Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorbolee2
    • CommentTimeDec 29th 2012
     permalink
    I am trying to use OpenDns for parental control within my household.
    Our internet connection comes into a wireless router, which then beams it around the house.
    It is a TP-LINK wireless router Model No. TL-WR841N.
    I connected to the router and on the Network | WAN tab, I have set the primary DNS to 208.67.222.222 and the secondary DNS to 208.67.220.220 and have checked “Use These DNS Servers”.

    On the DHCP | DHCP Settings tab, I have set the primary DNS to 208.67.222.222 and the secondary DNS to 208.67.220.220

    I have rebooted the Wireless modem.

    I have rebooted my computer.

    I have set up an account with opendns.
    On my dashboard
    https://dashboard.opendns.com/settings/
    the network IP is the same as my current external IP (as reported by whatismyip.org and opendns.com)

    Yet, my filtering is not being recognised.
    Also, when I go to http://welcome.opendns.com/
    I get the OOPS message.

    When I run nslookup to find out what my DNS server ( 192.168.10.1 ) is, I see that my wireless router is acting as my DNS server:


    $ nslookup
    > www.google.com
    Server: 192.168.10.1
    Address: 192.168.10.1#53

    Non-authoritative answer:
    Name: www.google.com
    Address: 74.125.138.105


    I have been to
    http://forums.opendns.com/comments.php?DiscussionID=11313

    I have cleared the DNS cache on my computer.

    I use linux on my computer.
    I know a good bit about computer networking.
    I have sniffed DNS requests (using wireshark) and I see that the DNS requests/replies are going to/from my router 192.168.10.1.

    I have tried other devices, such as my smartphone, and the filtering is also not working on them.

    What can I be doing wrong?

    Also, is there any way that I can sniff connections out from my wireless router, so
    that I can chack if it is using the opendns ip addresses for DNs queries
  1.  permalink
    If you set internet DNS addresses in WAN, expect to see your router as the DNS server using nslookup.

    Is there a third or fourth field for DNS server IPs? Fill them all, using non-repeating OpenDNS addresses. 208.67.220.222 208.67.222.220

    post also the output of

    nslookup -type=txt debug.opendns.com. 208.67.220.220

    nslookup -type=txt debug.opendns.com.
    • CommentAuthorbolee2
    • CommentTimeDec 30th 2012
     permalink
    Thanks for your input.
    No, there is no third and fourth fields for more DNS servers.
    The following are the outputs you requested:

    $ nslookup -type=txt debug.opendns.com. 208.67.220.220
    Server: 208.67.220.220
    Address: 208.67.220.220#53

    ** server can't find debug.opendns.com.: NXDOMAIN



    $ nslookup -type=txt debug.opendns.com
    Server: 192.168.10.1
    Address: 192.168.10.1#53

    ** server can't find debug.opendns.com: NXDOMAIN


    As an aside, my wireless router gets its address from my ISP by DHCP and it is
    IP Address: 192.168.1.194
    Subnet Mask: 255.255.255.0
    Default Gateway: 192.168.1.1
    Its LAN address was also 192.168.1.1, but I had to change it to 192.168.10.1 to avoid conflicts.

    Now, after getting the outputs above,
    I also tried manually setting /etc/resolv.conf as below

    $ sudo cat /etc/resolv.conf
    nameserver 208.67.222.222
    nameserver 208.67.220.220

    (Obviously, this is not ideal, as I can't do this on my childrenn's phones for example)
    I sniffed using wireshark, and DNS queries are now going to 208.67.222.222
    However, my filering still seems not to be working.
    One of the sites I am filtering is ask.fm, and in my wireshark capture I see the
    DNS query for ask.fm going to 208.67.222.222 and the reply coming back (with 4 answers).
    And yes, my current IP address does match that on https://dashboard.opendns.com/settings/
    under "Your networks"


    Using these settings, the following is the output of the commands you gave me:

    $ nslookup -type=txt debug.opendns.com. 208.67.220.220
    Server: 208.67.220.220
    Address: 208.67.220.220#53

    ** server can't find debug.opendns.com.: NXDOMAIN

    $ nslookup -type=txt debug.opendns.com
    Server: 208.67.222.222
    Address: 208.67.222.222#53

    ** server can't find debug.opendns.com: NXDOMAIN



    I hope there is an obvious solution.
  2.  permalink
    Solution is obvious, but not good: ask your ISP to stop redirecting your DNS, or change ISP.

    More challenging: Search this forum for "Delegate" post comments by rotblitz.
    • CommentAuthorbolee2
    • CommentTimeJan 1st 2013
     permalink
    Thanks Maintenance.
    I've emailed my ISP re redirecting DNS requests.
    I probably won't get a reply until Wednesday.

    Three quick questions:
    1) Why would an ISP be redirecting DNS requests?
    2) Would that still show replies coming from 208.67.222.222?
    3) How can you see that they are being redirected from the output of the commands?

    I've looked into "delegate".
    Am I right in assuming that it will only work for the device that you install delegate on?
    If it would work for all devices in the household, including smartphones,
    it would be worrth trying.
  3.  permalink
    1) Why would an ISP be redirecting DNS requests?

    Because they want to. Either because they serve search pages with ads for non-existent domains, or because they think that controlling this leads to less support issues, like so many companies who limit choice.

    2) Would that still show replies coming from 208.67.222.222?

    It could, but not necessarily. In you case, it did.

    3) How can you see that they are being redirected from the output of the commands?

    $ nslookup -type=txt debug.opendns.com. 208.67.220.220
    Server: 208.67.220.220
    Address: 208.67.220.220#53

    ** server can't find debug.opendns.com.: NXDOMAIN

    OpenDNS can always find debug.opendns.com, and the server responding here cannot. We forced the use of an OpenDNS server by appending its address in the command in case the issue was in your network. This did not work, so the issue is with the ISP. Further, OpenDNS never returns NXDOMAIN by default, but a valid IP which gets you a Guide page.
    • CommentAuthorbolee2
    • CommentTimeJan 3rd 2013
     permalink
    My ISP just emailed me saying
    "This will be implemented on our firewall within 48 hours"
    So hopefully things will work then.


    With Respect to "delegate" -
    would I be correct in assuming that it would work on one device only - the device on which it is installed?
  4.  permalink
    "With Respect to "delegate" -
    would I be correct in assuming that it would work on one device only - the device on which it is installed? "

    Of course, yes. And it only runs on general-purpose operating systems. Further, you'd have to see if it is of use in your case (e.g., send lokkups out over port 5353, which OpenDNS recognizes).

    Easier, I think, would be to try DNSCrypt. The ISP wouldn't see this as DNS traffic. In your case, you are still stuck with this on individual devices, but won't require much configuration (if any).
    https://www.opendns.com/technology/dnscrypt/
    (Best to use the plain command line executable, the GUI extensions are extra unnecessary problems. Although the OS X GUI version is reportedly better and has extras.)
    https://github.com/opendns/dnscrypt-proxy/downloads
    http://dnscrypt.org/


    Of course, since the ISP is "fixing" the issue, you probably don't really want to bother.

    P.S., Sorry about the brevity of my second response, I was called away at the time.
    • CommentAuthorbolee2
    • CommentTimeJan 4th 2013
     permalink
    SOLVED !!

    Glad to report that OpenDns is now working for me, since my ISP tweaked their firewall.

    Thanks for your help maintenance
    Thankful People: zelus, maintenance
  5.  permalink
    Hooray for you, and for responsive ISPs!

This discussion has been inactive for longer than 30 days, and is thus closed.