to have come via a proxy."
    2- Cache Test showed the same result depending on the change on "page serial number" and a 1 second present as "page age" for the new page.
    _________________________
    **For the output of
    dig -t txt debug.opendns.com @208.67.220.220

    ; <<>> DiG 9.8.1-P1 <<>> -t txt debug.opendns.com @208.67.220.220
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58624
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;debug.opendns.com. IN TXT

    ;; AUTHORITY SECTION:
    opendns.com. 1707 IN SOA auth1.opendns.com. hostmaster.opendns.com. 1342822202 16384 2048 1048576 2560

    ;; Query time: 991 msec
    ;; SERVER: 208.67.220.220#53(208.67.220.220)
    ;; WHEN: Sun Jul 22 09:25:49 2012
    ;; MSG SIZE rcvd: 88
    ___________________________
    **For your question "So what information have you left out here about running a local DNS server on the machines or using DNSCrypt?"
    I don't think that I got exactly what you are asking about.

    Still you do think that the problem is related to a hidden proxy by my ISP?
    Is there any chance that OpenDNS has suspended its services to my region? I'm in Egypt
  2.  permalink
    Well, you aren't proxied, but your DNS is redirected. Even though the server addresses are returned as OpenDNS addresses, you are not getting a response from OpenDNS as evidenced by the lack of information returned for debug.opendns.com. Also, OpenDNS does not return NXDOMAIN by default, which would be further evidence. Being in Egypt or another internet-restrictive country makes this unsurprising. No, OpenDNS cannot suspend services anywhere.

    "**For your question "So what information have you left out here about running a local DNS server on the machines or using DNSCrypt?"
    I don't think that I got exactly what you are asking about."

    Your DNS server address is 127.0.0.1, which is "home" - the local loopback interface. The only time you use this address anywhere is to send network traffic right back in to the IP stack on a machine - it never leaves. So there must be a DNS server of some type installed on this computer listening for traffic at 127.0.0.1. DNSCrypt does this, so I thought maybe you had installed it. Linux and BSD distros come with small DNS server implementations (frequently BIND, maybe TinyDNS & DNSCache)which can be installed or turned on (which is fine), and would also listen at 127.0.0.1. In which case you would have to configure the OpenDNS addresses in the forwarders of the DNS server. There certainly could be other possibilities.

    Regardless as to what it is, you need to figure out why your local DNS is pointing to 127.0.0.1 and configure the server listening there, or change the DNS address (127.0.0.1) to those of OpenDNS, or to point to wherever you have the OpenDNS addresses configured.
    • CommentAuthorrotblitz
    • CommentTimeJul 22nd 2012
     permalink
    Most likely your ISP is hi-jacking your DNS lookups to redirect them to their own DNS service.

    Try these:
    nslookup -type=txt which.opendns.com. 208.67.220.220
    nslookup -port=443 -type=txt which.opendns.com. 208.67.220.220
    nslookup -port=5353 -type=txt which.opendns.com. 208.67.220.220
    • CommentAuthorpsuedo885
    • CommentTimeJul 26th 2012
     permalink
    @maintenance
    1- " Being in Egypt or another internet-restrictive country"
    In Egypt, the internet content is not restricted as far as I have experienced. So, I think it's all related to my ISP that I need a workaround for the DNS redirects, especially that I tried with a different ISP and OpenDNS worked properly.
    2- "DNSCrypt does this, so I thought maybe you had installed it"
    I didn't install anything related to DNS configuration on my Linux machine and as I described in my 1st post the problem appears on Windows as well (a fresh install).
    3- "you need to figure out why your local DNS is pointing to 127.0.0.1 and configure the server listening there, or change the DNS address (127.0.0.1) to those of OpenDNS"
    That's exactly what I need you to help me with.
    _______________________
    @rotblitz
    The outputs went as follows
    1- nslookup -type=txt which.opendns.com. 208.67.220.220Server: 208.67.220.220
    Address: 208.67.220.220#53

    Non-authoritative answer:
    which.opendns.com text = "I am not an OpenDNS resolver."

    Authoritative answers can be found from:

    2- nslookup -port=443 -type=txt which.opendns.com. 208.67.220.220
    ;; connection timed out; no servers could be reached

    3- nslookup -port=5353 -type=txt which.opendns.com. 208.67.220.220
    ;; connection timed out; no servers could be reached
    • CommentAuthorrotblitz
    • CommentTimeJul 26th 2012
     permalink
    "I am not an OpenDNS resolver."

    Your DNS lookups are definitely redirected by your ISP to their own DNS resolvers. You are out of luck with this internet connection. DNSCrypt won't help either.

This discussion has been inactive for longer than 30 days, and is thus closed.