How did you block this site, via category or by individually blocking?  If the latter, and you have www.xhamster.com in your "always block" list, it will not block m.xhamster.com, of course.  You had to have xhamster.com in your blacklist to make it work for all subdomains, not just www.

Also, did you flush your caches after settings changes?  Or do you use IPv6 connectivity over the internet?

If it isn't any of those, then post the complete plain text output of the following diagnostic commands here:

   nslookup -type=txt debug.opendns.com. 
   nslookup www.exampleadultsite.com. 
   nslookup www.xhamster.com.
   nslookup m.xhamster.com.

"I'm on a static IP, using PFSense firewall in front of everyone and blocking port 53 requests"

This is all irrelevant for your issue.  Where do you have the OpenDNS resolver addresses configured?  Did you ensure to use OpenDNS resolver addresses only, not any others, or leaving DNS server fields empty?

Thanks for yu response rotblitz.

I tried adding xhamster.com and m.xhamster.com to my always block list but they are still coming through.  I did fluch the dns entries on the PC I was using and restarted the dnsmasq service in pfsense. The OpenDNS resolver addresses are stored in PFsense and are the only servers that are listed (the other 2 fields are empty).

Here are the results from the nslookups:

C:\Users\Matt>nslookup -type=txt debug.opendns.com
Server:  fw01.localdomain
Address:  192.168.61.1

Non-authoritative answer:
debug.opendns.com       text =

        "server 7.syd"
debug.opendns.com       text =

        "flags 20 0 2F6 D00FF00300814C3"
debug.opendns.com       text =

        "originid 18762691"
debug.opendns.com       text =

        "actype 2"
debug.opendns.com       text =

        "bundle 5491861"
debug.opendns.com       text =

        "source 222.154.235.3:59259"

C:\Users\Matt>nslookup www.playboy.com
Server:  fw01.localdomain
Address:  192.168.61.1

Non-authoritative answer:
Name:    www.playboy.com
Addresses:  67.215.65.130
          67.215.65.130


C:\Users\Matt>nslookup www.xhamster.com
Server:  fw01.localdomain
Address:  192.168.61.1

Non-authoritative answer:
Name:    www.xhamster.com
Addresses:  67.215.65.131
          67.215.65.131


C:\Users\Matt>nslookup m.xhamster.com
Server:  fw01.localdomain
Address:  192.168.61.1

Non-authoritative answer:
Name:    m.xhamster.com
Addresses:  67.215.65.131
          67.215.65.131

You're using OpenDNS, data centre Sydney, and your IP address 222.154.235.3 is registered with OpenDNS network ID 18762691.  You have configured the OpenDNS resolver addresses on a device fw01.localdomain [192.168.61.1].

"The OpenDNS resolver addresses are stored in PFsense and are the only servers that are listed (the other 2 fields are empty)."

So fill these two other fields with 208.67.222.220 and 208.67.220.222.  Else you will be using OpenDNS randomly only.

One of the commands was "nslookup www.exampleadultsite.com.", but not "nslookup www.playboy.com".  The site www.exampleadultsite.com really exists and is owned by OpenDNS for testing purposes...

Well, www.playboy.com is being blocked by category (returned IP 67.215.65.130 for hit-adult.opendns.com), whereas www.xhamster.com and m.xhamster.com are being blocked individually (returned IP 67.215.65.131 for hit-block.opendns.com).  You can remove all xhamster entries from your "always block" list, because they would be blocked nevertheless by category.

Are you still able to visit xhamster.com and m.xhamster.com?

Does ping return the real IP addresses of these domains?

   ping xhamster.com 
   ping m.xhamster.com

Then you didn't correctly flush both, your local resolver cache, also on PFSense, and your browser cache, or the browser being used does not use your system settings, but somehow circumvents OpenDNS.  What browser are you using?

I've added the two new DNS servers. no change.

C:\Users\Matt>nslookup www.exampleadultsite.com
Server:  fw01.localdomain
Address:  192.168.61.1

Non-authoritative answer:
Name:    www.exampleadultsite.com
Addresses:  67.215.65.130
          67.215.65.130

The pings are below.  It's not a local caching issue because I can navigate to new pages and they load fine.

C:\Users\Matt>ping www.xhamster.com

Pinging www.xhamster.com [67.215.65.131] with 32 bytes of data:
Reply from 67.215.65.131: bytes=32 time=76ms TTL=54
Reply from 67.215.65.131: bytes=32 time=76ms TTL=54
Reply from 67.215.65.131: bytes=32 time=76ms TTL=54
Reply from 67.215.65.131: bytes=32 time=74ms TTL=54

Ping statistics for 67.215.65.131:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 74ms, Maximum = 76ms, Average = 75ms

C:\Users\Matt>ping m.xhamster.com

Pinging m.xhamster.com [67.215.65.131] with 32 bytes of data:
Reply from 67.215.65.131: bytes=32 time=77ms TTL=54
Reply from 67.215.65.131: bytes=32 time=79ms TTL=54
Reply from 67.215.65.131: bytes=32 time=76ms TTL=54
Reply from 67.215.65.131: bytes=32 time=85ms TTL=54

Ping statistics for 67.215.65.131:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 76ms, Maximum = 85ms, Average = 79ms

C:\Users\Matt>ping www.xhamster.com

Pinging www.xhamster.com [67.215.65.131] with 32 bytes of data:
Reply from 67.215.65.131: bytes=32 time=84ms TTL=54
Reply from 67.215.65.131: bytes=32 time=106ms TTL=54
Reply from 67.215.65.131: bytes=32 time=132ms TTL=54
Reply from 67.215.65.131: bytes=32 time=135ms TTL=54

Ping statistics for 67.215.65.131:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 84ms, Maximum = 135ms, Average = 114ms

I'm using firefox but I just tried chrome and get the same issue.  The users can't circumvent OpenDNS because there is no way to bypass PFSense and still connect to the internet.

From the sounds of the above, since xhamster.com appears to have been visited before the blocks were in place, the most likely culprit of the lack of blocking is cached non-blocked DNS entries and browser cache data. 

We'd also recommend, as mentioned above, that if there are multiple DNS server addresses to fill each one with OpenDNS addresses: 208.67.220.220 and 208.67.222.222 are the main two, and 208.67.220.222 and 208.67.222.220 are two additional for a 3rd and 4th slot. 

Hi Alexander.  The category blocks for xhamster would of been in place when I first setup OpenDNS on my network months ago.

I only noticed m.xhamster.com because I was looking at my sons phone browser history. 

I added the domains to always block to see if that would help.

I'm not sure why the xhamster domain is being so differcult.  I also added reddit.com and imgur.com to my always block list and after 3 mins they are blocking correctly.

From your outputs everything is perfect and blocking should take effect.  OpenDNS doesn't return the real IP addresses for these sites, but their own ones which would redirect to the block page.  There's nothing more OpenDNS could do for you.

That said, if you can still visit these sites, then your browsers disregard the system (computer and PFSense) settings.  Do you have a proxy configured in some way?  Or use browser-addons which use proxy technology?  Or do you use an internal proxy server or VPN technology?  These would be good reasons why your browsers circumvent your OpenDNS settings.  What message does http://welcome.opendns.com/ show up with?

"blocking port 53 requests that aren't directed at the PFSense interface...  The users can't circumvent OpenDNS because there is no way to bypass PFSense and still connect to the internet."

This is what you think.  If there's some form of proxy or VPN in use, it is still possible to circumvent OpenDNS, despite your port 53 blocking.

Hi.  There is no proxy or VPN in play.  A linux box which has been off for months shows the same issue.  Interestingly part of the m.xhamster.com page is being blocked by OpenDNS (syndication.exoclick.com).

I agree that the nslookup and ping commands show that openDNS is being used and is returning the right information.

I just can't figure out why this one site is not being blocked.  As I said imgur and reddit were added about an hour ago and they are being blocked with no issue on the same PC's.  I could understand it better if OpenDNS wasn't being used at all but it seems that for this one domain something is causing an issue for me.

Is there any chance that the phone visiting m.xhamster.com was visited over the cellular network which would have been an unfiltered request?

No data allowed over the cell network but it'spossible they got to m.xhamster.com from another wireless site (maybe a friends house) that hasn't blocked it.

I still can't figure out why PC's that have never been there before are showing the same issue.

Based on your account, any requests that are making it to OpenDNS from your registered IP have been filtered. Somehow, some requests aren't making it through to OpenDNS, or aren't leaving your network from the IP address registered to your Dashboard. Based on the test in your earlier reply, that lookup did report that it was associated with your account. 

A way to try and diagnose the issue is to run the following nslookup command across the computers that aren't working and see if any report a originid that is correct (18762691): nslookup -type=txt debug.opendns.com. An in-browser test is to visit http://welcome.opendns.com. 

The output from that nslookup shows the correct originID and the welcome page looks fine.

All these indications lead to the setup working correctly. Next time it's not working right, follow up with the results of a diagnostic test with the instructions from https://support.opendns.com/entries/21841580 if nslookup -type=txt debug.opendns.com shows some incorrect information. The key to tracking down the issue would be to catch it when it isn't working. 

I'd also confirm that the filtering is working in Incognito/Private browsing if the filtering isn't working in the browser. There is a chance a browser extension is being used to bypass OpenDNS like the near-VPN ZenMate. Incognito mode disables all addons so it can be used as a test.