Your IP:

Our Forums Have Moved!

Visit our new forums at https://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorpadres
    • CommentTimeAug 18th 2011 edited
     permalink
    Hello! Do you know about possible interferences with using Microsoft "Parental Control" or Blue Coat "K9" software on a PC in the home network installed and having OpenDNS on the ADSL(wireless)routermodem configured in parallel? The PC receives its IP and DNS settings automatically from the router.
    I am asking because the PC sometimes pauses anykind of network related work for about 5 to 10 minutes. This happens sometimes right after starting the PC, without the user having done something, but only the PC tries to connect to the Router, but sometimes also "spontanously" during an already long time processed web surfing session. I then can for instance not enter any network monitoring software or enter the "network repair" function etc. to at least see whats going on. No load on the processor, no high memory usage, no suspicious process which would alert me about something malicious going on. But I can work with the PC doing other things (not network related, starting and using i.e. the calc program). I do not see any change in the IP adress my home network was asigned to by my ISP, before and after this networking blocking pause.

    I am wondering if maybe Parental Control software is doing its job via a special proxy server, or seomthing like this, and then the PC becomes confused receiving disharmonic responses from this Parental Control thing and the OpenDNS thing in parallel? I would not expect this, because I thought that the 2 security solutions are installed in different positions in my home-networking "pipeline". I could already aprove, that this idea having 2 barriers running, one behind the other, usually complements excellent and yields much better results in protecting my kids than having only the one or the other running! But maybe I need to put some special entry to the whitelist of OpenDNS in order to not interfere with the K9 or the Microsoft Parental Control? By the way, I do NOT have the K9 and the Microsoft Parental Control running at the same time on the same PC - I actually have two PC and one of them is protected with the one product, and the other one with the othter product: I am testing what will be the best for usage in the future...


    Finally, the reports of both, Parental Control software and OpenDNS show different entries about visited sites and are even missing entries completly (not showing up in any of the reports, although I for sure hit those sites for testing purposes and having had them blocked correctly by the one or the other security barrier. This inconsistant reporting pointed me to suspect a proxy to be used by the Parental COntrol software and this might mess up my attempt of using a 2 barrier protection? At least as long as I haven´t configured that Parental Control proxy in the whitelist of OpenDNS? But I wouldn´t know the name or adress of that proxy.

    Maybe the problem is a total different one? Any kind of help is appreciated! Thanks.
  1.  permalink
    "I am asking because the PC sometimes pauses anykind of network related work for about 5 to 10 minutes. "

    Ah, no, mixing these applications with the OpenDNS service shouldn't cause that sort of problem. It shouldn't matter to any software which DNS server you network is using.

    "Finally, the reports of both, Parental Control software and OpenDNS show different entries about visited sites and are even missing entries completly (not showing up in any of the reports, although I for sure hit those sites for testing purposes and having had them blocked correctly by the one or the other security barrier."

    Once one filtering system catches and blocks something, the other system won't see that thing to block it, hence they will log different blocked domains.

    If your device is disconnecting from the router, this wouldn't be a DNS issue. If you are using wireless, it can be an interference problem. If you are using a laptop, the network card may go to sleep to save power. (Desktops and other devices may be set to do this as well.) If you use hibernation, network cards don't always work work with this.
    Thankful People: padres
    • CommentAuthorrotblitz
    • CommentTimeAug 18th 2011
     permalink
    "Parental Control software and OpenDNS show different entries about visited sites and are even missing entries completly"

    Even more, OpenDNS stats do not show visited sites at all!
    OpenDNS has no way knowing that, because they see only the DNS lookups from you. DNS lookups and connecting to a site are not the same.

    This fact alone would explain the majority of differences. You simply can't compare apples with eggs...

    And @maintenance is right, the first service catching for blocking takes it also away from the other service, this explaining the remaining differences.

    And yes, your problem is a networking problem, not a DNS problem. You had to provide more details like Windows version and patch level, browsers being used, how connected to the router, etc., to give us more ideas what could be wrong.
    Thankful People: maintenance
    • CommentAuthorpadres
    • CommentTimeAug 19th 2011 edited
     permalink
    Thanks for the replies!

    ON THE PROBLEM WITH MISSING ENTRIES IN THE REPORTS:
    Yes, I understand (and understood) that a domain will not show up in a certain report, if an other security instance already took care of it. But what is new to me and which for I would like to receive more explanation is the statement from rotblitz: "DNS lookups and connecting to a site are not the same.".
    I thought, when not browsing the internet by following IP adress links, but just "the normal way" following domain names, that the domain name ALWAYS has to be resolved first. So, if Parental Control would catch my request and in its product internal way maybe bypass the DNS lookup at OpenDNS, then it should mention my request in its own activity report somewhere, either as allowed or as blocked site. But it is not there. If Parental Control was not doing the DNS lookup internally, then OpenDNS should have done it and the domain should be listed somewhere in my OpenDNS stats. What other possibility would you know to "connecting to a site" which could explain that I don´t find the visited site in any report? I ran ipconfig /flushdns and I deleted in IE9 the Temporary Internet Files and Historial sections (but I didn´t delete other sections such as cookies, passwords, etc.)

    Part of the problem might be that OpenDNS does not catch domain stats for a long time after I deleted the present stats? While I am testing, I deleted stats for the IP which I was assigned to. I did this in the afternoon and was then browsing the internet for maybe some 2 - 5 hours more (don´t remember now the detail, sorry). Later I reviewed the security/activity reports and posted my question here. Yesterday afternoon I again purged OpenDNS stats. But afterwards, for the rest of the day, there was then no more domain entry (for instance www.visiteddomain.com) registered, but I only found registered the numbered statistics (i.e. at which time how many requests produced)! I might have this problems in the reports because of an (for me) unexpected delay in OpenDNS to start gathering data for the domain reports again????
    • CommentAuthorpadres
    • CommentTimeAug 19th 2011
     permalink
    ON THE PROBLEM WITH THE NETWORK ACTIVITY PAUSES:

    Does somebody know to which domain names Microsoft Vista "Parental Control" and Microsoft "Live Family Safty", and Blue Coat "K9" maybe need to call home? I would then add this names to my OpenDNS "always allow" list. Maybe this will solve things.

    [I am asking, because I have had something similar to do for achieving "always allow" access to Youtube. It was not enough to put "youtube.com" to the whitelist, but I needed to also allow "s.ytimg.com" in order to be able to actually see a video in Youtube. Thanks to the Forum postings on this!]
    • CommentAuthoropendnsjp
    • CommentTimeAug 19th 2011 edited
     permalink
    I don't know, but you could find these by running a http://www.wireshark.org capture for awhile.

    Then, filter the output by "dns" and it will show you just the DNS queries made, you should be able to determine from there.
    Thankful People: padres
  2.  permalink
    Stats are not real-time. You can expect to see them anywhere up to 24 hours after the activity which generated them has occurred.

    Stats and DNS lookups/connecting to sites: Stats shows every DNS query. These are not a one-to-one relationship with sites visited. Sites frequently load content from many domains, and domain lookups occur for other reasons besides visiting sites in a browser.

    Do you have any reason to suspect that you would be blocking any domains potentially used by your other software or service network controls? Do you see any relevant blocked domains in Stats? Regardless, your system wouldn't be losing a LAN or internet connection due to a domain used by, e.g., MS Live services being blocked.
    Thankful People: padres
    • CommentAuthorrotblitz
    • CommentTimeAug 19th 2011 edited
     permalink
    "I would like to receive more explanation is the statement from rotblitz: "DNS lookups and connecting to a site are not the same.".
    I thought, when not browsing the internet by following IP adress links, but just "the normal way" following domain names, that the domain name ALWAYS has to be resolved first."

    DNS is the phone book of the internet, not the phone lines.

    Let's say you read 20 pages in a phone book, and someone would be able to log what you read in the book (but not being able to log your calls!), i.e. logging the names and the related numbers (this is the only thing OpenDNS does!), would this say anything about your phone calls you actually make (these are your e.g. HTTP connections)? In no way!

    And as @maintenance said, not only your browser, but nearly every networking application and other devices and your router may raise DNS lookups, totally unrelated to web surfing.

    And yes, you first have to find out the number for a name to be able to call that name using that number, there is no other way. The "number finder" on e.g. Windows has the following order and priority: local resolver cache, hosts file, DNS (this is the only path OpenDNS sees from you!), WINS, NetBIOS name cache, NetBIOS, lmhosts file. You see, the system has many options to resolve names.

    "I ran ipconfig /flushdns and I deleted in IE9 the Temporary Internet Files and Historial sections"

    These fill up immediately again, quicker than you think...
    And then you are served out of your caches again.

    And no, I don't know what resources your other Parental Control programs need. Beside running wireshark you can run DNSKong lite if you're only interested in your actual real-time based DNS activity.
    http://forums.opendns.com/comments.php?DiscussionID=7438#Item_7

    "Yesterday afternoon I again purged OpenDNS stats."

    Don't do this. Purging, same as stats displaying, is delayed as well and being queued until it comes to you. It may purge your stats at a time not convenient for you then, and not consistently as you have seen, so you rather will lose or corrupt information up to this time. So, for correct and accurate obtaining of stats this is counter-productive. Better use the date and date range selection to limit the stats output.
    Thankful People: padres

This discussion has been inactive for longer than 30 days, and is thus closed.