OpenDNS not blocking sites

mrkool

SO i have the pfsense setup to use opendns servers as DNS resolver and i do have a opendns account setup to block porn etc but it doesn't seem to be working. on the pfsense i get 127.0.0.1 and than the 208.67.222.222.and 208.67.220.220. on the clients all i get for dns is my pfsense ip addresss. everything local and on the internet is resolving just fine just no filtering.

johnpoz

So you set unbound to forward to opendns?  If not unbound is a resolver and will resolve not forward.

Gertjan

Read also : https://forum.pfsense.org/index.php?topic=141990.0
You will fine a test https://welcome.opendns.com/oops/ that wills how you if the setup has been done correctly.

mrkool

I read through the posts and the help section but I am not understanding where the resolution is coming from if you use resolver vs forwarder? pfsense only has the opendns servers as the DNS servers so if I choose resolver or forwarder my public IP (WAN) will be used to talk to the openDNS servers and that should send the block message.

I have disabled resolver and enabled forwarder but still no luck with blocking.

KOM

Wrong.  Resolver uses the root DNS servers to resolve.  Forwarder just forwards the request to the DNS you specify in setup.  If you're using resolver, you need to check the Enable forwarding mode checkbox.  Only then will it use the DNS you provide.

mrkool

thanks KOM this makes sense will try it out and report back

mrkool

did not work. I disabled the DNS Forwarder and enabled DNS Resolver with DNS forwarding option turned on and welcome.opendns.com says I am not using opendns servers. There was a site that would tell me which DNS resolver I am using but I cant seem to find it.

On opendns site it mentioned disabling DNSSEC but that is an older post.

johnpoz

Dude is your client pointing to pfsense for dns??  if you have forwarder enabled in resolver it will forward to where you tell it to forward.. If your using the forwarder then it will forward to where you set it to forward..

If your client is not pointing to pfsense doesn't matter how you set pfsense up..

Please post up your setting in pfsense, and your settings in your client showing what dns its using.. simple ipconfig /all in windows machine.

Here took all of couple seconds to switch over and test this.. See attached.. Make sure you clear your browser cache and your machines local dns cache.. Reboot the machine if you do not know how to do that..

If you do not disable dnssec and you forward to opendns your prob not going to get anything back since they do not support dnssec..  That should be disabled if forwarding to opendns.  See screenshot.