Re: Intermittent domain blocking

viea2 · ‎04-29-2014

I have games blocked as a category. Candy crush (*.king.com) is certainly a game and I see numerous blocks in stats for bling.king.com & candycrush.king.com. However, the blocking is intermittent. My wife has been 'testing' it for me, and says that it has worked intermittently throughout the day. This testing was done on the same computer/browser, I verified that there is no alternate dns available, and that the ip address has not changed.

We did the testing with king.com, but I have observed intermittent failure to block other problem domains on my blacklist (orteil.dashnet.org).

I love what OpenDNS is supposed to do, but it is just not working for me. Has anyone else seen this? Is there a fix?

rotblitz · ‎04-30-2014

It seems that you also have other DNS resolver addresses configured or in use beside the OpenDNS ones, on the router or on the computer. Ensure that you use OpenDNS resolver addresses solely, else you will be using OpenDNS randomly only.

viea2 · ‎04-30-2014

Good theory. I thought of the same thing and had already checked that. Computers are pulling DNS from my dlink router, which is pointed to opendns for both primary & secondary DNS servers. I also flushed the dns cache on the computers. Both a win7 PC and a couple OSX devices are experiencing intermittent blocking.

rotblitz · ‎04-30-2014

It stands as I said. If there are more than two DNS server entries on your D-Link router, fill them with 208.67.222.220 and 208.67.220.222. And see on the Win7 PC with "ipconfig /all" or with "netsh interface ip show dns" what DNS servers are being used.

Also, ensure not to use

IPv6 connectivity
proxies
VPNs
site unblockers
browser "turbo mode"
and similar stuff

all of these possibly circumventing OpenDNS.

viea2 · ‎05-01-2014

There are only two dns entries in the router, and both are pointed to opendns. I verified via ipconfig /all that the PC is pointed at the router. There is no ipv6, proxy, or vpn being used. Not sure what a site unblocked is. Purged history on both IE and Chrome, and they still perform intermittently. No idea what similar stuff would be. I'll repeat that I've verified that my public IP (via comcast) remains consistent with the one defined on opendns.com.

A key thing to understand in the troubleshooting is that this behavior is intermittent... in that it blocks the domains sometimes and then a few hours later it does not block the domains. I think I understand how a secondary dns could do this upon a primary timeout, but not sure how any other config issues could be the culprit.

Let's try eliminating complexity for troubleshooting purposes...

How can I test that opendns is working from a dos and/or osx prompt?

rotblitz · ‎05-02-2014

"How can I test that opendns is working from a dos and/or osx prompt?"

With Windows or nslookup installed on the Mac:

nslookup -type=txt debug.opendns.com.
nslookup bling.king.com.
nslookup candycrush.king.com.
nslookup orteil.dashnet.org.

else

dig debug.opendns.com txt
dig bling.king.com
dig candycrush.king.com
dig orteil.dashnet.org

budzielinski · ‎09-06-2014

I have a similar problem in that OpenDNS is not correctly blocking several domains I have entered in my dashboard, most notable tumblr.com.

While I have the right DNS entries on my computer the Motorola router (Brighthouse Cable) points to their DNS servers and doesn't appear to be an editable field(s).

Is this the problem and how can I overcome this ? I have flushed the DNS cache on both computer and the browser

rotblitz · ‎09-07-2014

As I said, you must have only OpenDNS resolver addresses configured on your computer. Eliminate any others. And don't use any of the other things I listed above.