Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

    • CommentAuthorlexein
    • CommentTimeApr 19th 2009 edited
     permalink
    To help diagnose issues or to show warnings on your network, OpenDNS owns, operates, and uses the following:

    http://welcome.opendns.com - produces either
       (o) www.opendns.com/welcome/ or
       (i) www.opendns.com/welcome/oops/
       (Indicates whether or not you are using OpenDNS right now.)

    https://dashboard.opendns.com/ - Displays Dashboard news and Malware/Botnet warnings:
        (o,i) Malware/Botnet status: OpenDNS has detected no [or some] evidence of malicious activity on your network... (when logged in).

    http://internetbadguys.com/ - produces either
       (o) phish.opendns.com/?url=www.internetbadguys.com = BLOCKED or
       (i) internetbadguys.com = "only a demonstration site"

    http://www.exampleadultsite.com/ - produces either
       (o) blocked-website.opendns.com/?url=... = BLOCKED (if Nudity or pornography filtering is enabled)
       (i) exampleadultsite.com = "only a demonstration site"

    http://www.opendns.com/about/share/ - produces either
       (o) The Live Preview buttons: "You're using OpenDNS - Sweet!"
       (i) The Live Preview buttons: "OpenDNS - Get Started"

    http://domain.opendns.com - Takes you to the Community Domain Tagging voting page
       http://www.opendns.com/community/domaintagging/
    http://domain.opendns.com/anydomain.net produces:
       http://domain.opendns.com/anydomain.net = individual tagging and voting page.
       (domain's existence not checked)

    http://system.opendns.com/ - OpenDNS System Status Page - what's working.
    http://208.69.38.170 - Reach System Status even if DNS services are not working.

    http://www.phishtank.com/ - Nominate, vote, or check URLs for phishing status.
    • CommentAuthorrotblitz
    • CommentTimeMay 3rd 2009 edited
     permalink
    How does that work with OpenDNS, site unavailable or blocked?

    Example for phishing:
    Let's say you want to visit http://www.internetbadguys.com/
    Your browser sends out a DNS lookup for www.internetbadguys.com
    OpenDNS responds as follows:
    Name: www.internetbadguys.com
    Address: 67.215.65.133
    The response pretends to be www.internetbadguys.com, but in fact it isn't. The real address would have been 208.67.219.99.
    But OpenDNS was looking into its database and found www.internetbadguys.com to be a phishing site, so it "faked" or "poisened" this response.
    If you do a reverse lookup for 67.215.65.133, you see what it really is:
    Name: hit-phish.opendns.com
    Address: 67.215.65.133
    Ha, and here you go: your browser now calls 67.215.65.133 in the "believe" to go to www.internetbadguys.com, but in fact reaches hit-phish.opendns.com, which again redirects the browser to
    http://phish.opendns.com/?url=www.internetbadguys.com
    also knowing what site you wanted to visit in the first place.

    Another example for individual domain blocking:
    Let's say you have example.com blocked in your "always block" list and want to visit it.
    Your browser sends out a DNS lookup for example.com. The OpenDNS response:
    Name: example.com
    Address: 67.215.65.131
    Again a "poisoned" response, because if you do a reverse lookup on 67.215.65.131:
    Name: hit-block.opendns.com
    Address: 67.215.65.131
    The "true" response would have delivered 208.77.188.166 as IP address.
    So your browser is going to 67.215.65.131 in the "believe" it is example.com, and hit-block.opendns.com redirects you to
    http://block.opendns.com/?url=example.com
    again knowing that your original desire was to visit example.com.

    And here an example for category blocking:
    You want to visit gambling.com, but have category "Gambling" blocked.
    Your browser raises a lookup for gambling.com. The OpenDNS response:
    Name: gambling.com
    Address: 67.215.65.130
    Again this is a "faked" response, because a reverse lookup shows:
    Name: hit-adult.opendns.com
    Address: 67.215.65.130
    The real address would be 85.133.46.252.
    Your browser now calls hit-adult.opendns.com "thinking" it is gambling.com.
    And OpenDNS redirects you to
    http://block.opendns.com/?url=726678677774797215688078&ablock
    In this case they "encrypt" the domain name.

    All of these previous mechanisms don't take place for a domain, which you added to your whitelist ("never block" section).

    And now an example for a non-existent domain pupulaladidi.org:
    OpenDNS responds to your related DNS lookup:
    Name: pupulaladidi.org
    Address: 67.215.65.132
    which is in fact (with reverse lookup):
    Name: hit-nxdomain.opendns.com
    Address: 67.215.65.132
    Another DNS service would return NXDOMAIN in this case, not so OpenDNS.
    And your browser goes to hit-nxdomain.opendns.com as if it would be pupulaladidi.org.
    OpenDNS then redirects you to
    http://guide.opendns.com/?url=pupulaladidi.org

    Now, what's going on with http://welcome.opendns.com/ ?
    If you are using OpenDNS DNS servers, the DNS lookup response is:
    Name: www.opendns.com
    Address: 208.67.219.101
    Aliases: welcome.opendns.com
    whereas, if you are not using the OpenDNS servers, then the response is:
    Name: www.opendns.com
    Address: 208.67.219.99
    Aliases: welcome.opendns.com
    So, in fact, your browser will go to different sites, depending on whether or not you are using OpenDNS. And accordingly, when you reach the site, they redirect you to
    either: http://www.opendns.com/welcome/ or: http://www.opendns.com/welcome/oops