Netgate SG-1000 microFirewall

Author Topic: OpenDNS not blocking sites  (Read 230 times)

0 Members and 1 Guest are viewing this topic.

Offline mrkool

  • Newbie
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
OpenDNS not blocking sites
« on: January 01, 2018, 11:13:37 pm »
SO i have the pfsense setup to use opendns servers as DNS resolver and i do have a opendns account setup to block porn etc but it doesn't seem to be working. on the pfsense i get 127.0.0.1 and than the 208.67.222.222.and 208.67.220.220. on the clients all i get for dns is my pfsense ip addresss. everything local and on the internet is resolving just fine just no filtering.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 15741
  • Karma: +1470/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: OpenDNS not blocking sites
« Reply #1 on: January 02, 2018, 04:33:55 am »
So you set unbound to forward to opendns?  If not unbound is a resolver and will resolve not forward.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Online Gertjan

  • Hero Member
  • *****
  • Posts: 2583
  • Karma: +208/-9
    • View Profile
Re: OpenDNS not blocking sites
« Reply #2 on: January 02, 2018, 04:44:27 am »
Read also : https://forum.pfsense.org/index.php?topic=141990.0
You will fine a test https://welcome.opendns.com/oops/ that wills how you if the setup has been done correctly.

Offline mrkool

  • Newbie
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
Re: OpenDNS not blocking sites
« Reply #3 on: January 02, 2018, 10:43:06 am »
I read through the posts and the help section but I am not understanding where the resolution is coming from if you use resolver vs forwarder? pfsense only has the opendns servers as the DNS servers so if I choose resolver or forwarder my public IP (WAN) will be used to talk to the openDNS servers and that should send the block message.

I have disabled resolver and enabled forwarder but still no luck with blocking.

Online KOM

  • Hero Member
  • *****
  • Posts: 5822
  • Karma: +710/-23
    • View Profile
Re: OpenDNS not blocking sites
« Reply #4 on: January 02, 2018, 12:12:17 pm »
Wrong.  Resolver uses the root DNS servers to resolve.  Forwarder just forwards the request to the DNS you specify in setup.  If you're using resolver, you need to check the Enable forwarding mode checkbox.  Only then will it use the DNS you provide.

Offline mrkool

  • Newbie
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
Re: OpenDNS not blocking sites
« Reply #5 on: January 02, 2018, 12:20:52 pm »
thanks KOM this makes sense will try it out and report back

Offline mrkool

  • Newbie
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
Re: OpenDNS not blocking sites
« Reply #6 on: January 02, 2018, 02:55:01 pm »
did not work. I disabled the DNS Forwarder and enabled DNS Resolver with DNS forwarding option turned on and welcome.opendns.com says I am not using opendns servers. There was a site that would tell me which DNS resolver I am using but I cant seem to find it.

On opendns site it mentioned disabling DNSSEC but that is an older post.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 15741
  • Karma: +1470/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: OpenDNS not blocking sites
« Reply #7 on: January 03, 2018, 04:52:53 am »
Dude is your client pointing to pfsense for dns??  if you have forwarder enabled in resolver it will forward to where you tell it to forward.. If your using the forwarder then it will forward to where you set it to forward..

If your client is not pointing to pfsense doesn't matter how you set pfsense up..

Please post up your setting in pfsense, and your settings in your client showing what dns its using.. simple ipconfig /all in windows machine.

Here took all of couple seconds to switch over and test this.. See attached.. Make sure you clear your browser cache and your machines local dns cache.. Reboot the machine if you do not know how to do that..

If you do not disable dnssec and you forward to opendns your prob not going to get anything back since they do not support dnssec..  That should be disabled if forwarding to opendns.  See screenshot.



« Last Edit: January 03, 2018, 05:10:20 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)