Beantwoord

Using OpenDNS

  • 6 juli 2020
  • 8 reacties
  • 253 keer bekeken

Hello

As many others before me, I found out that I cannot change the DNS servers on my ConnectBox. I have read a number of articles in this community about the PiHole, however I do not use the Ziggo router at  all, I have my own Netgear router which serves as the DHCP server for my house. But even if I have the DNS server there changed to OpenDNS, OpenDNS does not seem to receive my name lookup requests. It seems like the ConnectBox is enforcing its own DNS. I tried ConnectBox configuration in bridge mode, but even that did not help. I had one or two Ziggo technicians on the phone, but it was not fully conclusive what they said. Note that I switched to the ConnectBox just a week ago. My previous installation with Ubee work with OpenDNS just fine (but the Ubee was configured with OpenDNS).

Any idea whether Ziggo is actually overriding my DNS requests and forcing their own DNS, no matter whether the ConnextBox is in bridge mode or not?

Many thanks

Marek

 

icon

Best beantwoord door hanh 6 juli 2020, 15:27

Ah, I understand now that you use the special security features of OpenDNS, that also give you the option to monitor the DNS Requests to be handled If nothing comes in as expected then this is rather peculiar indeed.
I am not familiar with them, so I cannot even give a guess if something could be wrong with the settings of these features.

Same goes for DD-WRT DNS Settings.
As I understand the Dnsmasq feature gives you the opportunity to use the Router’s Gateway address as Caching DNS Server, that can be assigned to Systems in the network. This Server delegates the Requests to configurable DNS Servers like those from OpenDNS.  You can consider this as a deliberate takeover, you control yourself.

If a System in your network has the right OpenDNS Servers assigned to it, there’s in my opinion generally not a kind of black magic way to overtake a DNS Request by another DNS-Server on the Route in the Internet. I can imagine a bit that a hacker could do this, but even then I do’nt see the advantage of doing so. Ziggo doesn’t; I’m confident about it.

Bekijk origineel

Dit topic is gesloten. Staat je antwoord hier niet bij, stel dan je vraag in een nieuw topic.

8 Reacties

Reputatie 7
Badge +14

@MarekProc

Hi Marek,

Neither the Connectbox nor the Ziggo-network is restricting the use of alternative DNS-servers. You can test that by setting OpenDNS' IP-adres as a static DNS-server in a PC or laptop.

**EDIT**
Do this in het IPv4 as wel in the IPv6 protocol (or disable the IPv6 protocol in the PC during the test.)

***

Please realise the PC's / browser do use caches. So you have to force that the PC empties it and does new DNS requests.


DennyW

 

Thanks DennyW

I did try to flush the cashes, but I am not sure I really managed. However the system was up for 3-4 days and no single request came to OpenDNS… And I tried to lookup names I was pretty sure I did not use for some time.

As I said, I did talk to the Ziggo technician and he confirmed that there is nothing I can do with ConnectBox (even if in bridge mode) so I started to assume that on Ziggo side there is enforcement of their own DNS (which is doable very easily - I can force DNS as well with my Netgear).

But if you are pretty sure then I will give it another try. I use dd-wrt on my Netgear and there is a huge number of DNS config options, so I admit that could be a mistake on my side.

Best regards

Marek

 

Hi @MarekProc When a system uses DHCP to get it's address information, the DNS Servers come from the DHCP Server of the subNet where the system is attached to.

If the Connectbox is in Bridge Mode there's only 1 subNet from the Netgear. It is impossible that the Connectbox interferes with the DHCP Server of the Netgear Router. Let alone with respect to DNS Server assignment.

  • Did you actually check the assigned DNS Servers on a system in this setup and of course also in a setup with the Connectbox in Router Mode?

Mind that you may have to restart a system after a change of the network DHCP setup in order to get fresh address assignments.

With the Connectbox in Router Mode there are two possibilities, that follow.

  • Which one do you use? That's not clear yet.

--1- The Netgear is also in Router Mode
Then you have two seperate subNets with different private IPv4 address spaces.
In the Connectbox subNet the DHCP Server of the Connectbox is active,
in the Netgear subNet the DHCP Server of the Netgear.
They cannot influence each other.
So a system attached to the Netgear will get it’s address info from the DHCP Server of the Netgear only.

--2- The Netgear is configured as an Access Point in the subNet of the Connectbox
The DHCP Server of the Netgear is off and there's just 1 subNet of the Connectbox with the DHCP Server of the Connectbox. Only now the DNS Servers come from de Connectbox DHCP Server and cannot be changed to alternative Servers.
In this case you have the option to use the functionality of the DHCP Server of the Netgear instead of the DHCP Server of the Connectbox, that must be turned off. Two DHCP Servers in one subNet = troubles.

It seems to me that you have problems indeed, but let us only know what your assumptions are about the cause.
Unfortunately these assumptions do not really make sense to me.

Note. After Posting this message I saw that you’re going to look into the settings of DD-WRT in the Netgear. I think this is a very sensible step.
 

Hello

Thanks for your advice. Regarding your questions: When connect box was in router mode, my Netgear had his own subnetwork, its own DHCP server (i.e. Connect box had 192.168.178.x and my house network is 192.168.1.x). Also my Netgear has it own DNS configuration pointing to OpenDNS. There was is the Netgear connected to ConnectBox. All devices connected to Netgear.

Nevertheless, this stopped working the moment I switched from Ubee to ConnectBox. I double checked at OpenDNS that my WAN IP address is the same. From this moment I see no requests coming to my OpenDNS account and also explicit content is suddenly reachable.

The Netgear DD-WRT has many options for DNSMasq but it does not look like magic. I have DNS 1 and DNS 2 as the two OpenDNS servers and 10.0.0.0 at the third. Then there are many other options regarding strict order etc., but to start with, I do not see any single request coming to OpenDNS plus all explicit sites work without trouble.

The same configuration was tried when ConnectBox is in bridge mode. I can imagine that it is impossible for the ConnectBox to interfere, as you say, but it is not impossible for the Ziggo IP to force their DNS servers the same way I can force mine in my subnet, right? (i.e. there is a server/router on the Ziggo side). That was my only explanation and I had the feeling from the Ziggo technician that this was the explanation.

This evening I will try the configuration once again. I can as well try a different router with a bit simpler configuration than DD-WRT (Netgear Orbi with original firmware).

Once again many thanks for help. I already lost so many hours with this ;-)

Best regards

Marek

Ah, I understand now that you use the special security features of OpenDNS, that also give you the option to monitor the DNS Requests to be handled If nothing comes in as expected then this is rather peculiar indeed.
I am not familiar with them, so I cannot even give a guess if something could be wrong with the settings of these features.

Same goes for DD-WRT DNS Settings.
As I understand the Dnsmasq feature gives you the opportunity to use the Router’s Gateway address as Caching DNS Server, that can be assigned to Systems in the network. This Server delegates the Requests to configurable DNS Servers like those from OpenDNS.  You can consider this as a deliberate takeover, you control yourself.

If a System in your network has the right OpenDNS Servers assigned to it, there’s in my opinion generally not a kind of black magic way to overtake a DNS Request by another DNS-Server on the Route in the Internet. I can imagine a bit that a hacker could do this, but even then I do’nt see the advantage of doing so. Ziggo doesn’t; I’m confident about it.

Hello again

I played with the DD-WRT configuration and indeed managed to get it work. It is sooooo many configuration options for DNS that one of them must have been wrong (or I did not flush the DNS cash properly). 

Many thanks to everyone!

Best regards

Marek

Good work! It’s always nice to hear that a problem is solved. I wasn’t able te give you more than some mental support. The details were for you to fill them in.
Regards, Han

Reputatie 5

Hi @MarekProc, nice to see you here on the Ziggo Community.

I see you already got a warm welcome from @hanh and @DennyW. Also nice to read that your problem has been solved, cheers for that!

If you need any support in the future then you know where to find it ;-) Have a good one!