How to completely block Bing "web results" on Windows 10 Start menu search?

micalo · ‎10-02-2018

On Windows 10, when I search from something from the start menu (like a file on my computer), it also offers to see "web results" directly from the start menu, without a web browser. To prevent this, we have specifically blocked bing.com and bing.net for our network (see below) and we have all search engines blocked by default, except those we specifically allow, and bing is not in the "Always Allow" list (see below). Yet, on Windows 10, when we click the start button on the lower left, we can search for something and Cortona (? I think) offers the option to see "web results". If I choose that, it still grabs instant results from the web, somehow via Bing. Is there a way, using OpenDNS to completely block this behavior which Microsoft builds into Windows 10? Thank you!

support.opendns.com_hc_user_images_P9SKHDoCDf22jYIHGQY-7Q.png

support.opendns.com_hc_user_images_deRh-sGA2Q-38xKpCQbWBg.png

rotblitz · ‎10-03-2018

I have run a DNS trace when using the Start menu for searches, and I can see the following domains, beside subdomains of bing.com and bing.net:

(These are all CNAME records of CDN domain names, almost from Akamai.)

*.appex-rf.msn.com
cdn.content.prod.cms.msn.com
img.stb.s-msn.com
v10.events.data.microsoft.com
api.cortana.ai
fp.msedge.net
s-ring.msedge.net
segments-s.msedge.net
t-ring.msedge.net
watson.telemetry.microsoft.com
q-ring.msedge.net
fp-as.azureedge.net

It seems you need to add more domains to your "always block" list. Start with cms.msn.com and msedge.net. If this blocks or impacts too many other Microsoft services, then you had to change the entries to more specific ones.

micalo · ‎10-03-2018

Thanks roblitz. I tried adding just cms.msn.com and msedge.net and waited a few hours. I rebooted the computer, but the Bing results still show. Now I have also added these domains you suggested (see below) and will try a second time.

By the way, you said, "...I can see the following domains, beside subdomains of bing.com and bing.net" So did you see some zzz.bing.com or yyy.bing.net domains in the list as well? Perhaps those would be the culprits? In any case, I will let you know if the additions below work.

Thank you again!

support.opendns.com_hc_user_images_r9v1AcRrjyVmlGaHEgh8jw.png

rotblitz · ‎10-04-2018

Entering a domain covers this and all its subdomains. E.g. bing.com covers this and www.bing.com, abc.bing.com, def.bing.com, etc.

micalo · ‎10-04-2018

Hi rotblitz. I did not realize that adding a top-level domain to the block list will kill all subdomains under it too.

That said, I am embarrassed to say that bing.com and bing.net *were indeed enough* to solve the problem! The issue for us was that, unknown to me, our ISP's tech guys had logged into our router a while back and removed the OpenDNS nameserver entries while they were trying to fix something else. I put those entries back, and removed the extra "always block" entries I had added above in trying to research this. Sure enough, the Windows 10 start button search on all our pc's on our network no longer produce results. It now says, "Preview is not available now"

Thank you again for your help, and I am sorry to have wasted your time! I did download the DNS sniffer software because I bet that will come in handy, too. I found that sniffing the "loopback" produces nothing, only the 192... address.

support.opendns.com_hc_user_images_Kj5yvTEBxZaWafmcw6n2mw.png

support.opendns.com_hc_user_images_n1IsPJ0g-z661NmNnHESwQ.png

rotblitz · ‎10-04-2018

"our ISP's tech guys had logged into our router a while back and removed the OpenDNS nameserver"

Oops, that explains everything! It would have been easy to see that if you visited http://welcome.opendns.com/
Now all is good!

"I found that sniffing the "loopback" produces nothing, only the 192... address."

Definitely! DNS traffic does usually not go through the loopback interface, just through the gateway to the external world.