Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorkanbun
    • CommentTimeApr 17th 2011
     permalink
    I want to block xbox live on my network. My son is using the game connecting an xbox 360 through his Macbook. I tried just blocking the live.com and xbox.com domains to no effect.

    Any suggestions?
    • CommentAuthorrotblitz
    • CommentTimeApr 17th 2011
     permalink
    Ensure that the XBox and the Macbook use OpenDNS at all. No OpenDNS - no blocking.

    Then visit your Top Domains stats to identify related domains to add these to your "always block" list.
    • CommentAuthorkanbun
    • CommentTimeApr 17th 2011
     permalink
    Sorry. I'm not clear on what you're suggesting. The xbox 360 is connected directly to my son's mac. He does not have an xbox wireless adapter. I cannot ID the 360 on the network at all. Looks like you are suggesting how to find the domain the 360 is using, but not sure how to find "Top Domain" stats.
    • CommentAuthorrotblitz
    • CommentTimeApr 17th 2011
     permalink
    As I understand now, the XBox is connected as follows:

    Xbox --- Macbook --- Router --- Internet

    Again, you must ensure that the devices accessing the internet, in this case the Macbook, are using OpenDNS for their DNS lookups, else you cannot block anything via OpenDNS.

    In case you have configured the OpenDNS server addresses on the router, then the Macbook should be covered, same as any other device connected to the router.

    Your Top Domains stats are found here:
    https://www.opendns.com/dashboard/stats/all/topdomains/2011-04-04to2011-04-18
    • CommentAuthorkanbun
    • CommentTimeApr 17th 2011
     permalink
    Correct, that's how it's connected. The router is set to OpenDNS server addresses and blocking works on the network. So far, every domain I've tried to block works. When I entered the live.com and xbox.com I assumed that one of those was the access for the xbox (through the mac) for xbox live. But alas, it did not block the gaming.

    I have only just in the last several minutes enabled stats, so I don't have any info yet that might point to the correct domain or url that the 360 is using.

    Assuming the domain or url will eventually show up in stats, am I on the right track?

    Thanks.
    • CommentAuthorrotblitz
    • CommentTimeApr 17th 2011
     permalink
    Yep, you got it! That's the way to go. Alternatively search the internet to eventually find a source where they document what domains are needed for the Xbox to operate online.

    "...that might point to the correct domain or url that the 360 is using. Assuming the domain or url..."

    Domains only. URLs are totally irrelevant for any DNS service, so for OpenDNS.

    Also, stats are not real-time. You may have to wait up to 24 hours to see them.
    • CommentAuthorkanbun
    • CommentTimeApr 17th 2011
     permalink
    I've already searched trying to find the domains and have had no luck. That's why I just guessed that it was either live.com or xbox.com. Most of what I find with internet searches is blocking ports on the router, which I really don't want to fool with.

    I'm in no hurry, just want to be able to get there.

    Thanks for your help. I will stay at it and hopefully find what I need.
  1.  permalink
    Have a look in the xbox and ensure that no public DNS addresses are configured there.
    • CommentAuthorkanbun
    • CommentTimeApr 18th 2011
     permalink
    Looking at stats I have been unable to identify any that look like they are the xbox domain.
    • CommentAuthoropendnsjp
    • CommentTimeApr 18th 2011
     permalink
    Just because the Macbook is using OpenDNS does not mean the Xbox is configured to use OpenDNS.

    Because there's nothing to prevent him from changing the Xbox IP config back to something besides OpenDNS, you'll need to block TCP/UDP port 53 outbound to anything, except to the OpenDNS IP's

    In OpenDNS you need to block both:
    xbox.com
    xboxlive.com
    • CommentAuthorkanbun
    • CommentTimeApr 18th 2011
     permalink
    jpelectron you are correct. I was able to get into xbox live console and check the network settings. The DNS servers are set to comcast and on manual. If I change these to OpenDNS likely my son will change them back. Also, he has the IP set to 10.0.02 and the gateway set to 10.0.01. Not sure what this means - does it give me another block?

    Not sure how to block the TCP/UDP port 53. I have a Linksys WRT54GS router. Can you help me with that?
    • CommentAuthorrotblitz
    • CommentTimeApr 18th 2011
     permalink
    "The DNS servers are set to comcast and on manual."

    Set them to automatic then.

    "Also, he has the IP set to 10.0.02 and the gateway set to 10.0.01."

    These are not valid IPv4 addresses. Check again.

    "Not sure how to block the TCP/UDP port 53. I have a Linksys WRT54GS router."

    What version of WRT54GS ? http://ui.linksys.com/files/WRT54GS/
    Here an example where to go: http://ui.linksys.com/files/WRT54GS/v5-v6/1.50.7/Filters.htm
    Blocked Services: DNS
    Thankful People: dustinelwood
  2.  permalink
    Give you another block? Short answer, no. Gateway would be the router, and IP would be the LAN address of the xbox. Your computer probably has 10.0.0.3 or similar. Largely irrelevant in terms of OpenDNS.

    Maybe easier to use the parental controls.
    http://support.xbox.com/en-us/pages/xbox-live/how-to/parental-control.aspx

    But if would also want to prevent usage of any other DNS as well, provide us a link to the manual for you exact model and revision of router that we may see whether this is possible.
    • CommentAuthorkanbun
    • CommentTimeApr 18th 2011
     permalink
    I have Linksys WRT54GS, v 1.1. I don't think that the software is going to make it easy to prevent other DNS from what I've read. Manual is here.
    http://homesupport.cisco.com/en-us/wireless/lbc/WRT54GS

    I was thinking of installing Tomato or DD-WRT , but haven't decided if that makes sense.

    I think the only solution is to prevent other DNS from the router. Any suggestions would be appreciated.
  3.  permalink
    Yes, but parental controls on the xbox can explicitly deny access to xbox live. Is that not what you want?

    "I was thinking of installing Tomato or DD-WRT , but haven't decided if that makes sense."

    It does if you want the ability to force the use of OpenDNS, while you router does not provide this function.

    "I think the only solution is to prevent other DNS from the router. Any suggestions would be appreciated. "

    Well, there are no suggestions other than to use what the router offers, if available, or install an alternate firmware, if compatible with the router.

    Waiting for manual....

    Have a look at page 29 of you manual. Deny for all computers outbound access to port 53 UDP.
    • CommentAuthorkanbun
    • CommentTimeApr 19th 2011
     permalink
    Unfortunately, the actual settings in the router do not match the manual. The filtered port range isn't there in my router. I have a "blocked services" option instead. I think it might allow me to block the port 53 for both UDP and TCP.

    If I block port 53, should that force everything thru OpenDns?
  4.  permalink
    "If I block port 53, should that force everything thru OpenDns? "

    It will disallow the use of any other DNS, so, in effect, yes.

    "Unfortunately, the actual settings in the router do not match the manual."

    Then ensure that you haven't had a firmware upgrade to 4.x or whatever it is. If you have, get the relevant manual.
    • CommentAuthorkanbun
    • CommentTimeApr 19th 2011
     permalink
    Thanks. I've been tinkering with the router settings and I think I can, in fact, block port 53 both UDP and TCP. I'm going to block the domains for xbox.com and live.com and the port on the router and see what happens.
    Thankful People: maintenance

This discussion has been inactive for longer than 30 days, and is thus closed.