OpenDNS Forums
The official support and discussion site of OpenDNS
Support
K-12 Forums
Categories
- Administrative
- Adult site blocking
- DNS-O-Matic / dynamic IPs
- Domain blocking
- Domain Name System (DNS) troubles
- Mobile instructions
- OpenDNS services
- Proxies, accelerators, and more
- Router instructions
- Satellite
- Shortcuts
- Wishlists and feature requests
-
Feeds
Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.
This discussion has been inactive for longer than 30 days, and is thus closed.
-
I've been using OpenDNS for more than 2 yrs now and everything was fine until recently when it stopped working entirely. The only thing I can relate is that my ISP DNS servers have been changed, but I don't even use them.
My configuration is 1 pc specific; that's I change the DNS servers of my Linux or Windows machine and check with http://www.opendns.com/welcome/
**Some notes
- The DNS's I use are 208.67.222.222 as 1ry, 208.67.220.220 as 2ry.
- Although all the sites resolve correctly I always get "the Oops" page meaning that there's somthing wrong with my configuration and no phishing sites get blocked even the internetbadguys.com test page.
- Tried different browsers and made sure that all are configured to follow system settings when connecting.
Any help? -
- CommentAuthormaintenance
- CommentTimeJul 20th 2012 edited
Maybe your ISP is redirecting DNS or using a proxy. Try
nslookup -type=txt debug.opendns.com.
nslookup -type=txt debug.opendns.com. 208.67.220.220
or
dig -t txt debug.opendns.com
dig -t txt debug.opendns.com @208.67.220.220
and post the outputs here.
____
edited to correct second dig command missing @ for specifying DNS server address.Thankful People: zelus -
- CommentAuthorRed Prince
- CommentTimeJul 20th 2012
“My configuration is 1 pc specific; that's I change the DNS servers of my Linux or Windows machine and check with http://www.opendns.com/welcome/”
That is wrong, as that address will always say you are using OpenDNS. Use http://welcome.opendns.com instead. That will redirect you to the above URL if you are using OpenDNS, and to a different one if are not.Thankful People: zelus, maintenance -
- CommentAuthormaintenance
- CommentTimeJul 20th 2012 edited
Nice. I dind't even notice that. edit: And I can't spell didn't. -
@maintenance Here is the output
nslookup -type=txt debug.opendns.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find debug.opendns.com: NXDOMAIN
_________
nslookup -type=txt debug.opendns.com. 208.67.220.220
Server: 208.67.220.220
Address: 208.67.220.220#53
** server can't find debug.opendns.com.: NXDOMAIN
_________
dig -t txt debug.opendns.com
; <<>> DiG 9.8.1-P1 <<>> -t txt debug.opendns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40958
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;debug.opendns.com. IN TXT
;; AUTHORITY SECTION:
opendns.com. 2418 IN SOA auth1.opendns.com. hostmaster.opendns.com. 1342822202 16384 2048 1048576 2560
;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul 22 04:48:25 2012
;; MSG SIZE rcvd: 88
_________
dig -t txt debug.opendns.com 208.67.220.220
; <<>> DiG 9.8.1-P1 <<>> -t txt debug.opendns.com 208.67.220.220
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10706
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;debug.opendns.com. IN TXT
;; AUTHORITY SECTION:
opendns.com. 2359 IN SOA auth1.opendns.com. hostmaster.opendns.com. 1342822202 16384 2048 1048576 2560
;; Query time: 10 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul 22 04:49:24 2012
;; MSG SIZE rcvd: 88
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55901
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;208.67.220.220. IN TXT
;; AUTHORITY SECTION:
. 4309 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2012072101 1800 900 604800 86400
;; Query time: 10 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul 22 04:49:24 2012
;; MSG SIZE rcvd: 107 -
- CommentAuthormaintenance
- CommentTimeJul 22nd 2012
"Server: 127.0.0.1"
So what information have you left out here about running a local DNS server on the machines or using DNSCrypt?
"nslookup -type=txt debug.opendns.com. 208.67.220.220
Server: 208.67.220.220
Address: 208.67.220.220#53
** server can't find debug.opendns.com.: NXDOMAIN"
Your ISP is lying to you. The query did not go to OpenDNS servers.
Note:
"nslookup -type=txt debug.opendns.com"
Use the trailing dot as specified and required by MS nslookup.
nslookup -type=txt debug.opendns.com.
Not important now, and you obviously have DNS suffixes disabled, but this is part of the normal instructions for nslookup.
"; <<>> DiG 9.8.1-P1 <<>> -t txt debug.opendns.com 208.67.220.220"
This also may not matter given your nslookup results, but I borked that one by omitting the "@" and not catching my typo.
dig -t txt debug.opendns.com @208.67.220.220 is the correct syntax.
I have amended my original.
Let us know what is up with 127.0.0.1, and you might want to ask your ISP or test for proxies. http://www.lagado.com/text/tools_b7f5.htm "Proxy test" and "Cache test". The second is a bit more work. -
@maintenance
**Let's start with the tests @Lagado.com
1- Proxy Test showed "This request appears NOT to have come via a proxy."
2- Cache Test showed the same result depending on the change on "page serial number" and a 1 second present as "page age" for the new page.
_________________________
**For the output of
dig -t txt debug.opendns.com @208.67.220.220
; <<>> DiG 9.8.1-P1 <<>> -t txt debug.opendns.com @208.67.220.220
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58624
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;debug.opendns.com. IN TXT
;; AUTHORITY SECTION:
opendns.com. 1707 IN SOA auth1.opendns.com. hostmaster.opendns.com. 1342822202 16384 2048 1048576 2560
;; Query time: 991 msec
;; SERVER: 208.67.220.220#53(208.67.220.220)
;; WHEN: Sun Jul 22 09:25:49 2012
;; MSG SIZE rcvd: 88
___________________________
**For your question "So what information have you left out here about running a local DNS server on the machines or using DNSCrypt?"
I don't think that I got exactly what you are asking about.
Still you do think that the problem is related to a hidden proxy by my ISP?
Is there any chance that OpenDNS has suspended its services to my region? I'm in Egypt -
- CommentAuthormaintenance
- CommentTimeJul 22nd 2012
Well, you aren't proxied, but your DNS is redirected. Even though the server addresses are returned as OpenDNS addresses, you are not getting a response from OpenDNS as evidenced by the lack of information returned for debug.opendns.com. Also, OpenDNS does not return NXDOMAIN by default, which would be further evidence. Being in Egypt or another internet-restrictive country makes this unsurprising. No, OpenDNS cannot suspend services anywhere.
"**For your question "So what information have you left out here about running a local DNS server on the machines or using DNSCrypt?"
I don't think that I got exactly what you are asking about."
Your DNS server address is 127.0.0.1, which is "home" - the local loopback interface. The only time you use this address anywhere is to send network traffic right back in to the IP stack on a machine - it never leaves. So there must be a DNS server of some type installed on this computer listening for traffic at 127.0.0.1. DNSCrypt does this, so I thought maybe you had installed it. Linux and BSD distros come with small DNS server implementations (frequently BIND, maybe TinyDNS & DNSCache)which can be installed or turned on (which is fine), and would also listen at 127.0.0.1. In which case you would have to configure the OpenDNS addresses in the forwarders of the DNS server. There certainly could be other possibilities.
Regardless as to what it is, you need to figure out why your local DNS is pointing to 127.0.0.1 and configure the server listening there, or change the DNS address (127.0.0.1) to those of OpenDNS, or to point to wherever you have the OpenDNS addresses configured. -
Most likely your ISP is hi-jacking your DNS lookups to redirect them to their own DNS service.
Try these:
nslookup -type=txt which.opendns.com. 208.67.220.220
nslookup -port=443 -type=txt which.opendns.com. 208.67.220.220
nslookup -port=5353 -type=txt which.opendns.com. 208.67.220.220 -
@maintenance
1- " Being in Egypt or another internet-restrictive country"
In Egypt, the internet content is not restricted as far as I have experienced. So, I think it's all related to my ISP that I need a workaround for the DNS redirects, especially that I tried with a different ISP and OpenDNS worked properly.
2- "DNSCrypt does this, so I thought maybe you had installed it"
I didn't install anything related to DNS configuration on my Linux machine and as I described in my 1st post the problem appears on Windows as well (a fresh install).
3- "you need to figure out why your local DNS is pointing to 127.0.0.1 and configure the server listening there, or change the DNS address (127.0.0.1) to those of OpenDNS"
That's exactly what I need you to help me with.
_______________________
@rotblitz
The outputs went as follows
1- nslookup -type=txt which.opendns.com. 208.67.220.220Server: 208.67.220.220
Address: 208.67.220.220#53
Non-authoritative answer:
which.opendns.com text = "I am not an OpenDNS resolver."
Authoritative answers can be found from:
2- nslookup -port=443 -type=txt which.opendns.com. 208.67.220.220
;; connection timed out; no servers could be reached
3- nslookup -port=5353 -type=txt which.opendns.com. 208.67.220.220
;; connection timed out; no servers could be reached -
"I am not an OpenDNS resolver."
Your DNS lookups are definitely redirected by your ISP to their own DNS resolvers. You are out of luck with this internet connection. DNSCrypt won't help either.
1 to 11 of 11
This discussion has been inactive for longer than 30 days, and is thus closed.