Your IP:

Our Forums Have Moved!

Visit our new forums at https://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
  1.  permalink
    Hello

    I am a newbie and found an issue.

    I am using Mac OS X 10.7.4

    I originally had the network system preferences set up to use 208.67.222.222 and 208.67.220.220 but I realized that this can be circumvented by a user so I pointed to 208.67.222.222 and 208.67.220.220 DNS up on my airport network (an express and extreme).

    I am on that network and I can get through to porn sites even though my dashboard is set to block this content.

    If I set my main router to use 208.67.222.222 and 208.67.220.220 followed by sudo killall -HUP mDNSResponder (clearing my DNS cache), I still get through.

    In essence, things only appear to work if the computer is to use 208.67.222.222 and 208.67.220.220 from the Network System Preferences.

    What am I doing wrong?
  2.  permalink
    These are the settings on my main router:

    Set the hostname: Automatically via DHCP
    Manually
    Primary DNS :
    Secondary DNS :

    If I use manual, primary 208.67.222.222 and secondary 208.67.220.220 it still does not work and I lose VOIP which my ISP offers using the same Sagem router.

    I also tried connecting my mac to the main router's network, disregarding the impact on VOIP, just to test OpenDNS and I still don't get the content from being blocked.

    Please help.
  3.  permalink
    "I originally had the network system preferences set up to use 208.67.222.222 and 208.67.220.220 but I realized that this can be circumvented by a user so I pointed to 208.67.222.222 and 208.67.220.220 DNS up on my airport network (an express and extreme)."

    A user who has administrator privileges can still change their own DNS addresses, so that makes no difference.

    So what address is listed for DNS server in network prefs now? Is it one of the Apple deices you configured? If not, you have one reason why.

    But as far as I know, Apple devices do not do WAN DNS forwarding, but only may be configured to give DNS addresses via DHCP to devices on the LAN, which then must have the Apple router(s) as DHCP servers. If not, this is another reason why.

    "I also tried connecting my mac to the main router's network, disregarding the impact on VOIP, just to test OpenDNS and I still don't get the content from being blocked."

    I take it you mean that you connected directly to the ISP gateway, on which you had successfully configured static DNS addresses?

    Again, you would have to then have this device as DNS server in network prefs if you configured the WAN/internet side, or as a DHCP server if you had configured the LAN/DHCP settings. Quite possibly a router reboot would be needed, and browser and local resolver caches flushed (every time you change any of these things).

    Also your public IP address must be kept correctly updated to your Dashboard without any error.

    https://forums.opendns.com/comments.php?DiscussionID=11313&page=1#Item_1
    see #s 2 & 3.
  4.  permalink
    Hello

    Thank you for the reply.

    It's now working. I am very sorry that I did not read one of the posts on the forum which advises to read first but I did not see it.

    I realized I had a dynamic IP address coming from the ISP and I think this is where I was seeing mixed results.

    I updated my main router to OpenDNS - VOIP works as well :)

    I downloaded the OpenDNS Updater which helps a lot with the dynamic IP address.

    Currently, my Airport devices in bridged mode do not point to OpenDNS but to 192.168.1.1 (the main router). The main router points to OpenDNS. The mac network system preferences point to the main router. Although we have two wifi networks (mostly for maintenance or testing) the macs on either WIFI network work with opendns as expected.

    Thank you very much for your help maintenance.
  5.  permalink
    One more thing, the only flaw I see is that the OpenDNS Updater must be always running. Kind of a weak point but I realize there is little that could be done when you have a dynamic IP address. The advantages are great but there is more energy consumption to keep one mac running which updates openDNS with the dynamic IP address.


    QUESTION:
    Is there any hardware I can buy to substitute one iMac from constantly being turned on just to run OpenDNS Updater, which feeds my the OpenDNS Dashboard my dynamic IP address?
  6.  permalink
    Also, why does OpenDNS recommend changing an airport router's DNS when it can just point to the router? Apple doesn't make modems so I was wondering how an airport device can override the DNS that is on the router?

    In other words, if I setup my home airport network to use OpenDNS will it actually override the DNS settings in the main router?
  7.  permalink
    Downsteam DNS settings take precedence. Configure your computer to use particular DNS, and that is what is used, provided something upstream does not specifically block or redirect this. Same with one router to an upstream gateway.

    Wherever the DNS addresses are configured in WAN/internet DNS forwarders, the computer must point to that devices IP address for those addresses to be used.

    So, say your computer points to an Airport IP address for the default gateway/router, but points to the IP address of the ISP internet gateway for DNS, then the DNS addresses on the Airport are useless. Same goes for DHCP server, if you expected DNS addresses to be given to computers by a router. Since you have configured addresses on the ISP gateway, apparently on the WAN/internet side, the LAN IP of this device should be the IP listed as the DNS server address on the computers.

    If you have a router that can be flashed with DD-WRT or another suitable alternative firmware, or you have a router which allows fully user-defined DDNS updates, you can use this rather than an updater. Some routers may occasionally have OpenDNS or DNS-O-Matic listed for DDNS options.

    A Netgear router with LPC is a whole other way to go, and stays synced with the filtering settings by a different method. Also, differential filtering per OS X or Windows user account, with a definable blanket filtering setting for devices with other OSes. Plus whatever other additional features the generic firmware has.
    http://countries.netgear.com/lpc The FAQ has a list of supported routers.
    Thankful People: zelus

This discussion has been inactive for longer than 30 days, and is thus closed.