OpenDNS configuration issue on Tablet

[rageagainstmachine]

Hi guys, 

 

 

I have been trying , without success, to configure OpenDNS on my daughters Galaxy Tab S. I am wondering if it has to do with IPv6 vs IPv4? I haver her tablet set up with static IP. and I have used the 208.67.222.222 and 208.67.220.220 as the DNS. I can access the internet ok, but no web censoring is taking place as expected by OpenDNS. 

 

My ISP is Sky. Currently, I have OpenDNS dashboard configured to my current IPV4. but I have to confess to being slightly confused by my IP. When I google "whats my IP" sometimes it returns, my V4, other times it returns my V6. sometimes both, sometimes it tells me V4 not found. is this normal? I understand OpenDNS doesn’t support v6 hence why Im wondering if this is the issue. I presumed Sky provide me with two concurrent IPs, one for V4 and V6?

 

Anyway, hopefully  someone can help. Thanks.

 

[Xahid]

Yea, I think, its due to IP V6.
you should ask your ISP to disable IP V6 and ask for static IP if they can provide you.

[+BudMan MVC]

Can't you just disable ipv6 at your router?

 

But looks like they do support ipv6 on opendns

https://www.opendns.com/about/innovations/ipv6/

 

But maybe it doesn't support filtering?

"Note: IPv6 support in OpenDNS is limited to standard recursive DNS."

 

I have not played with opendns in years and years - so not sure.. 

 

Looks like you can not use any custom filtering

https://support.opendns.com/hc/en-us/articles/227986667-Does-OpenDNS-Support-IPv6-

"Custom content filtering cannot be set for IPv6 traffic."

 

I would really just look to turn it off at your router if you don't want your clients using because of filtering you want to do with opendns.. What router do you have?

[xendrome]

208.67.222.222 and 208.67.220.220

 

Does not filter anything on the web.

 

You should be using these - 

208.67.222.123

208.67.220.123

[+BudMan MVC]

Those are for "family shield" where did he state he was using that - the standard .220 and .222 will filter..

 

 

When I tried setting just their ipv6 address - that site wouldn't even resolve.. Other stuff would - but their testing sites (internetbadguys wouldn't) So maybe it does filter, but as mentioned in the link I posted, it can not do anything custom.

 

The simple solution is just to disable IPv6 completely, atleast for the network segment this tab is on.  Since I do not think it possible to disable ipv6 on android devices without rooted device.

[rageagainstmachine]

1 hour ago, xendrome said:

208.67.222.222 and 208.67.220.220

 

Does not filter anything on the web.

 

You should be using these - 

208.67.222.123

208.67.220.123

 

Not according My OpenDNS, dashboard.

 

The OpenDNS nameservers are 208.67.222.222 and 208.67.220.220.

[xendrome]

16 minutes ago, rageagainstmachine said:

 

Not according My OpenDNS, dashboard.

 

The OpenDNS nameservers are 208.67.222.222 and 208.67.220.220.

Were you trying to filter explicit content?

[+BudMan MVC]

The normal IPs for dns are

That is right off my dashboard - hadn't logged in ages..

The OpenDNS nameservers are 208.67.222.222 and 208.67.220.220.

 

This will allow you to set a filter level, high, low, etc. 

 

So while ipv6 settings might filter out BAD stuff, I do not think it allows you to anything custom from what I have read.  If he wants to leverage his setting for IPv4, then the simple solution is to just disable IPv6 at his router.. This really should be a simple click in his router.  Just because the ISP offers it, does not mean your router has to allow it, etc.

 

 

[Mindovermaster Moderator]

@BudManAny reason you have nudity checked? 🤣

[+BudMan MVC]

That is just what the custom defaults to I believe.. I have not touched this in years and years and years..  I never setup anything custom that I recall - I was using squid back in the day when I had 13 and 14 year old boys to worry about   Opendns didn't even come out until my youngest was 17, so doubt I would of even used it then, etc.  Maybe??

 

But again I don't actually use it - just still had an account on it.

 

I resolve all my dns, I don't forward to anyone.

[rageagainstmachine]

Hi guys, 

 

Been doing some digging, looks like my issue might be to do with a router firmware update sky has rolled out which prevents me using 3rd party DNS on my local devices https://www.ispreview.co.uk/index.php/2019/04/FIRMWARE-UPDATE-FOR-UK-SKY-BROADBAND-ISP-ROUTERS-BOTCHES-DNS.HTML. If that's the case, I'll consider replacing this router. 

 

 

Budman, you helped me out years ago  (> 10 years I'd say) selecting my lknksys modem and router. Wondering if you might be able to recommend an all in one solution to replace my sky Q router. I understand it needs to support Option 61 and MER? 

[+BudMan MVC]

39 minutes ago, rageagainstmachine said:

prevents me using 3rd party DNS on my local devices

You mean its dhcpd doesn't allow you to hand out different dns IPs... Simple solution there is just run your own dhcp server, or set your dns statically on the devices.

 

What are you running now?  What is your full kit - if its was from 10 years ago.. Then YEAH you need a refresh

[rageagainstmachine]

21 minutes ago, BudMan said:

You mean its dhcpd doesn't allow you to hand out different dns IPs... Simple solution there is just run your own dhcp server, or set your dns statically on the devices.

 

What are you running now?  What is your full kit - if its was from 10 years ago.. Then YEAH you need a refresh

I was setting static DNS on the local devices. There is also no option to configure/change a static DNS on Sky Q modem router. Maybe I've misunderstood that article, but I took from it that Sky Q router (which I have) is able to ignore all static DNS which have been configured on local devices in favour for Sky DNS in a secret, unwelcoming and non transparent manner! 

 

I've not been using that linksys set up for years lol. I just meant you helped back then 🙂

[+BudMan MVC]

"they can request a roll-back to the previous firmware"

 

That is what I would do until you can get your own device.

[adrynalyne]

6 minutes ago, BudMan said:

"they can request a roll-back to the previous firmware"

 

That is what I would do until you can get your own device.

 Off topic but Cox has started doing this with their modems too. Some ISPs are jerks. 

[+BudMan MVC]

What the F is up with everyone wanting to get your dns as of late.. Mozilla and their switch to default doh.. Google thinking of doing the same thing.

 

You have a ISP that is hijacking your dns - yeah get off that ISP is what I would do..

[rageagainstmachine]

I bought and configured my new TP Link VR2800 today. Open DNS now working as expected from my daughters tablet. I also permanently changed the DNS in my router to goggles servers too. Feels good regaining a little control again; I cannot lie!

[+Warwagon MVC]

On 9/12/2019 at 6:24 AM, BudMan said:

What the F is up with everyone wanting to get your dns as of late.. Mozilla and their switch to default doh.. Google thinking of doing the same thing.

 

You have a ISP that is hijacking your dns - yeah get off that ISP is what I would do..

For some they might not have very many choices. In my case if I wanted to leave my ISP which by the way I LOVE, i'd have to switch to frontier and sacrifice my 150 Mbps connection for some ###### 5 - 20 Mbps frontier connection. As for DNS, i've used opendns for what seems like forever.

[+BudMan MVC]

If you want to encrypt your dns, you want to route it through a vpn -- all fine.. More power to ya.. But what is WRONG, is any application looking to circumvent local controls and send the data over a common ssl port to their choice of dns providers.. Is BS plain and simple..  Browser should use the dns that is configured in the OS.. Not try and sneak all your dns queries to their partner in crime because the user doesn't have the the know how to disable or know any better and think they are doing a good thing for them.

 

I have already set that canary domain to NX on my network, and set the trr to 5.. Firefox better not freaking enable doh or I will be using a different freaking browser that is for damn sure.

 

And it sure is not the ISP place to be dicking with your dns queries.