Re: Is it possible to use OpenDNS with my own router on Comcast/Xfinity?

acousticbiker · ‎03-15-2020

I am using OpenDNS Updater on a Mac with an Airport Time Capsule and my own Motorola modem. I am able to change the DNS settings in Airport Utility and I've cleared DNS and Safari caches as suggested by OpenDNS but still not on OpenDNS (according to OpenDNS website checker, OpenDNS Updater showing IP unavailable, and adult website not filtered). Anyone with a similar setup get it to work?

Also, when I go into Airport Utility, IPv6 DNS servers and Domain Name are in gray and are not anything I entered. And in Network Preferences, under Ethernet, DNS Server addresses are not the OpenDNS ones I've entered into Airport Utility.

rotblitz · ‎03-16-2020

Copy & paste the complete plain text output of the following diagnostic commands to here.
nslookup -type=txt debug.opendns.com.
nslookup whoami.akamai.net.

acousticbiker · ‎03-16-2020

Thanks - in case I shouldn't be publishing these servers/addresses, I've anonymized them somewhat:

nslookup -type=txt debug.opendns.com

Server: 2601:xxx:4102:21ec:9272:40ff:fe0c:1a41

Address: 2601:283:yyyy:21ec:9272:40ff:fe0c:1a41#53

Non-authoritative answer:

*** Can't find debug.opendns.com: No answer

Authoritative answers can be found from:

nslookup whoami.akamai.net

Server: 2601:xxx:4102:21ec:9272:40ff:fe0c:1a41

Address: 2601:283:yyyy:21ec:9272:40ff:fe0c:1a41#53

Non-authoritative answer:

Name: whoami.akamai.net

Address: 76.xx.yyy.1

rotblitz · ‎03-16-2020

As you assumed, you are using a DNSv6 service, not OpenDNS. If you cannot configure IPv6 DNS servers, you should disable IPv6 altogether.

acousticbiker · ‎03-16-2020

On my Mac, Airport Utility shows the following options for IPv6:

'Configure IPv6': "Automatically" (currently selected), "Link-local only", "Manually"

'IPv6 Mode': "Native" (currently selected), "Tunnel"

And then a checkbox (currently selected) next to "Enable IPv6 Connection Sharing"

I don't see a way to disable IPv6 altogether. Any suggestions on settings? Is there any disadvantage to disabling IPv6?

rotblitz · ‎03-17-2020

"Link-local only" sounds like the correct option. This should disable external IPv6 connectivity.

Another option is possibly "Manually" if this allows to configure DNS server addresses from the following list:
::ffff:d043:dedc ::ffff:d043:dcde ::ffff:d043:dede ::ffff:d043:dcdc

The disadvantage of disabling IPv6 is that you cannot reach IPv6-only destinations, and that your internet may be a bit slower.

acousticbiker · ‎03-18-2020

Thanks for your help, rotblitz. Looking into it more, I think I’d prefer not to turn off IPv6.

Is there an advantage to using the manual addresses you provided over the addresses OpenDNS offers (which I just noticed)? https://www.opendns.com/about/innovations/ipv6/

I just tried entering the OpenDNS IPv6 addresses manually into my router and the welcome.opendns.com test is now successful, but OpenDNS Updater shows IP as ‘unavailable’ and content does not appear to be filtered

rotblitz · ‎03-18-2020

Correct, these IPv6 addresses do not support your dashboard settings. Only the addresses provided by me take care of your dashboard settings.

acousticbiker · ‎03-18-2020

Ok, so I entered the first two of your suggested addresses into my router settings and kept it at "Automatic" and see that OpenDNS Updater now shows my IP and the content filter works. Interestingly, when I went back into my router settings, I see that the IPv6 addresses were changed to:

::ffff:208.67.222.220

::ffff:208.67.220.222

Also, when I got to the network settings on my computer, I still see the following DNS addresses (same as before, without the ability to change it manually):

10.0.1.1 and the address from the debug above

rotblitz · ‎03-19-2020

Great, this is all exactly as it should be.

acousticbiker · ‎03-19-2020

Thanks for all the help!

acousticbiker · ‎05-29-2020

rotblitz, I'm back trying to setup OpenDNS in a different location. After entering the OpenDNS addresses, it looks like OpenDNS is still not being used. So I've run the diagnostics you mentioned in the hope you can kindly help again:

nslookup -type=txt debug.opendns.com

Server: 192.168.0.1

Address: 192.168.0.1#53

Non-authoritative answer:

*** Can't find debug.opendns.com: No answer

Authoritative answers can be found from:

opendns.com

origin = auth1.opendns.com

mail addr = noc.opendns.com

serial = 1590788679

refresh = 16384

retry = 2048

expire = 1048576

minimum = 2560

nslookup whoami.akamai.net

Server: 192.168.0.1

Address: 192.168.0.1#53

Non-authoritative answer:

Name: whoami.akamai.net

Address: 76.xx.47.yyy

rotblitz · ‎05-30-2020

You‘re not using OpenDNS, but a DNS service 76.xx.47.yyy. As if you haven’t configured your router at 192.168.0.1.

acousticbiker · ‎05-30-2020

Hmm, any idea on how I might be able to fix? I’m using a TP-Link TL-WR902AC router on Comcast and have entered the OpenDNS addresses in the DHCP settings. IPv6 is off by default.

rotblitz · ‎05-30-2020

If you enter the OpenDNS addresses into the DHCP settings, they would become visible on your computer instead of 192.168.0.1.
I don’t know your router, so cannot provide instructions.

Update: I had a quick check at your user manual, and you really should configure it on the WAN side, not under DHCP. “Set DNS server manually”