Re: Content Filtering Not Working

crokett · ‎03-29-2018

I am trying to use opendns for content filtering on 1 of my computers. filtering is not working. I have verified:

1. the IPV4 address I have in OpenDNS for the filter settings matches my the one on my router WAN port

2. the computer in question is using the OpenDNS DNS servers.

3. I cleared the DNS cache on this computer.

My router does not have any content filtering of its own that I know of.

I have IPV6 disabled on this computer. Searches for similar problems here have you run this as a first step:

nslookup -type=txt debug.opendns.com

I have multiple computers fail to resolve the debug.opendns.com host name. I've tried it from computers at both work and home

They can resolve which.opendns.com

rotblitz · ‎03-29-2018

Copy & paste the complete plain text output of the following diagnostic commands from such a PC to here:

nslookup -type=txt debug.opendns.com. 208.67.220.220
nslookup whoami.akamai.net.
netsh interface ipv4 show dns

crokett · ‎03-29-2018

nslookup -type=txt debug.opendns.com. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220

*** resolver2.opendns.com can't find debug.opendns.com.: Non-existent domain

nslookup -type=txt whoami.akamai.net

Server: resolver1.opendns.com
Address: 208.67.222.222

whoami.akamai.net canonical name = user-att-108-70-128-0.whoami.akamai.net

netsh interface ipv4 show dns

Configuration for interface "Wireless Network Connection 3"
DNS servers configured through DHCP: None
Register with which suffix: Primary only

Configuration for interface "Wireless Network Connection 2"
DNS servers configured through DHCP: None
Register with which suffix: Primary only

Configuration for interface "Wireless Network Connection"
Statically Configured DNS Servers: 208.67.222.222
208.67.220.220
Register with which suffix: Primary only

Configuration for interface "Bluetooth Network Connection"
DNS servers configured through DHCP: None
Register with which suffix: Primary only

Configuration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: None
Register with which suffix: None

rotblitz · ‎03-29-2018

You entered the second command incorrectly. I didn't ask for the TXT record, but for the A record, so I'm unsure...

Regardless, it looks like your ISP redirects your DNS traffic to their own DNS service, so it does not go to OpenDNS. You may contact your ISP to opt out from this, or you can try to circumvent this restriction with https://dnscrypt.info/implementations

Another possibility is that you run Avast or AVG antivirus. In this case first try with disabling the option "Secure DNS / Fake Site / Real Site" in the program settings.

crokett · ‎03-29-2018

here's the correct output

nslookup whoami.akamai.net

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: user-att-108-70-128-0.whoami.akamai.net
Address: 108.70.128.0
Aliases: whoami.akamai.net

there is no antivirus. I'll look into whether my ISP is redirecting DNS traffic

crokett · ‎03-29-2018

I did some checking and disabled DNS error assist on my account with my ISP. I'll restart the router and check it again in a few days.

what in the output tells you that my ISP might be directing DNS traffic?

rotblitz · ‎03-29-2018

Yep, it's your ISP hi-jacking your DNS traffic! This address 108.70.128.0 is assigned to your ISP. Also, not being able to resolve debug.opendns.com (TXT record) is another indication. Only if you really used OpenDNS you could resolve this domain name. The domain which.opendns.com (TXT record) can be resolved by every DNS service, but non-OpenDNS returns "I am not an OpenDNS resolver".