Opendns


Kevin B
 

Hey,
I recently started using opendns on the router and it blocked the irlp node, I assume the irlp vpn is what's actually blocked. I'm using their free but somewhat customizable service to block the kids from certain things. Anyone know how to bypass this or something for only irlp? From what I understand you might not be able to because that is how someone might bypass the parental controls of the DNS. I can add sites to ignore, what site might I try adding? The VPN IP?
--
VE6KEZ
NODE 1485


Dave K9DC
 

What do you mean by “it blocked the irlp node”? What function is impaired?

-k9dc

On Sep 15, 2021, at 23:17, Kevin B <buchholz676@gmail.com> wrote:

Hey,
I recently started using opendns on the router and it blocked the irlp node, I assume the irlp vpn is what's actually blocked. I'm using their free but somewhat customizable service to block the kids from certain things. Anyone know how to bypass this or something for only irlp? From what I understand you might not be able to because that is how someone might bypass the parental controls of the DNS. I can add sites to ignore, what site might I try adding? The VPN IP?
--
VE6KEZ
NODE 1485


Nosey Nick VA3NNW
 

What do you mean by “it blocked the irlp node”? What function is impaired?
At the risk of sounding slightly like an advert...

Original poster was referring to https://www.opendns.com/ which offers a service that is PRIMARILY a big global DNS resolver a lot like the more famous 1.1.1.1, 1.0.0.1, 8.8.8.8, 8.8.4.4

One of the features they offer is https://www.opendns.com/home-internet-security/ a sort of a "DNS firewall" somewhat like https://pi-hole.net/ but just by using the right (OpenDNS) name servers, various malware and adult domains will cease to exist, and/or be sent instead to a page saying "sorry this content is blocked" or something. You're on your WiFi, your laptop uses your router's DNS cache, which uses OpenDNS, which deliberately refuses to admit that all the main adult websites exist when your (or presumably your kids') browser tries to convert www.[something-naughty].com to 198.51.100.69 or whatever.

Creative, Intelligent kids may soon learn that proxies and VPNs are a thing, and these can perhaps be used to work around Daddy's DNS block setup, so OFTEN if you're going to block adult sites, you'll block VPNs too, to prevent the obvious workaround.

TL;DR: OP's DNS resolver is blocking/redirecting the DNS lookup for the IRLP DNS concentrator(s), most likely, but if you can tell him the domain(s) involved, he can add them to a list of addresses that WILL still be resolved corrrectly, and his IRLP VPN should spring back into life.

Or "To what hostname(s) / FQDN(s) does the IRLP VPN attempt to connect?"

Nick VA3NNW

--
"Nosey" Nick Waterman, VA3NNW/G7RZQ, K2 #5209, IRLP #2410
use Std::Disclaimer; sig@noseynick.net
Justice always prevails ... three times out of seven! -- Michael J. Wagner


Dave K9DC
 

On Sep 16, 2021, at 09:06, Nosey Nick VA3NNW <irlp@noseynick.com> wrote:

What do you mean by “it blocked the irlp node”? What function is impaired?
At the risk of sounding slightly like an advert...
Original poster was referring to https://www.opendns.com/ which offers a service that is PRIMARILY a big global DNS resolver a lot like the more famous 1.1.1.1, 1.0.0.1, 8.8.8.8, 8.8.4.4
Yes, I get all that. But I don’t understand what node problems are attributed to OpenDNS. Once the IRLP VPN tunnel comes up, all DNS is routed over the tunnel. So the OpenDNS settings are ignored.

The tunnel to 1485 is currently up and running fine. So I am just trying to understand what is broken. IRLP does not even use DNS to make calls (although a number of supporting features do).

-Dave K9DC


Lonney [K1LH]
 

Seems odd that they'd be randomly blocking stuff like IRLP host name lookups?

I run a Pi-Hole on my network which blocks around 196,000 "bad" domains at the current count, and that forwards to Quad9 (9.9.9.9) which also does some filtering of known malware domains. Only issue I've had with that setup is the stupid Samsung smart TV getting glitchy so I made an exception for that and configured it to use Quad9 directly.

From memory IRLP nodes use their own means of resolving names separate from the systems DNS resolver?


Kevin B
 

Thanks Nick for the more details description of what I've got going on. I have a pretty basic understanding of this, more what they do not necessarily all the details of how. All I can say if irlp has no connection and fails on the troubleshoot script. Right now I have a multi router setup and the node is before the router with the DNS service running so that's why it's currently working. But that probably is going to change soon and it will be blocking again. Blocking what, your point is exact, I don't know what it's blocking so have no idea how to unblock it like you said in the settings of allowed (your words were much more detailed). 
--
VE6KEZ
NODE 1485


Dave K9DC
 

But none of that matters since you have IRLP VPN up and running. Your IP address in the network is 44.127.48.61. None of your local router settings are in play in the slightest, because the VPN routes around all of your local router(s)

repeater@tigger:~$ telnet stn1485 15425
Trying 44.127.48.61...
Connected to stn1485.
Escape character is '^]'.
stn1485 - va6ke : Welcome 75.48.51.3

Looks normal to me… also, I can connect to your node fine.


Dave K9DC

On Sep 16, 2021, at 11:24, Kevin B <buchholz676@gmail.com> wrote:

Thanks Nick for the more details description of what I've got going on. I have a pretty basic understanding of this, more what they do not necessarily all the details of how. All I can say if irlp has no connection and fails on the troubleshoot script. Right now I have a multi router setup and the node is before the router with the DNS service running so that's why it's currently working. But that probably is going to change soon and it will be blocking again. Blocking what, your point is exact, I don't know what it's blocking so have no idea how to unblock it like you said in the settings of allowed (your words were much more detailed).
--
VE6KEZ
NODE 1485