Can't get connected to OpenDNS

j2edwards1 · ‎02-16-2019

I can't figure out why going to https://welcome.opendns.com/ always results with an oops message saying I'm not connected. I have an Xfinity router, with a Ubiquiti router behind that handing out dhcp. I've added the OpenDNS DNS servers, 208.67.222.222 & 208.67.220.220 to both the WAN side and LAN side on the internal router. Any ideas?

rotblitz · ‎02-17-2019

Too many ideas. Copy & paste the complete plain text output of the following diagnostic commands to here:

nslookup -type=txt debug.opendns.com. 208.67.220.220
nslookup -type=txt which.opendns.com.
nslookup whoami.akamai.net.
netsh interface ipv4 show config

"both the WAN side and LAN side"

This is suboptimal. WAN would be the preferred option.

j2edwards1 · ‎02-17-2019

Running on Mac, no netsh available, added ipconfig from Mac. Below are 3 nslookup lines. My internal router uses DHCP from Xfinity router hence the DNS setting on both WAN and LAN. Xfinity won't let me change DNS settings on their cable "modem" at all. Thanks for any help

nslookup -type=txt debug.opendns.com. 208.67.220.220

Server: 208.67.220.220

Address: 208.67.220.220#53

** server can't find debug.opendns.com: NXDOMAIN

nslookup -type=txt which.opendns.com.

Server: 208.67.222.222

Address: 208.67.222.222#53

Non-authoritative answer:

which.opendns.com text = "I am not an OpenDNS resolver."

Authoritative answers can be found from:

nslookup whoami.akamai.net.

Server: 208.67.222.222

Address: 208.67.222.222#53

Non-authoritative answer:

Name: whoami.akamai.net

Address: 76.96.47.195

ipconfig getpacket en1

op = BOOTREPLY

htype = 1

flags = 0

hlen = 6

hops = 0

xid = 0x49be07d6

secs = 0

ciaddr = 192.168.1.53

yiaddr = 192.168.1.53

siaddr = 0.0.0.0

giaddr = 0.0.0.0

chaddr = 28:f0:76:52:2e:62

sname =

file =

options:

Options count is 9

dhcp_message_type (uint8): ACK 0x5

server_identifier (ip): 192.168.1.1

lease_time (uint32): 0x15180

subnet_mask (ip): 255.255.255.0

router (ip_mult): {192.168.1.1}

domain_name_server (ip_mult): {208.67.222.222, 208.67.220.220, 208.67.222.220}

domain_name (string): localdomain

domain_search (dns_namelist): {localdomain}

end (none):

rotblitz · ‎02-17-2019

It's not you or your routers, but your ISP. Comcast proxies or redirects your DNS traffic to their own DNS service. You may call your ISP to opt out from this redirection. Another user had success with calling up the ISP. Else try with using DNSCrypt (https://dnscrypt.info/) to circumvent the interference.

And again, configuring OpenDNS on the WAN side would be the preferred option. External resolver addresses on the DHCP/LAN side impact or break local name resolution.

"I've added the OpenDNS DNS servers, 208.67.222.222 & 208.67.220.220"

You even used three, as I can see now, which is fine too.

domain_name_server (ip_mult): {208.67.222.222, 208.67.220.220, 208.67.222.220}

j2edwards1 · ‎02-17-2019

Thanks for the info, this helped a lot. Xfinity gives you the option for a DMZ. I setup my router/firewall behind the Xfinity router as the DMZ IP and everything worked perfectly!

ksp15 · ‎02-20-2020

j2edwards. Can you explain how you hooked up a 2nd router to Xfinity router for us non techies please? I hate that Xfinity will not let you do it on your own. Any help would be appreciated. Thank you!