OpenDNS Forums
The official support and discussion site of OpenDNS
Support
K-12 Forums
Categories
- Administrative
- Adult site blocking
- DNS-O-Matic / dynamic IPs
- Domain blocking
- Domain Name System (DNS) troubles
- Mobile instructions
- OpenDNS services
- Proxies, accelerators, and more
- Router instructions
- Satellite
- Shortcuts
- Wishlists and feature requests
-
Feeds
Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.
Administrative: [Sticky, Closed] Canonical List of OpenDNS Diagnostic URLs & Info.
Bottom of Page1 to 2 of 2
-
To help diagnose issues or to show warnings on your network, OpenDNS owns, operates, and uses the following:
http://welcome.opendns.com - produces either
(o) www.opendns.com/welcome/ or
(i) www.opendns.com/welcome/oops/
(Indicates whether or not you are using OpenDNS right now.)
https://dashboard.opendns.com/ - Displays Dashboard news and Malware/Botnet warnings:
(o,i) Malware/Botnet status: OpenDNS has detected no [or some] evidence of malicious activity on your network... (when logged in).
http://internetbadguys.com/ - produces either
(o) phish.opendns.com/?url=www.internetbadguys.com = BLOCKED or
(i) internetbadguys.com = "only a demonstration site"
http://www.exampleadultsite.com/ - produces either
(o) blocked-website.opendns.com/?url=... = BLOCKED (if Nudity or pornography filtering is enabled)
(i) exampleadultsite.com = "only a demonstration site"
http://www.opendns.com/about/share/ - produces either
(o) The Live Preview buttons: "You're using OpenDNS - Sweet!"
(i) The Live Preview buttons: "OpenDNS - Get Started"
http://domain.opendns.com - Takes you to the Community Domain Tagging voting page
http://www.opendns.com/community/domaintagging/
http://domain.opendns.com/anydomain.net produces:
http://domain.opendns.com/anydomain.net = individual tagging and voting page.
(domain's existence not checked)
http://system.opendns.com/ - OpenDNS System Status Page - what's working.
http://208.69.38.170 - Reach System Status even if DNS services are not working.
http://www.phishtank.com/ - Nominate, vote, or check URLs for phishing status. -
How does that work with OpenDNS, site unavailable or blocked?
Example for phishing:
Let's say you want to visit http://www.internetbadguys.com/
Your browser sends out a DNS lookup for www.internetbadguys.com
OpenDNS responds as follows:
Name: www.internetbadguys.com
Address: 67.215.65.133
The response pretends to be www.internetbadguys.com, but in fact it isn't. The real address would have been 208.67.219.99.
But OpenDNS was looking into its database and found www.internetbadguys.com to be a phishing site, so it "faked" or "poisened" this response.
If you do a reverse lookup for 67.215.65.133, you see what it really is:
Name: hit-phish.opendns.com
Address: 67.215.65.133
Ha, and here you go: your browser now calls 67.215.65.133 in the "believe" to go to www.internetbadguys.com, but in fact reaches hit-phish.opendns.com, which again redirects the browser to
http://phish.opendns.com/?url=www.internetbadguys.com
also knowing what site you wanted to visit in the first place.
Another example for individual domain blocking:
Let's say you have example.com blocked in your "always block" list and want to visit it.
Your browser sends out a DNS lookup for example.com. The OpenDNS response:
Name: example.com
Address: 67.215.65.131
Again a "poisoned" response, because if you do a reverse lookup on 67.215.65.131:
Name: hit-block.opendns.com
Address: 67.215.65.131
The "true" response would have delivered 208.77.188.166 as IP address.
So your browser is going to 67.215.65.131 in the "believe" it is example.com, and hit-block.opendns.com redirects you to
http://block.opendns.com/?url=example.com
again knowing that your original desire was to visit example.com.
And here an example for category blocking:
You want to visit gambling.com, but have category "Gambling" blocked.
Your browser raises a lookup for gambling.com. The OpenDNS response:
Name: gambling.com
Address: 67.215.65.130
Again this is a "faked" response, because a reverse lookup shows:
Name: hit-adult.opendns.com
Address: 67.215.65.130
The real address would be 85.133.46.252.
Your browser now calls hit-adult.opendns.com "thinking" it is gambling.com.
And OpenDNS redirects you to
http://block.opendns.com/?url=726678677774797215688078&ablock
In this case they "encrypt" the domain name.
All of these previous mechanisms don't take place for a domain, which you added to your whitelist ("never block" section).
And now an example for a non-existent domain pupulaladidi.org:
OpenDNS responds to your related DNS lookup:
Name: pupulaladidi.org
Address: 67.215.65.132
which is in fact (with reverse lookup):
Name: hit-nxdomain.opendns.com
Address: 67.215.65.132
Another DNS service would return NXDOMAIN in this case, not so OpenDNS.
And your browser goes to hit-nxdomain.opendns.com as if it would be pupulaladidi.org.
OpenDNS then redirects you to
http://guide.opendns.com/?url=pupulaladidi.org
Now, what's going on with http://welcome.opendns.com/ ?
If you are using OpenDNS DNS servers, the DNS lookup response is:
Name: www.opendns.com
Address: 208.67.219.101
Aliases: welcome.opendns.com
whereas, if you are not using the OpenDNS servers, then the response is:
Name: www.opendns.com
Address: 208.67.219.99
Aliases: welcome.opendns.com
So, in fact, your browser will go to different sites, depending on whether or not you are using OpenDNS. And accordingly, when you reach the site, they redirect you to
either: http://www.opendns.com/welcome/ or: http://www.opendns.com/welcome/oops
1 to 2 of 2