OpenDNS No longer Blocking Added Domains

uncledirt-nap · ‎06-07-2020

After using OpenDNS successfully for awhile domains added to my list suddenly stopped being blocked.

I double checked the setting on my router, submitted a help ticket and got a response(s) telling me to try something and asking for permission to look at my account settings only to be told everything seems to be working correctly from their end, though it's clearly not.

Let it all sit for awhile as things got busy at work due to the lockdown and everyone at working going remote, found some time this weekend to pick back up. I decided to scrap my old account and settings and start from scratch with new email address and everything and test by just adding a couple domains, nada. Still not working.

Router (Verizon Quantum G1100) has all the correct settings as far as I can tell, the command line instructions testing with nslookup say the traffic is going to the Opendns name servers, but when I try to test using the link to https://welcome.opendns.com/ it says "Opps You aren't using Opendns yet. Let's fix that ..." While the OpenDNS Updater Client says I am using using it.

Kinda at a loss here.

rotblitz · ‎06-07-2020

Your problem is not that no domains are being blocked, but that you are not using OpenDNS.

What browser are you using? Do you run an AVG or Avast appliance?

uncledirt-nap · ‎06-07-2020

That doesn't really make sense. Like I said, when I first set it all up websites in my always block list were being blocked for awhile, then suddenly stopped for no apparent reason. The update client says I am using it, the network setting seem right every I check. If I'm not using it then there's something missing in the instructions on how to set it up because everything appears to be right and it did work.

I'm using Firefox and set the custom url in the Use DNS over HTTPS settings ... which by the way isn't really mentioned in the setup instructions BTW.

Also, I did come to realize that I can get it to work to some degree by using the categories in the custom web filtering section, but they're to broad to be of much use. It's only the individual domains in the always block list that don't work.

rotblitz · ‎06-08-2020

That really all makes perfectly sense.

One option is to disable “Use DNS over HTTPS” in FireFox, else you may use CloudFlare DNS, not OpenDNS.

Alternatively, if you still want to use DNS over HTTPS, with OpenDNS, then you follow these instructions:
https://support.opendns.com/hc/en-us/articles/360038086532

Or was this what you meant by "set the custom url in the Use DNS over HTTPS settings" and it still does not work?

uncledirt-nap · ‎06-08-2020

Turning off DNS over HTTPS was one of first things I tried, it didn't make any difference. OpenDNS provides a URL for this function to enable it; https://doh.opendns.com/dns-query tried that and it provides the same result. Broad categories can be blocked, but not individual domains.

I came up with another way to test whether I was using OpenDNS or not and it sure seems I am. I blocked the broad category of News and then put some individual domains in the Never Block list and that worked, all sites tagged as news were blocked but I was able to reach the ones I added to the never block list, but with a limit of 25 domains that's not really a practical work around.

rotblitz · ‎06-08-2020

What does http://welcome.opendns.com/ say now?

Post the complete plain text output of the following diagnostic commands to here.
nslookup -type=txt debug.opendns.com.
nslookup whoami.akamai.net.