Open DNS Filtering Not Working

ed.k · ‎08-31-2019

Hello,

I've got OpenDNS setup and it was working for 6-8 months, however all of a sudden the filtering stopped working.

I went into the console and added a few sites that I wanted always blocked, and now nothing is blocked.

I have the settings on Moderate, which should block pornography however I can now access all porn sites.

I have verified that my public IP address is properly listed in OpenDNS

I have verified that my clients are using the Open DNS name servers - these DNS server addresses are handed out by my DHCP server.

What else can I look for to help resolve this?

rotblitz · ‎09-01-2019

Copy & paste the complete plain text output of the following diagnostic commands to here:
nslookup -type=txt debug.opendns.com.
nslookup whoami.akamai.net.
nslookup www.exampleadultsite.com.

ed.k · ‎09-02-2019

C:\Users\edk>nslookup -type=txt debug.opendns.com
Server: resolver1.opendns.com
Address: 208.67.222.222

opendns.com
primary name server = auth1.opendns.com
responsible mail addr = noc.opendns.com
serial = 1567446110
refresh = 16384 (4 hours 33 mins 4 secs)
retry = 2048 (34 mins 8 secs)
expire = 1048576 (12 days 3 hours 16 mins 16 secs)
default TTL = 2560 (42 mins 40 secs)

C:\Users\edk>nslookup whoami.akamai.net
Server: resolver1.opendns.com
Address: 208.67.222.222

Non-authoritative answer:
Name: whoami.akamai.net
Address: 69.252.244.149

C:\Users\edk>nslookup www.exampleadultsite.com
Server: resolver1.opendns.com
Address: 208.67.222.222

Non-authoritative answer:
Name: www.exampleadultsite.com
Address: 146.112.255.155

C:\Users\edk>nslookup www.pornhub.com
Server: resolver1.opendns.com
Address: 208.67.222.222

Non-authoritative answer:
Name: pornhub.com
Address: 66.254.114.41
Aliases: www.pornhub.com

rotblitz · ‎09-02-2019

You are not using OpenDNS, but Comcast’s DNS service. You must call Comcast to opt out from this DNS redirection.

ed.k · ‎09-02-2019

I don't understand - everything above shows that I'm using OpenDNS - where do you see Comcast?

rotblitz · ‎09-03-2019

Nothing shows you're using OpenDNS, but to the contrary. The evidences:

A TXT request for debug.opendns.com returns NXDOMAIN and an SOA record for opendns.com. This is being returned if OpenDNS is not being used. OpenDNS would return a bunch of TXT records in this case.
Querying the diagnostic domain whoami.akamai.net reveals 69.252.244.149 as the source of the DNS query which is a Comcast owned IP address, not an OpenDNS IP address, saying the query came from Comcast, not from OpenDNS.

If you need another proof, you visit the test site http://welcome.opendns.com/
or see the output of "nslookup -type=txt which.opendns.com.".

Again, your DNS traffic is being redirected. You must call your ISP to opt out from this redirection.

ed.k · ‎09-03-2019

ok - that makes sense now

I wasn't sure how Comcast could be intercepting those DNS requests

But apparently they turned on something called "Advanced Security"

I went into my xFi settings and disabled it.

I have a router sitting behind their modem, so apparently they are able to tweak settings on my behalf.

Here's a screenshot for anyone down the road who might run into this - Under Network / Security

support.opendns.com_hc_user_images_xk77BY0Tjt4Ni17kdESRbQ.png

rotblitz · ‎09-03-2019

Great! I think I have heard about this already before.
And a similar issue is described at https://support.opendns.com/hc/en-us/articles/227988687

And I've also seen cases where Comcast interfered with the DNS traffic for redirection - apparently not in your case.

denmarkten · ‎09-19-2020

Hi - please can someone help me too. The filtering was working for several years. I have recently upgraded my internet service with Utility Wharehouse and now, even though I have my filtering set to high, porn sites etc are visible.

Please can someone help me resolve this. Thanks

rotblitz · ‎09-19-2020

Ok, I’m waiting for the information I have asked for above.

fnovak313 · ‎03-31-2021

Hello, thank you rotblitz for posting this answer. I tried the command you recommended and got this:

debug.opendns.com text =

"server r6.prg1"
debug.opendns.com text =

"flags 40020 0 70 180000000000000000007950800000000000000"
debug.opendns.com text =

"originid 0"
debug.opendns.com text =

"orgflags 2000000"
debug.opendns.com text =

"actype 0"
debug.opendns.com text =

"source 46.13.45.172:34985"

C:\Users\filip>nslookup whoami.akamai.net.
Server: Comtrend.Home
Address: 10.0.0.138

Non-authoritative answer:
Name: whoami.akamai.net
Addresses: 2a04:e4c0:15::69
146.112.129.69

C:\Users\filip>nslookup www.exampleadultsite.com.

Could you please point me to what is wrong with my openDNS? It doesn't filter at all.

Thank you!

Filip

stonelar · ‎08-10-2021

I'm having the same problem as described in this thread. Here are my query results:

nslookup -type=txt debug.opendns.com
Server: RT-AX82U-22F0
Address: 10.0.0.1

Non-authoritative answer:
debug.opendns.com text =

"server m55.lax"
debug.opendns.com text =

"flags 40020 0 50 180000000000000000003B504027F00F11896F3"
debug.opendns.com text =

"originid 526481053"
debug.opendns.com text =

"actype 2"
debug.opendns.com text =

"bundle 13172242"
debug.opendns.com text =

"source 76.221.173.243:41196"

=================================================

nslookup whoami.akamai.net
Server: RT-AX82U-22F0
Address: 10.0.0.1

Non-authoritative answer:
Name: whoami.akamai.net

Address: 162.253.68.178

=================================================

nslookup www.exampleadultsite.com
Server: RT-AX82U-22F0
Address: 10.0.0.1

Non-authoritative answer:
Name: www.exampleadultsite.com
Addresses: ::ffff:146.112.61.106
146.112.255.155

=================================================

nslookup -type=txt which.opendns.com
Server: RT-AX82U-22F0
Address: 10.0.0.1

Non-authoritative answer:
which.opendns.com text =

"r2001.lax"

More info: When I try welcome.opendns.com I also get the big red "X" indicating that my configuration is not working with OpenDNS. Furthermore, I have an ASUS router which is successfully registered with DNS-O-Matic and it's updating my dynamic IP on a regular basis.

Please help!

stonelar · ‎08-10-2021

support.opendns.com_hc_user_images_Q8TkNaqKCHvnVxQt3qgiqQ.jpeg I think I may have solved my problem (above) by setting up "Firewall - Network Services Filter" rules on my router. This is something I tried before and it didn't work, but this time it seems I have all the puzzle pieces, and it's working. Here is the "deny" list I made in my (Asus) router config: support.opendns.com_hc_user_images_cNVuzInXyKmDBa2SnaLs2A.jpeg

P.S. I spoke too soon :( now it's back to not working again for unknown reasons. It was working fine for a couple of minutes though, which is more than I could ever get it to work before. Maybe I'm having the same issue as that Comcast person that needed to call his isp.

P.S.S. My phone is showing positive working results, but my computer isn't. It's almost as if as soon as I opened the welcome.opendns.com page on my phone, my desktop stopped working... or is that a coincidence?

johnstest · ‎12-03-2022

I am in the same boat. Here are my query results:

nslookup -type=txt debug.opendns.com.
Server: UnKnown
Address: 192.168.1.1

opendns.com
primary name server = auth1.opendns.com
responsible mail addr = noc.opendns.com
serial = 1670087805
refresh = 16384 (4 hours 33 mins 4 secs)
retry = 2048 (34 mins 8 secs)
expire = 1048576 (12 days 3 hours 16 mins 16 secs)
default TTL = 2560 (42 mins 40 secs)

nslookup whoami.akamai.net.
Server: UnKnown
Address: 192.168.1.1

Non-authoritative answer:
Name: whoami.akamai.net
Address: 204.17.177.153

nslookup www.exampleadultsite.com.
Server: UnKnown
Address: 192.168.1.1

Non-authoritative answer:
Name: www.exampleadultsite.com
Address: 146.112.255.155

johnstest · ‎12-03-2022

Except in my case, the filtering is working on our 2.4Ghz network, but not this 5Ghz network.