Buy or Renew
Buy or Renew
NOTICE: OpenDNS Service Currently Not Available To Users In Belgium. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3845
Views
2
Helpful
12
Replies

What are the IPv6 addresses for OpenDNS?

revereann
Level 1
Level 1

‎11-24-2016 02:45 AM

Are they 6001:0:ccc:2?

Labels:
12 Replies 12

rotblitz
Level 6
Level 6

‎11-24-2016 07:08 AM

In case you just want pure DNS without enhanced features: 
https://www.opendns.com/about/innovations/ipv6/

2620:0:ccc::2
2620:0:ccd::2

In case you want to use the enhanced features like content filtering and logs and stats:

::ffff:d043:dede
::ffff:d043:dcdc
::ffff:d043:dedc
::ffff:d043:dcde
0 Helpful

rroberts12
Level 1
Level 1

‎11-02-2017 12:25 AM

Are those current for IPv6? (the filtering, & etc. addresses). Inputting those into Google WiFi results in an error.

0 Helpful

rotblitz
Level 6
Level 6

‎11-02-2017 01:41 AM

Yes, those are all current.  What exact error is being raised when you enter them exactly where?  Can you post a screen shot?

0 Helpful

joeg123
Level 1
Level 1

‎11-14-2017 07:46 AM

sorry, dumb question here, but my router requires 8 hex fields, each separated by a colon. I cannot enter 2620:0:ccc::2 into the field. I need 8 separate entries.  Also, if you provide the answer, and i use this for my ipv6 dns, will opendns resume filtering? 

 
0 Helpful

mattwilson9090
Level 4
Level 4

‎11-14-2017 08:04 AM

@joeg123 You need to read the entire thread, your answer about OpenDNS resuming filtering is already answered there.

As for the 8 fields, IPv6 notation allows for :: to replace consecutive octets (one of the eight groups of 4 characters) of all 0's, so in the address you listed, the :: takes the place of 0000:0000:0000:0000. Also in IPv6 notation leading 0's in an octet can be dropped, so technically ccc is actually 0ccc and 2 is actually 0002

joeg123
Level 1
Level 1

‎11-14-2017 08:21 AM

Thanks for the help.

OK, for those reading this, you need to enter

0000:0000:0000:0000:0000:ffff:d043:dede
0000:0000:0000:0000:0000:ffff:d043:dcdc

into your ipv6 DNS setting on your router.  The filtering with then work again.

0 Helpful

rgrue
Cisco Employee
Cisco Employee

‎08-21-2018 01:42 PM

Just to clarify, while the old IPv6 addresses that don't provide filtering still work, if you want normal resolver filtering for OpenDNS, you can use the following addresses:

 

2620:119:35::35

2620:119:53::53

Those would be preferable to using the ::ffff:d043:dede ones mentioned above. 

 

0 Helpful

rotblitz
Level 6
Level 6

‎08-22-2018 05:54 AM

Unless these IPv6 destinations are able to obtain your IPv4 address too, to be applied to your dashboard settings, using these addresses will have no effect regarding dashboard settings, because you cannot register your IPv6 address (range), just your IPv4 address (range).

If you just want plain DNS without any customization, then these addresses may work, although they are thought to be used with Cisco Umbrella only.  When I find time, I will investigate further about 2620:119:35::35 and 2620:119:53::53.

0 Helpful

rotblitz
Level 6
Level 6

‎08-23-2018 02:23 PM

I have tested out now 2620:119:35::35 and 2620:119:53::53.  These are not DNS resolver addresses and do not respond on DNS queries.  If you configure them, your system might detect this and may fall back to IPv4 in the ideal case.  But you will see much delays with everything, because the timeout must be reached first.   Not a good idea to use these addresses at all.

 

0 Helpful

rgrue
Cisco Employee
Cisco Employee

‎08-23-2018 03:01 PM

I can assure you that they are valid DNS resolvers and respond fully. Here's an example from one of my VPCs in LA (I've modified my origin ID, org ID, and source address for privacy):

robbie@server ~ > dig @2620:119:35::35 debug.opendns.com txt

; <<>> DiG 9.9.5-3ubuntu0.17-Ubuntu <<>> @2620:119:35::35 debug.opendns.com txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64146
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debug.opendns.com. IN TXT

;; ANSWER SECTION:
debug.opendns.com. 0 IN TXT "server m37.pao"
debug.opendns.com. 0 IN TXT "flags 20 0 1040 1C00000000070000000039FF000000000000000"
debug.opendns.com. 0 IN TXT "originid 00000000"
debug.opendns.com. 0 IN TXT "orgid 00000"
debug.opendns.com. 0 IN TXT "orgflags 27"
debug.opendns.com. 0 IN TXT "actype 0"
debug.opendns.com. 0 IN TXT "bundle 00000"
debug.opendns.com. 0 IN TXT "source [IP_obscured]:56673"

;; Query time: 2 msec
;; SERVER: 2620:119:35::35#53(2620:119:35::35)
;; WHEN: Thu Aug 23 21:51:01 UTC 2018
;; MSG SIZE rcvd: 323

 

This is obviously an Umbrella account instead of an OpenDNS account, but both use the same set of resolvers. While you're correct that there is currently no way to register your IPv6 addresses in OpenDNS, these resolvers would function properly for any identities that could be sent to them, eg, network devices using a device ID. As such, they are preferred over the sandbox IPs so that protection can take effect when OpenDNS adds support for registering IPv6 addresses in the future.

0 Helpful

rotblitz
Level 6
Level 6

‎08-23-2018 03:20 PM

"This is obviously an Umbrella account instead of an OpenDNS account"

Correct, this is the difference.  And therefore these resolvers cannot be used outside of Umbrella, i.e. for OpenDNS Home versions, because they do not respond, as I said.

nslookup -timeout=8 -type=txt debug.opendns.com. 2620:119:35::35
;; connection timed out; no servers could be reached

nslookup -timeout=8 -type=txt debug.opendns.com. 2620:119:53::53
;; connection timed out; no servers could be reached

So please do not recommend things which cannot be used yet.  You are here in the OpenDNS forum, not the Umbrella forum...

"I can assure you that they are valid DNS resolvers and respond fully."

After all, this is not true for the audience represented here.

"they are preferred over the sandbox IPs so that protection can take effect when OpenDNS adds support for registering IPv6 addresses in the future."

Even more, they are to be used instead of the sandbox resolvers.  OpenDNS are working on it.  We have to wait for the solution coming up.

Edit:

I have tested again 2620:119:35::35 and 2620:119:53::53 today.   Now I get DNS responses from them.  But still they cannot be used yet to use OpenDNS with dashboard settings, because IPv6 addresses (prefixes) cannot be registered at the dashboard.

Not sure what the problem was yesterday, but it was most likely something with my ISP or the network carriers involved.

0 Helpful

rgrue
Cisco Employee
Cisco Employee

‎09-04-2018 04:34 PM

OpenDNS supports recursive IPv6 DNS resolution and security filtering for IPv6 traffic. Our IPv6 DNS server addresses are:

2620:119:35::35
2620:119:53::53

Currently, it is not possible for users to register IPv6 addresses in the OpenDNS Dashboard. Custom content filtering cannot be set for IPv6 traffic.

For users with both IPv4 and IPv6 on their internal network, we would recommend that you do not configure an IPv6 DNS server if possible, in order to force your clients to use IPv4 for DNS.

If this is not possible for some reason, and an IPv6 DNS server must be specified, then you can use the IPv4-mapped IPv6 addresses of the OpenDNS resolvers in order to redirect clients to IPv4:

::ffff:d043:dede
::ffff:d043:dcdc
::ffff:d043:dedc
::ffff:d043:dcde

For users looking for an RFC-compliant DNS service that does not provide any level of filtering, the following IPv6 DNS server addresses can be used instead:

2620:0:ccc::2
2620:0:ccd::2
0 Helpful
Customers Also Viewed These Support Documents