Your IP:

Our Forums Have Moved!

Visit our new forums at https://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorxyza
    • CommentTimeDec 20th 2011
     permalink
    I put the configurations into the proper places and cleared the caches and re started the computer after each attempt but still no luck.I read that I could have a DHCP that is directing to another Dns other than yours. I am not sure how I can check that.
    I need to use opendns on the network rather than each computer because we will be adding e-readers to our childrens devices and they do not have parental controls. I am desperate to get this taken care of ASAP! Please help. Thanks
    • CommentAuthorrotblitz
    • CommentTimeDec 20th 2011
     permalink
    "I put the configurations into the proper places"

    What are the "proper places" in your case? Is this your router only?
    Having more than two DNS server entries there? Fill them with 208.67.222.220 and 208.67.220.222.

    What exactly does not work for you?

    What does http://welcome.opendns.com/ show up with?
    What is the output of the following commands?
    nslookup -type=txt which.opendns.com. 208.67.222.222
    nslookup -type=txt which.opendns.com.
    • CommentAuthorxyza
    • CommentTimeDec 20th 2011
     permalink
    I went into the control panel and added the Dns #s 208.67.222.222 and 208.67.220.220 in the primary and secondary spots.
    No websites are being blocked at all.
    the page you asked about gives me the oops message
    I am a bit computer illiterate so where do I put in the commands? Do I click start then run then cmd and put the rest in the black box?
    • CommentAuthorxyza
    • CommentTimeDec 20th 2011
     permalink
    sorry yes I put these #'s into the router.When typing the commands I get the message ...is not recognized as an internal or external command operable program or batch file. am I putting it in the wrong place?
    • CommentAuthorkhorton
    • CommentTimeDec 20th 2011
     permalink
    Did you enter the space between nslookup and -type=txt
    If not, you will get this error message.
  1.  permalink
    Copy/paste for effortless accuracy.
    • CommentAuthorxyza
    • CommentTimeDec 20th 2011
     permalink
    oops. thanks when I copy and paste i get this for both
    Server: resolverl.opendns.com
    address: 208.67.222.222
    Non Authoratative answer:
    which.opendns.com text=
    "I am not an opendns resolver
    • CommentAuthorxyza
    • CommentTimeDec 20th 2011
     permalink
    I am also wondering about the IP. When I log onto your sight it shows up as
    98 236 56 16 but in the control panel it is 10. 0. 0. 1 I used the one in the control panel as it was closer to the default gateway 10.0.0.2. (when I was entering the dns #'s for opendns)
  2.  permalink
    "I am not an opendns resolver"

    You aren't using OpenDNS. If you get this for nslookup -type=txt which.opendns.com. 208.67.222.222, then your ISP may be using a proxy. Or you may have something other than your router's IP address in the computer's DNS settings (this takes precedence over DNS addresses in the router).

    "but in the control panel it is 10. 0. 0. 1 "

    That is your private IP on your LAN.

    "I used the one in the control panel as it was closer to the default gateway 10.0.0.2. (when I was entering the dns #'s for opendns)"

    Used it for what, exactly? You can't enter this as your network at your Dashboard. Use the other.
    • CommentAuthorxyza
    • CommentTimeDec 20th 2011
     permalink
    Ok I went into the IPCONFIG and got the info there to enter in the box that is brought up when I went to control panel- network and internet -network and sharing- manage network connections- then right click wireless- select properties-highlight internet protocol version4(TCP/IPv4)-click properties.
    This brings up the box where I entered the dns #'s 208.67.222.222 and 208.67.220.220 above that there are two choices. obtain dn IP add automatically or use following IP address Then there are places for IP address, subnet mask and defauly gateway. I filled these in with the #'s I found in the ipconfig. When I used the automatically add it didn't work and when I added the IP that shows up on opendns it wouldn't work so I used the #'s in this config box. This may be part of my problem but The gateway showed a message about not being in the same network segment that is defined by the IP address subnet mask when I used the original numbers that I found. I have probably confused you now as well
    • CommentAuthorkhorton
    • CommentTimeDec 20th 2011 edited
     permalink
    If you go into the OpenDNS Control panel on their website, did you setup a network under your account with the IP Address that your ISP assigned to you? I presume that the 98.236.56.16 is your IP Address. Without this being setup, blocking will not work. This is the IP Address that OpenDNS uses to link to your account. OpenDNS sees your router's IP when the DNS request is sent. Once you have this setup, then you can setup any Web Content blocking desired. Your Public IP Address is the address which you see when you open the OpenDNS website, and should match the IP Address of your router. The 10.0.0.x address is your local network only, and not the one used by OpenDNS.
    • CommentAuthorrotblitz
    • CommentTimeDec 20th 2011 edited
     permalink
    No, you didn't confuse us, but yourself.
    You did not have to change any of your IP address, subnet mask or gateway, even not the DNS server addresses. So best is to switch back to obtain the network settings automatically. As you said, you entered the OpenDNS addresses into the router, why would you enter them also on the computer?

    At the OpenDNS dashboard you have to enter the IP address you see on the top of the page ("Your IP: ..."), most likely something like 98.236.56.16. If this is not accepted, note the error message, and see here:
    http://www.opendns.com/support/article/83
    "Network Already Exists / IP Address Taken by Another User / !Yours"

    But before you go to configure anything at the website, you *must* use OpenDNS for your DNS lookups which you don't. Your ISP prevents you from using 3rd party DNS yet.
    • CommentAuthorrotblitz
    • CommentTimeDec 20th 2011
     permalink
    @khorton
    "Once you have this setup, then you can setup any Web Content blocking desired."

    No, not at all. First he must use OpenDNS, else the settings are for nothing.
    He went a step back now, and we must convince him to go forward.
    http://welcome.opendns.com/
  3.  permalink
    You didn't notice anything... similar?

    "Ok I went into the IPCONFIG and got the info there to enter in the box that is brought up when I went to control panel- network and internet -network and sharing- manage network connections- then right click wireless- select properties-highlight internet protocol version4(TCP/IPv4)-click properties."

    So you got the network information from the command line and went back and entered the information in the GUI? The CLI and the GUI are reporting *the same network connection* - unless you copied an ethernet interface config over your wireless config.

    Whatever, follow what rotblitz said. You are making extra unnecessary work (with possibly problematic results) for yourself. Follow the OpenDNS setup instructions and only these instructions. I'm not sure where you got the ideas to change anything else. If it was advice from somewhere else, ignore it, and you'll do fine. (Assuming we can get around the issue of your DNS lookups going to OpenDNS - we'll work with you on that. :smile:)
    • CommentAuthorxyza
    • CommentTimeDec 20th 2011
     permalink
    ok so I will start over. I told you I don't know what I'm doing.Where do I enter the dns #'s for opendns? I went to my routers IP entered the login and password now where do I find the place where the #'s go? I entered them on the computer before...duh!
    • CommentAuthorrotblitz
    • CommentTimeDec 21st 2011 edited
     permalink
    "I don't know what I'm doing."

    Not a good base to do anything at all... :shock:

    "now where do I find the place where the #'s go?"

    How could we ever know? You even didn't mention what router you have, far from telling us the exact make and model or posting a link to an online manual. But wait...

    No, don't enter any addresses anywhere yet. We have seen that it is hard for you to use OpenDNS at all. We must first sort out this. Therefore post the complete output of all the following commands (inc. the commands) here (you can copy&paste again):

    nslookup -type=txt which.opendns.com. 208.67.222.222
    nslookup -type=txt -vc which.opendns.com. 208.67.222.222
    nslookup -type=txt -port=5353 which.opendns.com. 208.67.222.222
    nslookup -type=txt -vc -port=5353 which.opendns.com. 208.67.222.222
    • CommentAuthorxyza
    • CommentTimeDec 21st 2011
     permalink
    1. nslookup -type=txt which.opendns.com. 208.67.222.222
    .server: resolverl.opendns.com
    address: 208.67.222.222
    non authoratative answer:which opendns.com text= "I am not an opendns resolver"

    2. nslookup -type=txt -vc which.opendns.com. 208.67.222.222
    .Server: resolverl.opendns.com
    address: 208.67.222.222
    non authoratative answer:which opendns.com text= "7.ash"

    3. nslookup -type=txt -port=5353 which.opendns.com. 208.67.222.222server: resolverl.opendns.com
    address: 208.67.222.222
    non authoratative answer:which opendns.com text= "I am not an opendns resolver"


    4.nslookup -type=txt -vc -port=5353 which.opendns.com. 208.67.222.222.Same as the secondServer: resolverl.opendns.com
    address: 208.67.222.222
    non authoratative answer:which opendns.com text= "7.ash"
    • CommentAuthorxyza
    • CommentTimeDec 21st 2011
     permalink
    My router is an assis T68526. It was provided by comcast.
    • CommentAuthorkhorton
    • CommentTimeDec 21st 2011
     permalink
    @xyza, Do you mean Arris? Is that the number on the modem, router, or are they combined into one unit? I looked on the Arris web site, but did not find that Model #.
    • CommentAuthorrotblitz
    • CommentTimeDec 21st 2011
     permalink
    You can use only TCP, not UDP, to reach OpenDNS with your DNS lookups. You need to install and configure additional software on the computer. If you are willing to go through this more complex process for computer savy people, let me know.

    You can also complain with your ISP why you can't use 3rd party DNS services.
    Thankful People: jmarianu
    • CommentAuthorkhorton
    • CommentTimeDec 21st 2011
     permalink
    @rotblitz, not sure if I missed something above as far as the TCP vs. UDP for DNS lookups?

    I have Comcast for an ISP, and have no problem with using OpenDNS setup on my router. I am using a router that I provided though, and not one provided by Comcast.
    • CommentAuthorxyza
    • CommentTimeDec 21st 2011
     permalink
    Sorry I read my notes wrong- router is Arris TG852.
    When I follow the general instructions ( this router is not on the list of opendns instructions) I go to the gateway connection local IP config> IPv4
    It lists the Gateway the subnet the DHCP beginning address and the DHCP ending address and the DHCP lease time. No DNS. this was the start of my confusion. I could find no DNS to change except on the computer.
    As confused as I got with these simple instructions I will have to think about doing anything more complicated myself. This was sooooo easy the first time I did this but I had a belkin router before:(
    • CommentAuthorkhorton
    • CommentTimeDec 21st 2011
     permalink
    Is there another page that show your Internet Connection where you setup your IP Address (depending on if you have Fixed IP or Dynamic). I would think that this page would exist. That is where I have always seen the DNS settings. I have never dealt with an Arris router.
    • CommentAuthorxyza
    • CommentTimeDec 21st 2011
     permalink
    when i go to control panel<network and internet<network and sharing<manage network connections< right click wireless network connection< then click properties< then IPv4<click properties I get a box with a place for IP, subnet, gateway and 2 spaces for DNS. I set the first 3 on automatic and the DNS with the opendns numbers. That was the only thing I could find. It didn't work so then someone told me to find the router and enter the numbers. I'm sorry to be such a pain. I'm just not sure what to do next
    • CommentAuthorkhorton
    • CommentTimeDec 21st 2011
     permalink
    OK, so were you able to connect the routers interface, and log in? By your last message above this was not clear, and seems like maybe you were not able to.

    Looking at one of your older messages referring to the default gateway to connect to the router using http://10.0.0.1 although I have usually seen this used as a default gateway for a larger network. Try going to that link to see if you can connect to the router. If you are successful at this, then look for the DNS settings in the router.

    You will also want to go into the wireless connection setup on your computer and change it back to get the DNS automatically from the router in order for this to actually work.
    • CommentAuthorxyza
    • CommentTimeDec 21st 2011
     permalink
    I'm not sure about the first question. How would I know if I was connected to the routers interface?
    When I go to the http://10.0.0.1 I can go into the gateway connection local IP config IPv4 and find the gateway, subnet and 2 places to set the DHCP. That was the closest thing I could find
    Thirdly I will go back to my wireless and set the dNS back to automatic.
    • CommentAuthorkhorton
    • CommentTimeDec 21st 2011
     permalink
    The routers interface should bring you to a web page that would give some indication that you are on the routers configuration page. It sounds like your are connected, but I have always seen more to the configuration pages then what you are explaining. It seems like what you are explaining is the local area setup in the router, and not the internet connection setting page which is where the DNS settings would be.
    • CommentAuthorxyza
    • CommentTimeDec 21st 2011
     permalink
    Well I went to http://10.0.0.1 I entered my login and password. This brings up a page Gateway at a glance with choices down the left side of page you can click on( connection, Hardware, Connected Devices, Parental Controls, Advanced, troubleshooting)
    under advanced you can enable or dis able port forwarding under troubleshooting you have the categiries Logs, Diagnostic Tools, Reset/Reboot
    then inthe last categorie you can choose to Reset, Reset WiFi module, Reset WiFi Router, Restore WiFi settings or Restore factort settings
    • CommentAuthorkhorton
    • CommentTimeDec 21st 2011
     permalink
    Check on the Connection tab, and see if the DNS settings are there.
    • CommentAuthorrotblitz
    • CommentTimeDec 21st 2011
     permalink
    @xyza
    You need to read my previous message. Again, you can use only TCP, not UDP, to reach OpenDNS with your DNS lookups. This means, you can't use OpenDNS at all with standard methods, no matter what you do to the router or computer.

    And again, your ISP is preventing you from using 3rd party DNS. No router in the world can help you here. However, your ISP "forgot" to redirect also TCP DNS traffic (normally this is UDP), therefore you can use this but need to install software on the computer to make it work.

    Is it clearer now?
    • CommentAuthorRed Prince
    • CommentTimeDec 21st 2011
     permalink
    Better yet, switch to an ISP that does not think you are paying them to control you. And let your old ISP know why you left.
    • CommentAuthorxyza
    • CommentTimeDec 22nd 2011
     permalink
    @roblitz thanks @ Red Prince...if only! this was the only one I could get in my area...but I will let them know that this is total BS. For what I have to pay them this should not be happening. Thanks everyone for your troubles.
    • CommentAuthorkhorton
    • CommentTimeDec 22nd 2011
     permalink
    @xyza, I have Comcast, and I am using OpenDNS. Therefore, it must not be an general restriction with Comcast. Although I have a Comcast Arris modem/eMTA, I have a Netgear router that I provided. They may have a solution for this restriction.
    • CommentAuthorxyza
    • CommentTimeDec 22nd 2011
     permalink
    Via a live chat they (comcast) had me do the same basic steps that I had already done except I had changed the dns in the wireless connection instead of the local area connection which was what they had me do and still nothing. I am just too frustrated at this point. Thanks for the info I appreciate it
  4.  permalink
    khorton
    "@rotblitz, not sure if I missed something above as far as the TCP vs. UDP for DNS lookups?"

    When you see "vc" in the nslookup command, this means virtual circuit. UDP is sessionless, virtual circuits would only be possible with TCP.


    xyza

    "Via a live chat they (comcast) had me do the same basic steps that I had already done except I had changed the dns in the wireless connection instead of the local area connection which was what they had me do and still nothing."

    This is because *you cannot use any third-party DNS* normally. Not at all. And Comcast is not addressing this with you. It does not matter what you set anywhere in your network.

    Your solutions are:
    1) Tell Comcast to stop redirecting your DNS queries. (Not that you need help configuring anything - tell them you don't.) Ask if they have an opt-out web page for DNS redirection , and if not, why not.

    2)Let rotblitz know if you want to try something that may seem complicated to you. We've helped other people with this before using rotblitz's solution.

    But option 1 should be available. You just need to get the help desk people at Comcast to understand what you want - so you need to understand what you want: to be able to use third party DNS, but your DNS requests are currently redirected. (You may need to get your call escalated to someone with a clue.)
    • CommentAuthorxyza
    • CommentTimeDec 23rd 2011
     permalink
    @khorton I really do want to fix this ASAP. I blew up at Comcast and told them how unhappy i was that they are 1. controlling my service like they are. 2. giving me the run around pretending to help me then later telling me there is nothing I can do except use what they allow. That really made me mad as I felt like I was being lied to. @ rotblitz I really am quite illiterate when it comes to computers and all the terms so I will probably be a big headache because I will have to have it explained in terms I can understand. Are you sure you want to attempt this?
    I really wanted to have things ready for the kids e-book readers when they get them on Christmas. Now I will have to constantly oversee what is coming in to them thanks to the situation Comcast has put me in.Well enough complaining...I'll save the rest for the ones who deserve to hear it. Yes I would love some help if I can get it. Thanks everyone who has tried here!
    • CommentAuthorkhorton
    • CommentTimeDec 23rd 2011
     permalink
    @xyza, If they say there is nothing that they can do, then see if you can get to speak to someone at a higher level in the network department to see if they can offer some additional assistance in getting around this limitation. You might stand a better chance by calling during normal business hours.
    • CommentAuthorxyza
    • CommentTimeDec 23rd 2011
     permalink
    @khorton-Thanks I guess that will be my next move. This was their latest reply:

    I understand that you are having issues with the Constant Guard software
    and DNS servers. I know it is important that you are able to set your
    own DNS settings in order to setup your Parental Controls preferences.
    You have reached the right department and I am willing to assist you by
    providing the information regarding this issue. Rest assured this
    concern would be taken care of.

    XXXXX, I apologize for any inconvenience it has caused you. Thank you
    for bringing this matter to our attention. We appreciate hearing about
    any unsatisfactory situations so corrective action can be taken, thus
    increasing our level of customer satisfaction. I have forwarded your
    comments to the appropriate members of our development and management
    teams for further review and action. Unfortunately, they will be unable
    to contact you directly unless additional information is needed. Thank
    you for taking the time to help us keep our commitment to quality
    customer care.

    Furthermore, you can opt out to use the Constant Guard software and only
    use the Norton Security Software. I see you are still having issues with
    the DNS servers. Although it can be changed, Comcast does not recommend
    this change as there might be issues with using the service. Anyhow,
    were you able to make any changes on the DNS server? What other issues
    are you still experiencing after making the change?

    Currently we do no have a page to opt out in DNS redirection. You can
    contact us through chat in order to have the issue forwarded to a higher
    level of support.
  5.  permalink
    "Currently we do no have a page to opt out in DNS redirection. You can
    contact us through chat in order to have the issue forwarded to a higher
    level of support."

    Good grief. Do that, though.

    Like I said, you need to have your call (or chat) escalated.

    "Anyhow, were you able to make any changes on the DNS server?"

    What a moronic question. What would it matter if your DNS requests are redirected anyway?

    If it helps, show them your nslookup result and tell them that you do not want this.
    >>nslookup -type=txt which.opendns.com. 208.67.222.222
    .server: resolverl.opendns.com
    address: 208.67.222.222
    non authoratative answer:which opendns.com text= "I am not an opendns resolver"<<

    Although it would be better if you copied and pasted it rather than trying to type it.


    And if we must:
    "@ rotblitz I really am quite illiterate when it comes to computers and all the terms so I will probably be a big headache because I will have to have it explained in terms I can understand. Are you sure you want to attempt this?"

    We have done it before. All you need to be able to do is to follow explicit instructions.
    • CommentAuthorxyza
    • CommentTimeDec 23rd 2011
     permalink
    Ok then I am going to give them the above request thanks. I can follow instructions I'll just may need to ask you to explain some of them to me. Thanks a bunch
    • CommentAuthorrotblitz
    • CommentTimeDec 23rd 2011
     permalink
    "We have done it before. All you need to be able to do is to follow explicit instructions."

    We had success with port 5353, but not with TCP, surprisingly. However, DeleGate update their software versions quite often, and this may be fixed in between. And beside DeleGate I do not know a similar Swiss knife software...
    • CommentAuthorxyza
    • CommentTimeDec 23rd 2011
     permalink
    so are you suggesting I download from delegate? and if so what do I download?
    • CommentAuthorrotblitz
    • CommentTimeDec 24th 2011
     permalink
    @xyza
    No, better follow up with your ISP yet.

    As said, the DeleGate solution didn't work for cases like yours last time I tried it. And my interception was merely meant as a comment to what @maintenance said.
    • CommentAuthorxyza
    • CommentTimeDec 24th 2011
     permalink
    Well there you have it yet another worthless response!
    Thank you for contacting Comcast High Speed Internet. My name is
    Rei.iane. I hope you are doing well today.

    I understand that you are receiving errors when using the Open DNS
    server. I know it is important that you have these errors bypassed in
    order to use parental controls. You have reached the right department
    and I am willing to assist you by providing the information regarding
    this issue. Rest assured this concern would be taken care of.

    xxxxxxx, I apologize for any inconvenience it has caused you. I checked
    your errors and these are currently not supported by Comcast. Please
    contact Open DNS support in order to have these errors resolved. You can
    contact them by checking their support page at:

    http://www.opendns.com/support/

    If you would prefer to address this issue in a real-time format, you can
    chat with one of our Online Customer Support Specialists 24 hours a day,
    7 days a week at:

    http://www.comcastsupport.com/chat
    • CommentAuthorxyza
    • CommentTimeDec 24th 2011
     permalink
    Just spoke to someone who now informs me I must call my local office on Monday because the modem/router they gave me can only be explained by someone in the local office. When I asked why every tech I have spoken to has given me a completely different answer they abruptly ended the conversation with no explanation.UgggHHH!
  6.  permalink
    They really are clueless, because this has absolutely nothing to do with the modem/router, but their network. Still, the local office may be the best place to call anyway. (Unless they have a built-in redirector that ignores any configuration or direct addressing.)

    "I know it is important that you have these errors bypassed in
    order to use parental controls."

    To use any third-party DNS at all! These people obviously cannot read an nslookup query and output.

    I wonder what happened to the Comcast people who used to show up in the forum to address these things.

    I don't suppose you use Twitter, do you? They seem to pay attention to that.
    @comcast or @comcastcares (Believe it or not.)
    • CommentAuthorkhorton
    • CommentTimeDec 24th 2011
     permalink
    xyza, If you have not already done so, you might try the Comcast Forum at http://forums.comcast.net

    If you do not already have one, you will need to register for a forum account. It will first have you log into your Comcast account, and then setup your forum account.

    I just happened to find the URL, but have never used the forum. You may at least find people that have encountered the same or similar problem.
    • CommentAuthorserich5
    • CommentTimeDec 24th 2011
     permalink
    xzya, I know my way around computers and have the exact same issue. Comcast is not allowing the use of the opendns DNS. Keep plugging away at support. If they give you a resolution please post. I have a netgear router set up for the kids with the openDNS ip address set up running into the Arris modem and I still get the same nslookup responses as you did. It is not your settings.
    • CommentAuthorserich5
    • CommentTimeDec 24th 2011
     permalink
    By the way this configuration worked fine with comcast before I upgraded to the Arris modem.
    • CommentAuthorserich5
    • CommentTimeDec 24th 2011
     permalink
    Update: https://customer.comcast.com/Secure/Users.aspx
    If you go to the comcast settings page you can turn off "DNS Helper". While this didn't resolve the issue it is one more clue to the mystery.

This discussion has been inactive for longer than 30 days, and is thus closed.