OpenDNS FAQs

Does OpenDNS provide content filtering?

OpenDNS offers the easiest way to filter Web content and prevent access to unsafe or inappropriate websites on your network. OpenDNS enables you to quickly block content with three predefined, easy-to-use Web filtering levels. You can also customize the Web categories to filter or allow access only to the websites you specify.

In addition, when a user attempts to visit a blocked website they will be directed to a landing page provided by OpenDNS, but customizable by you. If you provide your email address on this page, your users can contact you with questions. Attempts to visit blocked pages are also saved in reports that you can view from your OpenDNS account.

What level of security does OpenDNS provide for

my network?

OpenDNS offers the following three types of security to prevent unsafe activity during your online sessions:

Known websites that attempt to infect visitors with malware or Command and Control Callback are blocked.

Unknowingly visiting phishing websites is prevented. Our list of known phishing sites is updated daily.

OpenDNS can also block suspicious websites that use IP addresses that are reserved only for internal networks.

OpenDNS security features offer significant safety benefits that protect Internet users from identity theft, infected computer systems and related down-time, and from receiving and unwittingly spreading viruses, Command and Control Callback and spam.

Overview

OpenDNS Updater is useful if you have a dynamic IP address. It detects changes to your IP address and notifies OpenDNS service about the change so that your OpenDNS settings continue to be applied to your network.

Initial Setup

Please refer to the following KB article for download links of the OpenDNS Updater Client for Windows, Mac and Linux.

What is the OpenDNS Dynamic IP updater client?

When you run the program for the first time, it will ask for your OpenDNS account username and password.

contact support

If you have more than one dynamic network in your OpenDNS account, the program will ask you to select the network whose settings to use for this computer. If you only have one network, it will be used automatically.

Status Window

The status window shows the following basic information:

OpenDNS account: The OpenDNS account being used

Network to update: The network label for the network being used

IP address: The current IP address of your computer

Using OpenDNS?: Whether or not you are currently using OpenDNS service

Last updated: When you last notified OpenDNS of your current IP address

You can also:

Change account: Use a different OpenDNS account

Change network: Change network

Update now:Force an update to notify OpenDNS service of your current IP address

Settings: Disable sending notification about IP address change

OpenDNS Updater configures itself to launch automatically at start up.

Common Problems

You're not using OpenDNS

Your computer or network is not configured to use OpenDNS service. Learn how to configure a computer to use OpenDNS service.

For technically minded: the program determines if your computer is using OpenDNS service by trying to resolve myip.opendns.com address using your DNS server. Only OpenDNS's servers know how to resolve this particular address so if we don't get the right response, we assume that OpenDNS service is not being used.

Your IP address belongs to a different network

This happens most often when using someone else's network (e.g. public wireless hotspot, a friend's wireless network etc.). Each OpenDNS user is uniquely identified by an IP address. If you use someone else's connection which is already configured to use the OpenDNS service, we then detect that more than one OpenDNS account claims to use the same IP address.

If you're temporarily using someone else's network connection, you can ignore this error. If you believe this IP address really belongs to you, you can.

HTTP vs. DNS IP address mismatch

This happens most often when you use an HTTP proxy. OpenDNS service recognizes your computer by IP address from which DNS requests are made and applies your filtering settings based on that information. When using HTTP proxy, the requests might come from a different computer, which will have a different IP address and OpenDNS service will not be able to apply your filtering settings.

Effective Thursday, May 16th, users logging into the OpenDNS Dashboard will be required to use their email addresses. For the majority of users, this is already the case, and no change in behaviour is needed. For users who have been with us for a long time, the use of a username (that is, without @example.com) will no longer be supported, and you will need to use your email address instead.

Introduction to Web Content Filtering and Security

How to add domains to a Whitelist or Blacklist

Note:

This article refers to the OpenDNS Dashboard. Umbrella Dashboard users, this article generally does not apply to you except for DNS concepts. For relevant Umbrella-only articles, refer to UmbrellaSecuritySettings and Umbrella Policy (Category and Block/Allow List) Settings

The advanced features of OpenDNS, such as Web content filtering and security, are set and managed online by a user with OpenDNS administrative privileges (an OpenDNS Administrator).

It is important to understand that OpenDNS advanced-feature settings are applied to a network and those settings are subsequently inherited by all of the computers and devices that connect to that network.

Some OpenDNS security features become effective as soon as OpenDNS is configured as the DNS server for a network. For example, all OpenDNS solutions block end-users from navigating to known phishing and Conficker Command and Control Callback websites.

OpenDNS solutions such as FamilyShield use additional filtering features managed by OpenDNS, which makes FamilyShield the fastest and easiest way to protect children from adult content on the Internet.

OpenDNS Administrators can specify Web content filtering and set custom security features in OpenDNS Basic, VIP, School, and Enterprise solutions. Adjusting these features is enabled only within an OpenDNS account, which are used to create and manage networks.

Once Web content filtering and security settings are saved, they are applied to devices and computers when they connect to a configured network.

Example of OpenDNS Filtering

OpenDNS has been configured as the DNS server for your network and comprehensive filtering and security features have been set in your OpenDNS account. Now, the following actions occur:

Someone on your network begins navigating the Internet with their computer.

They enter the name of a website (e.g. www.opendns.com) into their Internet browser.

The browser makes a DNS request for the IP address of the machine that serves up this website.

The DNS request is received by an OpenDNS server.

OpenDNS identifies the DNS request by looking where it came from.

OpenDNS looks up the matching filtering and security settings.

If the settings indicate that the website is allowed, OpenDNS returns the IP address for that website (e.g. 208.69.38.160) and the browser goes there.

If the settings indicate that the website is blocked, OpenDNS returns the IP address of an OpenDNS server that serves a block page to the browser.

How OpenDNS Knows When and What to Filter

OpenDNS works by first identifying the DNS request and then applying the appropriate filtering settings. There are 3 ways OpenDNS identifies DNS requests as described in the following table.

ADJUSTING WEB CONTENT FILTERING

Some OpenDNS solutions, such as Basic, VIP and Enterprise, allow OpenDNS Administrators to configure comprehensive Web content filtering, which limits the Internet to only Web content that is not filtered for that network.

Other OpenDNS solutions, such as FamilyShield, use preconfigured Web content filtering to block specific categories of websites. These settings are managed by OpenDNS and combine our proprietary algorithms with direct input from OpenDNS Community members.

To adjust Web content filtering on a network, OpenDNS Administrators must log in to the OpenDNS Dashboard. UnderSettings for:select the network to be adjusted (you must have appropriate permissions for that network) and click on theWeb Content Filteringlink. Choose the filtering levels or specific categories and clickApply.

Settings made to one network can be applied to all networks if multiple networks exist. Once you apply the new settings, it may take up to 3 minutes before they are in effect on all OpenDNS global servers.

After you make Web content filtering changes, OpenDNS recommends that you clear the local DNS cache to ensure that new settings are made effective. To do this, see Clearing the DNS Cache.

Web content filtering can be applied to networks in several ways, each of which are explained in the following topics:

Preconfigured Web Content Filtering (Non-Adjustable)

OpenDNS solutions such as FamilyShield use preconfigured Web content filtering and blocking that is not adjustable. OpenDNSs preconfigured solutions provide easy-to-implement protection for networks where manual configuration is not desired. To use a preconfigured OpenDNS solution, set your DNS parameters to the appropriate IP address.

For example, FamilyShield uses the IP addresses 208.67.222.123 and 208.67.220.123. Configuring these DNS servers on your network automatically protects end-users from websites that contain adult material and blocks websites that support phishing attacks or spread the Conficker Command and Control Callback.

Predefined Filtering Tiers (Adjustable: Low, Moderate, High)

OpenDNS solutions such as Basic, VIP and Enterprise allow custom Web content filtering. OpenDNS simplifies the configuration by providing 3 predefined tiers of commonly blocked Web content categories. Each category filters hundreds to tens of thousands of websites.

The tiers comprise the Web content categories as detailed in the following table.

Custom: Choose your own set of Categories to Block

OpenDNS provides a dynamic list of Web content filtering categories that you can apply to your Internet network. The Web domains that compose a category are determined, in part, through our Domain Tagging service and through proprietary OpenDNS technology. These domain identification methodologies ensure that the categories contain relevant websites and are always current.

The custom setting allows filtering from over 55 Web content categories. Each category filters hundreds to several tens of thousands of websites, providing significant control of your Internet experience through a user-friendly interface.

Individual Domains

OpenDNS provides Web content filtering at the individual domain level, which enables administrators toAlways Block(adds domain to the blacklist) orNever Block(adds domain to the whitelist) the Internet domains that you specify. When you manage domains directly, these settings override any specified through category filtering.

For example, if you are filtering the Social Networking category but specify to Never Block the domain facebook.com (adds to whitelist), then end-users of your network are able to navigate to Facebook.

To manage individual domains, log in to your OpenDNS account, select the network and navigate to Web Content Filtering. Select the action you want to apply for a domain and enter that domain in the blank text box. SelectAdd Domainand repeat as necessary. For more information and for an image-based guide, please see our .

OpenDNS Basic supports management of up to 25 individual domains.OpenDNS VIP supports management of up to 50 individual domains.OpenDNS Enterprise supports management of up to 500 individual domains.

Tip:

OpenDNS recommends to specify the root of a domain and always omit the www, e.g. example.com not www.example.com. This will block all sub-domains of example.com including www.example.com, mail.example.com, and so on. All domain list entries imply a leading wildcard, for example "example.com" implies "*.example.com"

OpenDNS can block all Top-Level-Domains (TLDs) except .com. Entering a TLD such as .net, .cn, .ru, and so on, will block all sub-domains that end with that TLD name.

SETTING SECURITY FEATURES

OpenDNS Basic, VIP and Enterprise allow administrators to manage the security features applied to their network. Specific security features vary across the OpenDNS solutions, for example, OpenDNS Enterprise provides more features than OpenDNS Basic or VIP.

By selecting the setting and clickingApply, administrators can activate the security features detailed in the following table.

Overview

Using OpenDNS starts by making a configuration change in the DNS settings of your home router, on individual computers, and wireless devices. Once OpenDNS is configured, administrators set and manage OpenDNSs advanced features, such as Web content filtering and security, by logging in to their OpenDNS account.

Table of Contents

OpenDNS Home Packages

Configuration Instructions

Confirming Your Account

Adding a Network

Configuring Content Filtering Settings

Configuring Reporting/Statistics

OpenDNS Home Packages

Home users can create an OpenDNS account by choosing one of the optionsbelow.

OpenDNS Home offers free protection for 1 network that includes speedy RFC-compliant DNS resolution.

Reporting FAQ

OpenDNS Home VIP offers the same features as OpenDNS Home but with an additional 25 domains you can blacklist/whitelist.

OpenDNS Family Shield is especially geared toward protecting your family. 208.67.222.123 and 208.67.220.123 are our FamilyShield DNS servers. They are configured at the server level to block 4 categories (Pornography, Tasteless, Proxy/Anonymizer, and Sexuality).

For more information on our Home Packages please reference: https://www.opendns.com/home-internet-security/

Configuration Instructions

After account creation, you will be shown a screen that asks you to choose whether you would like to change the DNS settings on Home routers, Computer Workstations and Laptops, Servers, and Smart Devices.If you are unsure which option to choose, we usually recommend that home users configure their router. Your router or modem acts as a gateway between all the computers and devices on your network. If you change the DNS settings on your router, any device obtaining its DNS settings from the router will be using OpenDNS.

For more instruction on how to test your OpenDNS configuration please view: https://support.opendns.com/hc/en-us/articles/227986567

Note:

Not all routers allow you to change their DNS settings. Please check our router configuration directions here for your router model.

Confirming Your Account

After you have configured your network (devices) to use OpenDNS you should check your email for an account confirmation email from OpenDNS. Not all email services allow hyperlinks within the content of messages, if the link in your email is not clickable copy and paste the link into your browser to confirm your account. If you click (or copy and paste) the link in the confirmation email you will be taken to your OpenDNS dashboard.

Adding a Network

Once in your dashboard you will see a big box on yourHome screen that saysAdd a network as shown below. Adding a network to your OpenDNS dashboard allows you to use our custom content filtering and stats features. Click on theAdd a network box to get started:

Once you clickAdd a network you will get the below screen which asks you to add an IP address. You should add your current external (public) IP address that is assigned to you by your internet service provider as your network. If you are on your home network you will see your current IP address displayed at the top of your dashboard where it saysYour current IP is. Use that IP address for your dashboard network:

Note:

If you are seeing an error when attempting to add a network please see the following guide: https://support.opendns.com/entries/54191330-I-am-Seeing-an-Error-When-Attempting-to-Add-a-Network

Note:

Our Home service does not normally allow for the use of more than threesingle-IP networks. If you have multiple networks at your home, you will have to contact OpenDNS Support.

Next you will get a screen that asks you for a network name and whether or not you have a Dynamic IP address. If you are unsure, you most likely have a dynamic IP address. Most internet service providers lease dynamic IP addresses which means that your IP address can change. In order to prevent gaps in your stats and filtering we recommend you download theOpenDNS Updater software shown on the below screen.

After you add your network you will see the screen below. Time to check your email to verify your IP address!

You should receive an email that looks like the one below, once you click the link your IP address will be verified and you will be taken back to the dashboard.

If you see this error when verifying your IP address it means that your current IP address does not match the one in your dashboard. If you are not on your home network wait until you are again to verify your IP. If you are on your home network your dynamic IP address may have changed. Try deleting the network in your dashboard and adding your new current IP address in order to verify it.

For more instruction on Dynamic IP changes please see: https://support.opendns.com/hc/en-us/articles/227987787

Configuring Content Filtering Settings

After you have added a network, content filtering can be configured in the Settings tab. Click on theSettings tab and choose the network you added from theSettings for:drop down to open theWeb Content Filtering menu for this network. In theChoose your filtering level settings you can choose from one of the levels that are pre-set or choseCustomto select the categories you would like to filter on your network.

Note:

For more information on content filtering please see: Web Content Filtering and Security.

For more information on configuring the Manage individual domains section please see: Getting Started: Blocking/Allowing Specific Domains with Whitelist/Blacklist.

You can also manage individual domains to customize your filtering settings. For example, if you choose to block theLingerie/Bikinicategory but would still like to shop at victoriassecret.com you can addvictoriassecret.comto yourNever Block list which will allow access tovictoriassecret.comwhile blocking all other domains in that category.

Configuring Reporting/Statistics

If you would like statistics for your network, first you must Enable stats and logs on your network. To do so, click on theSettingstab, choose the network you added from theSettings for:drop down and click onStats and Logs from the left hand menu. You will see the option to enable stats and logs, check the box and hit APPLYto enable statsas shown below:

It can take up to 24 hours for stats to initially populate after you enable them, so if you don't see them right away don't fret they are coming!

When stats begin to populate you can view them in theStatstab. There are several different ways you can view your stats by choosing the options in the left hand menu:

To learn more about your network statistics please see the following support articles:

Introduction to OpenDNS Reporting

Overview

This article is a step by step guide on how to configure the DNS settings in your Windows 10 operating system. The aim is to direct DNS traffic from your network to the OpenDNS global network. This article briefly covers the points below.

Accessing the Network settings.

Turning off the Automatic DNS configured by your ISP.

Configure the OpenDNS IPv4 addresses.

Solution

1. Right click the Start menu and select Network Connections.

NEXT: Test your new settings

2. On the left-hand side click Ethernet, in Ethernet click Change adapter options.

3. Right clickthe network connection you're using and selectProperties.

4. Highlight 'Internet Protocol Version 4 (TCP/IPv4)' and click Properties.

5. Select Use the following DNS server addressesand type OpenDNS' addresses (208.67.222.222 and 208.67.220.220)in the Preferred DNS server and Alternate DNS server fields.

6. Click OK, then Close, then Close again. Finally, close the Network Connections window.

7. Flush your DNS. At this point, we recommend that you flush both your DNS resolver cacheand your web browser's cache. This ensures that your new DNS configuration settings take effect immediately.

Overview

OpenDNS provides different URLs that enable you to test and verify the successful configuration of OpenDNS on a home network.

Solution

To test if you are using OpenDNS as a DNS resolver, we recommend using the following test site totest: http://welcome.opendns.com. If you are using us you will see: Welcome to OpenDNS!

To test the Security Settingsof your configuration, we recommend using the following test site totest blocking the Security setting for Phishing: http://www.internetbadguys.com. The desired outcome is to see: This domain is blocked due to a phishing threat.

To testContent filteringforyour configuration, we recommend using the following test site to test blocking pornography sites: http://www.exampleadultsite.com. You should see: This domain is blocked.

Overview

Sometimes, the registered IP address of a network is not properly maintained by other users. This can result in an error where you inherit the IP address of a network that is already registered to a different OpenDNS account.

Solution

Please open up a support ticket and provide the following information in your submission:

OpenDNS Account Email

IP Address (as found at https://diagnostic.opendns.com/myip )

Introduction

This information is for those who want to change some of the OpenDNS default settings or view statistics about your DNS usage. For instance, using web content filtering requires a network, which requires an IP address. Knowing more about dynamic IP addresses is useful, especially for home users.

Solution

Know enough about dynamic IPs already? Want to get it done? Do the following:

Create an account and login to your Dashboard.

Go to the Settings tab.

Add a network using your current IP address (displayed on the page).

Click your new network's IP address to access its settings.

Click "Advanced Settings" on the left.

Check the box to "Enable dynamic IP update."Be sure to apply your settings at the bottom of the page. Learn more

Learn how to keep your address updated.If you don't keep the IP updated, your preferences will not be applied, and your statistics will not be collected although you will still be using OpenDNS.

Download, install and run the Dynamic IP Updater client on a computer that is powered on 24/7, or started up daily and does not leave your home network.

Multiple networks with dynamic IP addresses in a single network are supported..

Introduction

Most home networks have dynamic IP addresses. By enabling this option to Enable Dynamic IP Updates, you allow your network to be able to have its IP address changed when your IP address changes. You must still use some software to push the change to OpenDNS however. Please consider downloading our Dynamic IP Updater below.

Where do I download it?

You can find and download the official Dynamic IP updater clients for Windows and Mac using the links in the following table. There are additional third-party clients and services available, but only the ones listed are supported by OpenDNS.

Windows IP Updater

This is the officially supported OpenDNS Windows client, which sends your network's new IP Address to OpenDNS whenever it should change.

Mac IP Updater

Now 64-bit!

This is the officially supported OpenDNS Mac client, which sends your network's new IP Address to OpenDNS whenever it should change. As of Oct 10, 2019, this release is 64-bit.

How to configure the OpenDNS Dynamic IP updater Client?

Note:

Make sure to enable dynamic IP updates in your dashboard. Go to your dashboard, select the Settings tab, and then select your network. After that, select Advanced Settings and then navigate to the Dynamic IP Update section, select Enable, and then select Apply.

Note:

The current OpenDNS Updater client does not work with some newer versions of macOS.Our development team have a beta version of the updated Updater client they are working on. Unfortunately, there currently is no ETA on when it will reach the production stage.

More information regarding app compatibility with macOS High Sierra 10.13.4 and latercan be location here https://support.apple.com/en-us/HT208436.

Please refer to the following KB article for configuration assistance.

Overview

When adding a new network to your Dashboard, you may receive an error. In this article, we cover the most common errors and solutions.

Common errors and how to resolve them

myip.dnsomatic.com

Private IP addresses are only viewable within your internal (local) network. Since our resolvers can only see your external (public) IP address, internal IP addresses cannot be added to the dashboard. For more information on private IP addresses please see: http://en.wikipedia.org/wiki/Private_network

To find your public IP address look at the top of your dashboard where it saysYour Current IP is or visit

This error means that your IP address is already registered in our database. This problem will occur when someone on your network has already registered your IP address or another OpenDNS user does not keep their network settings properly maintained and your Internet Service Provider (ISP) or carrier leases you the improperly maintained network. Notifying support about this issue is the fastest way for us to help you resolve it, you can open a ticket through your dashboard in the Supporttab or email [email protected] with the error you are seeing and your current IP address.

This error means that your IP address is part of a network already registered in our database. If you see this error please notify support by opening a ticket through your dashboard in theSupporttab or email [email protected] with the error you are seeing and your current IP address.

To check if OpenDNS is active, please visit http://welcome.opendns.com. This article refers to "working" as seeing the check mark at http://welcome.opendns.com as seen in the image below.If you do not see the check mark, OpenDNS is not configured.

https://dashboard.opendns.com/support/

Scenario 0: OpenDNS is not working on any device. Most likely, you still need to set up OpenDNS on your network.

Scenario 1: OpenDNS is working, but just one my computer. I want to it to work on each device and computer on my network. Help!

Scenario 2: OpenDNS is working on my computers, but not my mobile device (iPad, iPhone, Android, Windows Phone, etc). Help!

Scenario 3: OpenDNS is working on most of my computers and devices, but it isn't working on one or a few. Help!

Scenario 4: OpenDNS is working, but my filtering is not. Help!

Scenario 1: Just one computer is working

In this case, the most likely reason is that you've configured your computer directly for OpenDNS, but haven't configured your router! Please consult our router configuration instructions at https://support.opendns.com/forums/21618374 and set up your router's DNS settings for OpenDNS to include your whole network.

Why does the router need to be configured? The router is the hub of the network. When only one computer is configured, this setting is local to the computer and the router isn't aware that you've configured OpenDNS on the computer. In order for the router to actively distribute (or "tell" the other computers and devices on the network) to use OpenDNS as the DNS server, the router itself will need to be configured to use OpenDNS.

Need further assistance? Open a support ticket at https://dashboard.opendns.com/support/ and we'll be happy to help!

Scenario 2: Just one computer is working

For mobile devices, OpenDNS will only be able to work if the device is connected via WiFi to your router. If connected via a cellular network (3G/4G Data), OpenDNS will not be able function to apply your home network's filtering settings. Haven't configured your router yet? See https://support.opendns.com/forums/21618374 for configuration instructions.

Scenario 3: Working except one computer

In this scenario, you have configured OpenDNS on your router, and it works for most of the computers, tablets, and WiFi-Connected iOS and Android devices on your network, but it doesn't work on one computer. To confirm if your device(s) are configured for OpenDNS, please visit http://welcome.opendns.com and look for the check mark.

Potential Cause 1: Your computer is directly configured for another DNS Server, and therefore is bypassing the OpenDNS settings on your router.

Resolution 1: Check the configuration on your computer to ensure that different DNS server settings are not configured. On Windows, check your configuration using the Windows configuration instructions, but rather than enter the OpenDNS numbers, ensure that they are set to "Obtain DNS server address automatically". Instructions: https://support.opendns.com/forums/21618384.

For Mac OSX, be sure to remove the existing DNS entries (under Network Preferences -> Advanced -> DNS) and use the "-" button to remove the existing DNS servers. If you're experiencing difficulties, you may also configure directly for OpenDNS by entering in 208.67.220.220 and 208.67.222.222 using the "+" button.

Local DNS resolution Resolution Router providing incorrect DHCP DNS servers

Potential Cause 2: You are utilizing a VPN client or the Roaming Client/DNSCrypt and your IP address changes away from OpenDNS on its own.

Resolution 2: Please refer the following links for a VPN client or the Roaming Client/DNSCrypt.

Potential Cause 3: IPv6 (Internet Protocol Version 6) is enabled on your computer, and you have IPv6 DNS settings configured on your computer.

Resolution 3: Please ensure that if IPv6 is enabled (not recommended) that the only IPv6 DNS server is set to your router. We'd recommend disabling IPv6 altogether or setting it to Local Link Only on a Mac OSX machine by following the instructions on our disabling IPv6 guide here.

Potential Cause 4:There is software on your computer interfering with the OpenDNS setup that changes the DNS settings on your computer.

Resolution 4:There are several causes of this:

Comcast/XFinity Constant Guard: See our Constant Guard Guide for more details on how to resolve.

Avast! Antivirus 2015+: A new "Secure DNS" auto-configuration was added that overrides OpenDNS. See our Avast! article for a resolution.

Scenario 4: Working, but filtering isn't working or isn't correctly working

Resolution 1:We advise that you clear the cache on your network's devices to ensure that your DNS settings take effect immediately.

Please see Clearing the DNS Cache on Computers and Servers for more information in this regard. If you have trouble while using this guide, restarting or rebooting them should flush the DNS and web browser caches on your devices.

Resolution 2:Need further assistance? Open a support ticket atand we'll be happy to help! Be sure to include the results of a diagnostic test! To run the test and provide the results,please download it from the appropriate link below, open the tool, and click Run Test.

Mac http://www.opendns.com/download/mac/diagnosticWindows http://www.opendns.com/download/windows/diagnostic

The URL should start with http://opendnsupdate.appspot.com/d/######.

Overview

This Knowledge Base article will show you how to set up an IP updater on Linux, in order to keep the dynamic IP address of your network up to date.

Linux IP updater

The ddclient is an open-source dynamic IP updater client written in Perl. If your Linux distribution does not have a recent version of ddclient, you can download the tar file here. You can also install it by executing sudo apt-get install ddclientin a terminal. Please keep in mind that this command works only on Debian-based distributions. For RPM-based distributions, please trysudo yum install ddclient.

To use ddclient with OpenDNS, after you install it on your machine, you have to set it up properly by modifying its configuration file which is located at/etc/ddclient.conf. Please use the following configuration outline, while supplementing the account login, password, and network label lines:

#### OpenDNS.com account-configuration##protocol=dyndns2use=web, web=myip.dnsomatic.comssl=yesserver=updates.opendns.comlogin=opendns_usernamepassword=opendns_passwordopendns_network_label

Notes:

The login is your email address with OpenDNS.

If you have special characters in your password wrap the password in single-quotes ( ' ). If there are any single-quotes in your password, put backslash ( \ ) before the single-quote to escape the character.

'opendns_network_label' is the label given to the network you're updating in your account. You can find the network label in the Settings Tab of the OpenDNS Dashboard. If you're an Umbrella customer, this is the name of the Network you've enabled Dynamic updates for in the Configuration.If you have spaces in your network label, replace them with an underscore ( _ )

In order to turn on the updater, please execute the command sudo service ddclient startin a terminal. You can check its status withsudo service ddclient statusand you can stop it with the commandsudo service ddclient stop. Please keep in mind that ddclient doesn't automatically start when your system boots.

Troubleshooting

Your IP address belongs to a different network

When this issue occurs,sudo service ddclient statusreturns the following error message:

ddclient[6951]: FAILED: updating 'opendns_network_label': !yours: The hostname specified exists, but not under the username currently being used

This happens most often when using someone else's network (e.g. public wireless hotspot, a friend's wireless network etc.). Each OpenDNS user is uniquely identified by an IP address. If you use someone else's connection which is already configured to use the OpenDNS service, we then detect that more than one OpenDNS account claims to use the same IP address.

If you're temporarily using someone else's network connection, you can ignore this error. If you believe this IP address really belongs to you, you can contact support.

ddclient is stuck

When this issue occurs,sudo service ddclient statusreturns the following warning message:

ddclient[6978]: WARNING: file /var/cache/ddclient/ddclient.cache, line 3: Invalid Value for keyword 'ip' = ''

This happens most often when you're trying to update your dynamic IP address many times in too short of a period by restarting the ddclient service. In this case, in order to instantly fix this issue, please delete the file /var/cache/ddclient/ddclient.cache. You can delete it by executing the command sudo rm /var/cache/ddclient/ddclient.cachein a terminal.

Overview

Whether you are configuring a standalone computer (desktop or laptop), a network router, or an internal DNS server, when you set the IP addresses to point to OpenDNS you are instructing the Internet browsers, email systems and other Web applications to use OpenDNS servers to find your intended Internet destination.

Will changing my DNS settings to OpenDNS have any negative impact

to my computer?

Changing your current DNS settings to the OpenDNS servers is a safe, reversible, and beneficial configuration adjustment that will not harm your computer or your network. There is no software being installed and all configurations for security, Web content filtering and personal preferences are made online in your OpenDNS account, not on your computer or network hardware.

You're welcome to write down the previous settings and revert if need be. You can print out this page and write down your previous DNS settings if desired.

DNS Field

DNS IP

Primary

Secondary

Other/3rd

Put simply: when you change your DNS preferences to OpenDNS, you are improving the capability of your computer and your network to navigate the Internet, send email and perform other Web functions.

Introduction

Users who wish to cancel their OpenDNS Home VIP Subscription will need to follow the steps outlined.

Canceling your OpenDNS Home VIP Subscription

In order to cancel your OpenDNS Home VIP subscription, please

Sign into your Dashboard at https://dashboard.opendns.com

At the home page find your organization name. disable OpenDNS from your network.

Select 'Manage This Organization' and then select 'Plan Info'

Scroll to where it says 'Cancel your Subscription' and select the option to cancel your subscription.

You will need to enter your password to confirm the cancellation.

If you run into any issues with canceling your OpenDNS Home VIP subscription orto delete your OpenDNS Home VIP Subscription please submita ticket to Support or send an email to [email protected].

When contacting Support

Include the email address used to sign into the OpenDNS Dashboard.

Decide if you want to cancel your Home VIP subscription and convert your account to a free OpenDNS Home Basic account or delete your account entirely.

If you choose to stop using OpenDNS all together please see this article to

Note:

You can cancel your subscription within 60 days to receive a refund for your purchase. If you cancel your subscription after 60 days it will remain active until the expiration date but will not be renewed. If you are receiving a refund please allow 5 to 10 business days for the money to be returned to your payment method. If you have not received a refund please contact Support.

Note: This guide is for the OpenDNS configuration of NETGEAR routers. If you are already using the Parental Controls integration that is available with certain NETGEAR routers following the directions in this guide will toggle the Parental Controls from ENABLED to DISABLED.

If you are looking to use NETGEAR Live Parental Controls, please go through the automatic registration process in the Parental Controls tabon the NETGEAR genie app at http://netgear.com/home/discover/apps/genie.aspx rather than following the directions in this article.

1. Log into the router configuration page at http://routerlogin.net

2. Click on the Internet Link along the left hand side

NEXT: Test your new settings

3. Find the setting for Domain Name Server (DNS) Addresses

Enter the following three DNS IPs (first two if there are only two spaces). All DNS spaces must be filled: 208.67.220.220, 208.67.222.222, and 208.67.222.220.

4. Clear your caches and test functionality

Verizon DNS Safeguard users, please click here: https://www.verizon.com/business/products/dns-safeguard/

Umbrella MSP (Managed Service Provider) console users, please click here: https://docs.umbrella.com/deployment-msp/docs

Umbrella MSSP (Managed Security Service Provider) console users, please click here: https://docs.umbrella.com/mssp-deployment/docs

Umbrella MOC (Multi-Org Console) users, please click here: https://docs.umbrella.com/deployment-umbrella/docs/multi-org-umbrella-console-overview-1

Cisco Umbrella for Partners users, please click here: https://docs.umbrella.com/partner-deployment/docs/welcome

Arris routers (often co-branded with Motorola) such as Surf Boards are typically distributed from Internet providers. Many of these routers have been modified such that their DNS settings cannot be modified which would make them not be able to be configured for OpenDNS.

If your Arris router was supplied by your Internet Provider (i.e. Comcast, Time Warner), you may need to confirm with the provider if their device supports setting the DNS settings on the router.

The following list is confirmed to not be able to be configured for OpenDNS: Touchstone TM822 DG167A Arris TG862G SBG 6580 SMC D3GNV

We're still building a list of Arris routers that are capable of changing DNS servers. If you're unsure, visit http://support.opendns.com and submit a support request with your Arris router's model number and the Internet Provider that you got the device from so that we may check into it.

A full list of Comcast DOCSIS 3.0 routers can be found here: http://mydeviceinfo.comcast.net/ (Please note that not all of the routers listed there can support configuration for OpenDNS)

1. Open Google Chrome, navigate tochrome://flagsin your address bar (omnibox). Find the flag you see below (Experimental static ip configuration), and enable it. If this flag is not present, skip to step 3.

FAQs

2. Select the option that appears on the bottom of your screen to restart your device.

3. Select the menu button in the upper right-hand corner of your browser window, and click onSettings.

4. UnderInternet connection, click on the name of your network. Then click theNetworktab, selectCustom name servers, and enter OpenDNS's DNS settings as shown:

5. Check your Settings

NEXT: Test your new settings

Please visit http://welcome.opendns.com to confirm that you're using OpenDNS. If so, you may visit your Dashboard to start configuring your account's settings at http://dashboard.opendns.com.

PS: In case you are looking at Cisco Umbrella Chromebook client integration (UCC), please refers to the deployment guide and .

At times it may be necessary to clear your browser and DNS resolver cache, especially if a site was visited prior to Parental Controls being enabled. You can clear your cache in the advanced settings menu of most web browsers. You can also clear your local DNS cache separately by running the following from the command line:

The local resolver cache can be cleared by running the following commands from the command prompt

Windows Computers

ipconfig /flushdns

Apple Computers

Tiger:lookupd -flushcacheLeopard:dscacheutil -flushcache

Do I need to create an Account?

If you are using OpenDNS for faster and safer DNS resolution, then you do not need to create an account. Simply change your DNS settings, as shown here. If you would like to make use of OpenDNS advanced features, like stats and content filtering, you can visit the following links to create a web-based account:

Premium DNS- https://store.opendns.com/get/premium-dns

OpenDNS Home - https://store.opendns.com/get/home-free

OpenDNS Home VIP - https://store.opendns.com/get/home-vip

How do I log into my Account?

If you have a web-based OpenDNS account, you can log in to change your settings at http://dashboard.opendns.com. The login user is your e-mail address you've registered with OpenDNS.Note that you do not need an account if you are using OpenDNS for faster and safer DNS resolution.

How do I change my password

If you already know your existing password and can successfully log into your account at http://dashboard.opendns.com, you may follow these steps:

Select the My Account tab

Select Change password on the menu on the left

If you do not know your password or cannot log into your account, follow these steps:

Navigate to http://dashboard.opendns.com/signin

Select the Forgot your password? link

Enter the email address associated with your OpenDNS account

A link with instructions to change your password will be sent to your email address

We are experiencing a high report from users who are receiving an error when signing in to their OpenDNS accounts using the NETGEAR Genie app to change settings. This is for users who are encountering the following error after October 21, 2015:

OpenDNS is aware of this issue and is working closely withNETGEAR to resolve this issue,. In the interim, please use the IP based filtering controls if you need to make adjustments to your filtering.You can learn how to configure your router by following the instructions here: https://support.opendns.com/categories/20080020-OpenDNS-Device-Configuration

We apologize for any inconvenience this has caused, and will provide an update for this issue in this thread as soon as one is available.

Thank you for your continued patience.

Overview

Currently, some NETGEAR users are receiving the error message Device already registered with another OpenDNS user. We have discovered that some registrations through the NETGEAR genie mobile app will cause this error message. Be sure to use the NETGEAR genie desktop application and not the NETGEAR genie mobile app.

Instruction

If you need to download the NETGEAR app to your computer you can do so by visiting http://www.netgear.com//home/discover/apps/genie.aspx and selecting either "Download PC" or "Download Mac" options on the right. See image below.

If you continue to have problems please open a support ticket with the following information:

The exact make, model, and firmware version of your NETGEAR router.

Screenshot of your router's MAC address from your NETGEAR genie desktop application. (see image below)

The email address/username you used during the registration.

Overview

FamilyShield is a special service offered by OpenDNS, meant for home users who want to blockinappropriate websites.

FamilyShield will always block domains that are categorized in our system as: Tasteless, Proxy/Anonymizer, Sexuality and Pornography.

Note:

Unlike our standard Home service, you don't need a registered network or an account to use FamilyShield.

Instruction

Here are our generalized router configuration:

1. Open the preferences for your router.

Often, the preferences are set in your web browser, via a URL with numbers (example: http://192.168.0.1 or http://192.168.1.1 ). You may need a password.

If you set the router password long time ago and cannot remember it now, you can often reset the password to the manufacturer default by pressing a button on the router itself.

Or preferences may be set via specific application for your router, which you installed on your computer when you added the router.

2. Find the DNS server settings.

Scan for the lettersDNSnext to a field which allows two or three sets of numbers, each broken into four groups of one to three numbers. It might look like this:

Computer Configuration

3. Put in the FamilyShield OpenDNS server addresses as your DNS server settings and save/apply.

Please write down your current settings before entering the OpenDNS addresses, just in case.

208.67.222.123

208.67.220.123

4. Test your Settings

Browse to https://welcome.opendns.com/. If you have successfully set your public DNS to the ourservers, you will see"Welcome to OpenDNS!".

Note:

If you have a specific router type, follow the instructions for that router but substitute208.67.222.123 and 208.67.220.123 for the DNS server addresses.

If you're unable to configure your router to useFamilyShield, then we suggest you configure your computer instead with the FamilyShield DNS IP addresses (see ). You will get the same benefits, and if you have a small number of computers on your network, it's relatively easy.

Dynamic IP Addresses: General Info

Why do I care?

You may use OpenDNS as iswithoutever reading this page. This information is for those who want to change some of the OpenDNS default settings or view statistics about your DNS usage. For instance, using web content filtering requires a network, which requires an IP address. Knowing more about dynamic IP addresses is useful, especially for home users.

Quick steps

Know enough? Want to get it done? Do the following:

Create a free account, and confirm the email address.

Go to the Settings tab.

Add a network using your current IP address (displayed on the page).

Click your new networks's IP address to access its settings.

Click "Advanced Settings" on the left.

Check the box to "Enable dynamic IP update."Be sure to apply your settings at the bottom of the page.

Learn how to keep your address updated.If you don't keep the IP updated, your preferences will not be applied, and your statistics will not be collected though you will still be using OpenDNS.

Learn more technical details

Note:

Multiple networks with dynamic IP addresses in a single network are supported. Learn more.

General information about Internet Protocol (IP) addresses

What is an Internet Protocol (IP) address?

An IP address is a number which computers use to identify a location on the network, whether the public Internet or a private network. The number is in the format #.#.#.# where the # may be any number from 0 to 255. For example, 123.12.1.0..

Do I have an IP address?

Yes, everyone on the Internet has an IP address, whether you know it or not!

How does OpenDNS use IP addresses?

OpenDNS uses IP addresses to know that a DNS request is coming from you. With a free OpenDNS account, you establish and verify an IP address or range of IP addresses as under your management as a network. A network may be a single IP address on up to many thousands of addresses. OpenDNS delivers custom DNS preferences and statistics based on the network association, which you establish and verify with a free OpenDNS account in the Dashboard.

Note: OpenDNS does notprovideIP addresses. Those come from your Internet provider.

What is a dynamic IP address?

Simply, a dynamic IP address is one that changes periodically. The ISP (Internet Service Provider) or network provider makes the change, not the individual user.

Note: Static IP addresses are easier for the individual, but a static IP address may cost more or not be available from your ISP. Ask your provider.

How do I know my IP address?

On the OpenDNS Dashboard, your current IP address is displayed at the top right of the page.

Tip:

You may also confirm at diagnostic.opendns.com/myip you're shown your public IP address, nothing more.

How do I know if my IP address is dynamic?

If you don't know, then your IP is probably dynamic. However, you can contact your ISP and find out!

Public versus private IP address

OpenDNS, like all public Internet services, only sees your "public" IP address when you make a DNS request. At an office or school or behind a router at home, your individual computer may have a different, private IP address, visible only to those inside your network. If an IP address starts with 192.168 or 10.10, for example, that is a private network IP address, not available to the public Internet.

See Step 3 athttps://support.opendns.com/entries/39861294-OpenDNS-is-Only-Working-on-One-or-Some-of-my-Computers-Devices for more information and a troubleshooting guide.

If you are not using a full domain name, such as "mail" vs mail.some-isp.com to connect to your ISP's webmail site you may experience issues when using Parental Controls. You may want to contact your ISP to see if they offer a webmail portal that is accessible over the internet as an alternative address. Another option would be to ask them the IP address of that site and load it with the IP. You can always create a bookmark for that location for easier access in the future.

Yes!

DD-WRT is an alternate firmware suitable for many routers. For more information about this firmware, read the About Page on the DD-WRT website.

To use OpenDNS on a router with DD-WRT, configure OpenDNS on the router per the OpenDNS best practices. Next, log in to the router configuration page per the device instructions and go to theServicestab. UnderAdditional DNSMasq Options, typestrict-orderandSavethe new settings. Finally, reboot the router and manage your account settings in the OpenDNS Dashboard.

How do I Disable OpenDNS Completely?

If you want to disable OpenDNS because our logo and block messages are appearing in Web browser pop-up windows, please note that OpenDNS does not create any pop-up windows whatsoever. For clarification on why OpenDNS is not responsible for pop-ups, please read the FAQ topic How do I Disable OpenDNS Pop-Ups?

Depending on which network component OpenDNS was configured, you only need to reverse those steps accordingly to disable OpenDNS. If you did not capture the network's DNS setting before configuring OpenDNS, you may need to contact the ISP to successfully reconfigure the network. If you didn't configure OpenDNS yourself, or if you don't remember which network component was configured, please contact [email protected] for assistance in reconfiguring your devices.

Remember, OpenDNS is a service configured through your network's DNS setting, whether on a router, server or computer. OpenDNS is not software and does not control your computer in any way, nor is it an application or program to be removed. OpenDNS facilitates your Internet requests and makes navigating the Internet safer and faster.

Overview: Why and How to install the Cisco Root CA

When HTTPS enabled domains are blocked by a policy, Umbrella presents a block page to you which is also served over HTTPS. This block page is encrypted with a certificate signed by the CiscoRoot CA. In order to avoid certificate errors when accessing the block page, you must install the CiscoRoot CA in your browser, or if you have a network of computers, in your users' browsers.

Why take this step?

OpenDNSs Block Page and Block Page Bypass feature presents an SSL certificate to browsers that make connections to HTTPS sites. The certificate will match the requested site but will be signed by the CiscoRoot Certificate Authority (CA) or the Cisco Root Certificate Authority. If the Cisco Root CAis not trusted by your browser, an error may be displayed. Typical errors include "The security certificate presented by this website was not issued by a trusted certificate authority" (Internet Explorer), "The site's security certificate is not trusted!" (Google Chrome) or "This Connection is Untrusted" (Mozilla Firefox). Although the error is expected, the messages displayed can be confusing and annoying and you may wish to stop them from appearing.

To avoid these errors entirely, install the Cisco Root CA in your browser, or the browsers of your users (if you're a network admin). This can be done on a per-browser, per-machine basis for personal use or for small deployments. For larger deployments, an automatic installation via Group Policy (GPO) can be done. Note that the automatic installation via GPO will only work for users with Internet Explorer or Chrome on Windows systems. As such, so if your network includes some users who use Firefox or Safari browsers, and for users on non-Windows operating systems, the manual installation procedures must be followed.

This article describes the procedures required to manually install the Cisco Root CA in your browser

For advanced users or systems administrators with larger networks, this article also describes how to install the Cisco Root CA automatically (via Active Directory Group Policy Objects) for a group of users in Microsoft Windows Active Directory. This automatic installation of the Root CA only works for users with Internet Explorer or Chrome on Windows systems, so if your network includes some users who use Firefox or Safari browsers, and for users on non-Windows operating systems, the manual installation procedures must be followed for those users. For FireFox, a special set of instructions can be followed with a third party extension, as covered in the sections below.

IMPORTANT: You must be a local administrator over the computer (or a network administrator over the network) in order to perform these steps.

The procedures included in this article are:

Manually Installing the Root CA (Single Computer)

Installing the CA in Internet Explorer & Chrome on Windows

Installing the CA in Firefox 2 on Windows

Installing the CA in Safari on Mac OS X

Installing the CA on Mac OS X Command line

Installing the CA in Chromium or Chrome on Linux

ADVANCED:Automatically Installing the CiscoRoot CA (For an Active Directory Network)

Installing the CA with Group Policy Using the Microsoft Management Console (MMC)

Installing the CA with Group Policy Using the Group Policy Management Console (GPMC)

Installing the CA in Firefox using Group Policy

Download the Certificate

Installing the Root CA on a single computer

The following three procedures describe the manual methods for installing the Cisco Root CA in the Internet Explorer, Firefox, and Safari browsers on an individual computer.

Installing the CA in Internet Explorer or Chrome on Windows

To manually install the Cisco Root CAin your Internet Explorer browser, use the following procedure. Chrome uses Internet Explorer's certificate store, so the same procedure will also configure Chrome.

Download the Cisco Root CAfile below.Note: If theOpen File - Security Warningdialog is displayed, clickOpen.

ClickInstall Certificate.

In theCertificate Import Wizardwindow clickNext.

In theCertificate Storewindow, selectPlace all certificates in the following storeand then clickBrowse.

In theSelect Certificate Storewindow, select "Trusted Root Certification Authorities" and clickOK.

In theCertificate Storewindow, theCertificate store:showsTrusted Root Certification Authorities. ClickNextthen clickFinish.

In theSecurity Warningwindows, clickYesto install the certificate.

TheCertificate Import Wizardwill notify you that "The import was successful." ClickOKto finish.

Exit Internet Explorer and restart it.

Installing the CA in Firefox on Windows

To manually install the Root CA in your Firefox browser on Windows, use the following procedure. This procedure assumes that you, the computer administrator, have already downloaded the Root CA and that you have sufficient access privileges to install the certificate on the local system.

Download the Cisco Root CA file from the links at the bottom of this article, or from the dashboard.Click on the "Open Menu" icon near the top right hand corner of the browser window.

Click Options > Advanced > Certificates > View Certificates > Authorities > Import....

Browse for and select the CiscoRoot Cert, downloaded in the first step.

Select "Trust this CA to identify websites", then click OK.

Restart the Firefox browser.

The Firefox certificate store can also be manipulated from from the command line using the certutil tool from the NSS Tools package. For more information, please see the following Mozilla documentation:

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil

Installing the CA in Safari on Mac OS X

To manually install the Cisco Root CA in your Safari browser on Mac OS X, use the following procedure. You must be the computer administrator to perform this action.

Download the Cisco Root CA file from the links at the bottom of this article, or from the dashboard.

Double-click the file or drag and drop it on top of theKeychain Accessicon in theApplications | Utilitiesfolder. TheAdd Certificatewindow is displayed. ClickAlways Trust.

Double click on the CiscoRoot CA to open it's properties window. Change theWhen using this certificatepulldown toAlways Trust (as in the screenshot below).

To download the Cisco cert, click here.

Installing the CA on Mac OS X Command line

To install the Root CA on the OS X command line, download the Cisco CA and run the following commands. You must be the computer administrator to perform this action.

sudo /usr/bin/security add-trusted-cert -d -r trustRoot -p ssl -p basic -k /Library/Keychains/System.keychain /path/to/Cisco_Umbrella_Root_CA.cer

Installing the CA in Chromium or Chrome on Linux

If you want to manually install the Root CA sin a Chromium based browser in Linux, use the following procedure.

Download the Cisco Root CA file from the links at the bottom of this article

Open Chromium Settings

Scroll down to HTTPS/SSL

Click Manage certificates...

Click Authorities

Click Import

Select the Cisco_Umbrella_Root_CA.cerand click Open

Select Trust this CA to identify Websites

Click OK

Advanced: Automatically Installing the Root CA

As a network administrator of an Active Directory network environment, you can automatically install the Cisco Root CA in all of your users' browsers by creating a Group Policy Object (GPO) on your Active Directory server. This can be created by using either the Microsoft Management Console (MMC) or the Group Policy Management Console (GPMC).

Installing the CA with Group Policy Using the Microsoft Management Console (MMC)

Download the CiscoRoot CAbelow.

Log in to your Active Directory server using a domain administrator account.

SelectStart | All Programs | Administrative Tools | Active Directory Users and Computers. The Microsoft Management Console (MMC) is displayed.

To create a domain wide policy, right-click on your domain root Organizational Unit (OU), which is displayed as your domain name, and selectPropertiesfrom the context menu.

In the<OU_Name> Propertiesdialog box, click theGroup Policytab.

ClickNew, and name the policyCiscoCertificate Installer, and pressEnter.

Select the new Group Policy Object, clickEdit. TheGroup Policy Object Editoris displayed.

In the left configuration options sidebar, expandComputer Configuration | Windows Settings | Security Settings | Public Key Policies. Right-clickTrusted Root Certification Authorities, and selectImportfrom the context menu.

In theCertificate Import Wizard,clickNext, and in theFile to Importpage, clickBrowseand navigate to where you downloaded the certificate authority on your local system, and double-click the Cisco_Umbrella_Root_CA.cerfile.

With the full path to the certificate displayed in theFile namefield, clickNext.

Accept the default option,Place all certificates in the following store(Trusted Root Certification Authorities), clickNext, and then clickFinishandOK.

You have now created the Group Policy Objects to install the certificate on all the computers in your domain. The new policy may not take effect immediately on all client machines. By default, the background synchronization processing happens every 90 to 120 minutes at randomized times. Rebooting the client machines will force the synchronization.

You can check that the Group Policy has propagated to all computers in the domain by opening Internet Explorer on a workstation PC, opening Tools | Internet Options | Content | Certificates | Trusted Root Certification Authorities, and ensuring that theCisco Root CA certificate is present.

Installing the CA with Group Policy Using the Group Policy Management Console (GPMC)

The Microsoft Group Policy Management Console (GPMC) with Service Pack 1 (SP1) unifies management of Group Policy across the enterprise. The GPMC consists of an MMC snap-in and a set of programmable interfaces for managing Group Policy.

Download the Cisco Root CAs below.

Log in to your Active Directory server using a domain administrator account.

SelectStart | All Programs | Administrative Tools | Group Policy Management. The Group Policy Management Console (GPMC) is displayed.

To create a domain wide policy, right-click on your domain root Organizational Unit (OU), which is displayed as your domain name, and selectCreate and Link a GPO Herefrom the context menu. TheNew GPOdialog box is displayed.

In theNamefield of theNew GPOdialog box, enter a meaningful name for the policy object, such asCiscoCertificate Installer.

Right-click the new Group Policy Object,CiscoCertificate Installer, on the right side of the window, and selectEditfrom the context menu. TheGroup Policy Object Editoris displayed.

In the left configuration options sidebar, expandComputer Configuration | Policies | Windows Settings | Security Settings | Public Key Policies, right-clickTrusted Root Certification Authorities, and selectImportfrom the context menu.

In theCertificate Import WizardclickNext, and in theFile to Importpage, clickBrowseand navigate to where you downloaded the certificate authority on your local system, and double-click theCisco_Umbrella_Root_CA.cerfile.

With the full path to the certificate displayed in theFile namefield, clickNext.

Accept the default option,Place all certificates in the following store(Trusted Root Certification Authorities), clickNext, and then clickFinishandOK.

You have now created the Group Policy Object to install the certificates on all the computers in your domain. The new policy may not take affect immediately on all client machines. By default, the background synchronization processing only happens every 90 to 120 minutes (at randomized times). Rebooting the client machines will force the synchronization.

You can check that the Group Policy has propagated to all computers in the domain by opening Internet Explorer on a workstation PC, opening Tools|Internet Options | Content | Certificates | Trusted Root Certification Authorities, and ensuring that the CiscoRoot CA certificate is present.

Installing the CAs in Firefox using Group Policy

By default, Group Policy cannot configure Firefox. In order to do so, Group Policy must be extended to include configuration options for Firefox. Firefox ADMX is a way of allowing centrally managed locked and/or default settings in Firefox via Group Policy and Administrative Templates in Active Directory. Firefox ADMX is a continuation of Firefox ADM by Mark Sammons.

You can find installation instructions on the FirefoxADMX website.

Download the Certificates

Introduction

If you are a OpenDNS Home Basic account client and no longer wish to use the service the steps below will walk you through deletingyour account.

Solution

In order to delete your existing OpenDNS subscription, simply log in to your OpenDNS account at <http://dashboard.opendns.com>, go to the My Account taband click on the Delete link:

https://support.opendns.com/hc/en-us/articles/115007945788

From there, you will need to enter your account password to confirm. Once that is confirmed, your account will be deleted.

Note:

To cancelyour OpenDNS Home VIP Subscription please refer to:.

Overview

This Knowledge Base article will show you how to set up your Android device in order to use OpenDNS.

NEXT: Test your new settings

Note:

These instructions only work for Wi-Fi connections because Android does not allow you to change the DNS servers when connected to cellular networks. Also, the changes are network specific, so you'll need to change the DNS servers every time you connect to a new wireless network. The good news is that Android remembers the settings, so you won't have to do repeat these changes whenever you reconnect to a known network.

Changing your Android's DNS settings:

From the Android Menu home screen, tapSettings.

TapWi-Fion the menu. The screen shown below appears, listing all of the networks your phone is able to discover.

Long press theNetwork you're connected to, and tap Modify Network.

On some devices, you may need to check the box for "Advanced" to see further settings. To adjust your Android DNS settings, you will need to switch the IP settings from DHCP to Static. Once changed, the menu will appear with the DNS settings available to edit. Don't worry about the editing the IP address as the Android device will fill in the IP address it has acquired through DHCP. Add our DNS resolvers(208.67.222.222 and 208.67.220.220) to the entries forDNS 1andDNS 2 as shown below:

Save your settings.

That's it! You've updated your Android device's DNS servers!

Introduction

There are many reasons for a domain to be blocked or not blocked. One of the reasons could be because of the type of category the domain is tagged under. Another could be the domain is showing malicious activity therefore is being blocked forsecurity reasons.

Why is this site being blocked?

Check the category of the domain name at http://community.opendns.com/domaintagging/search to see if a domain falls under a category you are blocking.

If the site is tagged incorrectly please send an email to [email protected] with the name of the domain and category in the subject line. The domain will be reviewed by a moderator.

If a domain is being blocked for security reasons but you feel it is not malicious then please email [email protected] with the domain in question and a brief description as to why you feel this domain should not be blocked.

Why is a site not being blocked?

Check the category of the domain name at http://community.opendns.com/domaintagging/search

If the site is not in a category that it should correctly be in, send an email to [email protected] with the name of the domain and category in the subject line. The domain will be reviewed by a moderator.

If you run into a domain you feel is showing malicious activity and should be blocked please email [email protected] letting us know why this domain should be blocked.

Overview

This article provides instructions on how to clear the DNS Cache on a computers and web browsers. This procedure is necessary in order for previously cachedresolutions to be cleared out and subsequentlookup to be performed based onnewly configured DNS settings.

Solution

The following tables provide instructions for clearing the DNS cache on computers and servers. The commands need to be run at the command prompt with administrator privileges.

Windows 7 and Earlier

Click theStart Menu

Go toAll Programs

ChooseAccessories and right-clickCommand Prompt

ChooseRun as Administrator

Run the following command in the command line and hitenter

ipconfig /flushdns

Windows 8

Press theWindows Keyor hover your mouse over the bottom left corner and click theWindows Icon

Begin typingCommand Prompt

Right-click the application and selectRun as Administrator

Run the following command in the command line and hitenter

ipconfig /flushdns

OS X 10.4 TIGER

Click theTerminal icon in the dock or inFinderunderApplication/Utilities/Terminal

Run the following command in the command line and hitenter

lookupd -flushcache

OS X 10.5 and 10.6 LEOPARD

Click the Terminal icon in the dock or in Finder under Application/Utilities/Terminal

Run the following command in the command line and hitenter

dscacheutil -flushcache

OS X 10.7 and 10.8 Lion

Click the Terminal icon in the dock or in Finder under Application/Utilities/Terminal

sudo killall -HUP mDNSResponder

OS X 10.9 and 10.10.4 Yosemite, 10.11 El Capitan and 10.12 Sierra

Click the Terminal icon in the dock or in Finder under Application/Utilities/Terminal

sudo dscacheutil -flushcachesudo killall -HUP mDNSResponder

Linux (most distributions)

Open a terminal window (gnome-terminal, konsole, xterm, etc)

sudo /etc/init.d/nscd restart

or

sudo /etc/init.d/nscd restart

Ubuntu Linux

Open a terminal window

Run the following command in the command line and hitenter

sudo service network-manager restart

Clearing the DNS Cache on Browsers

If you have recently set up your filtering, or just changed a setting, a cache clear may be necessary before you see your filtering take effect.

The following table provides instructions for clearing the DNS cache within common Internet browsers.

Browser

Steps to clear the DNS Cache

Internet Explorer 8 and above (Windows)

Go to theHistorymenu, selectDelete Browsing History, check all boxes (except passwords, if desired) and clickDelete.

Mozilla Firefox (Windows)

Click onFirefoxat the top left of your browser, go to theHistorymenu, selectClear Recent Historyand check all boxes. UnderTime range to clearselectEverything(except passwords, if desired) and clickClear Now.

Apple Safari (Mac)

Expand theCog Iconin the upper right corner and selectReset Safari. Check all boxes and clickReset.

Apple Safari (Windows)

Go to theSafarimenu, selectReset Safari, check all boxes and clickReset.

Google Chrome (Windows)

Expand theWrench Iconin the upper right corner and selectHistoryand check all boxes. UnderClear data for this time period, selectEverything(except passwords, if desired) and clickClear Browsing Data.

Google Chrome (Mac)

UnderGo to theChromemenu, selectClear Browsing Dataand check all boxes(except passwords, if desired). UnderClear data for this time period, selectEverythingand clickClear Browsing Data.

Select your model number below:

F@ST 1704

Introduction

A dynamic IP address is an IP address that changes from time to time unlike a static IP address. Most home networks are likely to have a dynamic IP address and the reason for this is because it is cost effective for Internet Service Providers (ISP's) to allocate dynamic IP addresses to their customers.

Instead of one IP address always being allocated to your home network (Static IP), your IP address is pulled from a pool of addresses and then assigned to your home network by your ISP. After a few days, weeks or sometimes months that IP address is put back into the pool and you are assigned a new IP address.

General information about Internet Protocol (IP) addresses

What is an Internet Protocol (IP) address?

An IP address is a number which computers use to identify a location on the network, whether the public Internet or a private network. The number is in the format #.#.#.# where the # may be any number from 0 to 255. For example, 123.12.1.0. Learn more technical details.

Do I have an IP address?

Yes, everyone on the Internet has an IP address, whether you know it or not!

How does OpenDNS use IP addresses?

OpenDNS uses IP addresses to know that a DNS request is coming from you. With a free OpenDNS account, you are only able to register one single IP (network) address under your account. OpenDNS delivers custom DNS preferences and statistics based on the network association, which you establish and verify with a free OpenDNS account in the Dashboard.

diagnostic.opendns.com/myip

Note:

OpenDNS does not provide IP addresses. Those come from your Internet provider.

How do I know my IP address?

On the OpenDNS Dashboard, your current IP address is displayed at the top right of the page.

You may also confirm at you're shown your public IP address, nothing more.

How do I know if my IP address is dynamic?

If you don't know, then your IP is probably dynamic. However, you can contact your ISP and find out!

Public versus private IP address

OpenDNS, like all public Internet services, only sees your "public" IP address when you make a DNS request. At an office or school or behind a router at home, your individual computer may have a different, private IP address, visible only to those inside your network. If an IP address starts with 192.168 or 10.10, for example, that is a private network IP address, not available to the public Internet.

1. SelectControl Panelfrom the Start menu.

NEXT: Test your new settings

2. ClickNetwork Connectionsfrom theControl Panelchoices.

3. Choose your connection from theNetwork Connectionswindow.

In this screenshot, Local Area Connection is the only choice. If you have more than one, choose your default/current connection.

4. ClickPropertiesbutton.

5. SelectInternet Protocol (TCP/IP)and clickProperties.

6. Click the radio button Use the following DNS server addresses and type in OpenDNS addresses in the Preferred DNS server and Alternate DNS server fields.

Please write down your current DNS settings before switching to OpenDNS, in case you want to return to your old settings for any reason.

Preferred DNS server address for Open DNS is:

208.67.222.222

Alternate DNS server address for Open DNS is:

208.67.220.220

7. Cache Flushing

At this point, we recommend that you flush your DNS resolver cacheandweb browser caches to ensure that your new DNS configuration settings take immediate effect.

FamilyShield is a special service offered by OpenDNS distinct from our standard packages. Meant for home users who want to keep their children from seeing inappropriate images on their computers, FamilyShield will always block domains categorized in our system asTasteless, Proxy/Anonymizer, Sexuality, or Pornography. Unlike our standard Home service, you don't need a registered network to use FamilyShield, and it's just as easy to configure.If you have any questions on FamilyShield not answered here, feel free to open up a support ticket or ask in the forums.

To use FamilyShield, you should set your DNS server entries as:208.67.222.123 and 208.67.220.123.On our website, you may notice that OpenDNS' DNS servers are 208.67.222.222 and 208.67.220.220, but these do not apply to FamilyShield customers.

As an example, here are our instructions for MacintoshOSX 10.8configuration settingswith the FamilyShield resolversinstead of our normal ones.If you have a specific operating system besides those listed, follow the instructions for that operating system but substitute208.67.222.123 and 208.67.220.123for the DNS server addresses.

Macintosh OS X 10.8

1. Go to System Preferences.

NEXT: Test your new settings

2. Click on Network.

3. Select the first connection in your list and click Advanced.

4. Select the DNS tab and add 208.67.222.123 and 208.67.220.123 to the list of DNS servers. Click OK

Note:If there are any greyed out IP numbers they can be ignored.

5. Cache Flushing

At the point,we highly suggest that you flush your DNS resolver cacheandweb browser caches to ensure that your new DNS configuration settings take immediate effect.

I have set up everything, but Idon'tsee stats in my account.

The two most likely reasons that your statsdon'tappear in your account are that your IP address is not up to date, or that logging is disabled on your account. Log into the Dashboard (http://dashboard.opendns.com) and compare what the IP address listed at the top of the screen is to your registered IP address. If the twodon'tmatch, then your filters and logs will not function properly. You can update it from the Dashboard, or use our Dynamic IP Updater client to keep your IP address up to date.

https://en.wikipedia.org/wiki/OpenDNS

Alternatively, check your networks Settings tab and click on Stats and Logs on the left hand side to make sure that theEnable stats and logs option is checked.

Can I

see the exact website somebody on my network visited?

The information recorded in the stats page is the list of domains that have been requested from your network. We do not record which device made the request, nor do we include the full URL of the request. For example, If you visit a wikipedia article like <>, we will only record the request to en.wikipedia.org.

We log all requests made through a network protected by OpenDNS, whether or not the request resolved successfully.

Are stats recorded in real time?

Stats are logged two hours after the DNS request is made. After initially turning the stat logging, please allow for 12 hours before first propagation.

Im seeing DNS requests for times when nobody is online.

Though no one is online, if your computer is on, it may make DNS requests on your behalf. This sometimes occurs with scheduled activities like some mail programs, or anti-virus programs getting updates from their servers. Depending on the domain requested, this may be perfectly normal and expected behavior.

Please also make sure that the time zone in your account is correct. You can change this by logging into your account, selecting the My Account tab, and then selecting the Time Zone option from the left-hand menu.

I am generating a report, why is there no data?

There may be one of several reasons you are not seeing data after generating a report. Here are the three most-common causes.

Reports can only be generated for networks where data collection has been enabled. Please go to Enabling Data Collection to verify this setting is configured for each network.

Another possible reason there may not be data in a report: unless OpenDNS handles DNS traffic from an IP address listed as a network in your account, there will be nothing to report. If your network uses a dynamic IP address, ensure the address is up-to-date with your network. For more information, see Networks with Dynamic IP Addresses.

If you are using OpenDNS Basic, you must run a report for each network on a monthly or more frequently basis. OpenDNS ceases to store data for free accounts if the OpenDNS administrator does not generate a report for a period of time greater than a month.

If these situations do not apply to the network in question, please for support.

I am generating a domain report, why does the QNAME say .?

There may be one of several reasons you are not seeing data after generating a report. Here are the three most-common causes.

Reports can only be generated for networks where data collection has been enabled. Please go to Stats and Logs to verify this setting is configured for each network.

Another possible reason there may not be data in a report: unless OpenDNS handles DNS traffic from an IP address listed as a network in your account, there will be nothing to report. If your network uses a dynamic IP address, ensure the address is up-to-date with your network. For more information, see Networks with Dynamic IP Addresses.

If you are using OpenDNS Basic, you must run a report for each network on a monthly or more frequently basis. OpenDNS ceases to store data for free accounts if the OpenDNS administrator does not generate a report for a period of time greater than a month.

If these situations do not apply to the network in question, please for support.

We're rolling out another improvement to OpenDNS:modernized block pages with a cool new look and feel!

We're letting youknow in advance so that if you do see a chance in your block page appearance when clicking on something malicious or forbidden in your settings, you shouldn't worry.

What's changing?

There's no change in functionality or loss of functionality. When a website is blocked, you'll still see a block page and any customizations you've added will still appear.

The only change is to the look & feel- it's modernizedandadditional text to help the user has been added. We've also improved the diagnostics that appear at the bottom of a block page to give more insight for our support team and for you as well.

When is this happening?

The changes to the block pages will be rolling out across each of our data centers. Each data center hosts a server that hosts the block pages, so we'll do a group of data centers at a time.

The final data centers are scheduled to change Thursday August 17th, 2017.

It is possible that as we roll out these changes, some users in onepart of the world may receive a slightly different block page appearance than users in another part of the world.

If you have any questions about this notification, please reach out to [email protected]

Overview

This article provides a broad overview of steps one can take to prevent the circumventing of OpenDNS services by users on your network.

Explanation

Savvy internet users may try to bypass OpenDNS services if your network security configuration allows them to change the local DNS IP server address to something other than the addresses of our public servers. This would render your security policies useless and may leave your network vulnerable. However, it is possible to not allow those other DNS services through your network firewall to the Internet, which will prevent these users from circumventing the protection.

General Instructions

Most routers and firewalls will allow you to force all DNS traffic over port 53, thus requiring everyone on the network to use the DNS settings defined on the router/firewall (in this case, OpenDNS). The preferred recommendation is to forward all DNS requests to go to the openDNS IP's listed below. This way, yousimply forward users' DNS requests without them knowing, instead of having the possibility of someone manually configuring DNS and having it not work.

Essentially, you will want to create a firewall rule to only allow DNS (TCP/UDP) to OpenDNS' servers and restrict all other DNS traffic to any other IPs. Ideally this filter or rule would be added to the firewall that is at the furthest edge of your network. In simple layman's term, this would be defined similarly as below:ALLOWTCP/UDP IN/OUT to 208.67.222.222 or 208.67.220.220 on Port 53

and

BLOCKTCP/UDP IN/OUT all IP addresses on Port 53The first rule trumps the second rule. Put simply, any requests to OpenDNS will be allowed and any requests to any other IP will be blocked.

Depending on your firewall configuration interface, you may need to configure a separate rule for each of these protocols or one rule which covers them both.

The rule can be applied on either the firewall or the router, but normally is best placed on the device most at network edge. A similar rule could be applied to software firewalls installed on a workstation as well, such as the built-in firewall on Windows or Mac OS/X.

Unfortunately, individual configurations are not something OpenDNS is able to assist in supporting, as each firewall or router has a unique configuration interface and these vary greatly. If you are uncertain, you should check your router or firewall documentation or contact the manufacturer to see if this is possible with your device.

Do I need an account to use OpenDNS?

An account is required for our content filtering, through OpenDNS Home Basic. You do not need an account to use our DNS resolvers if you do not want content filtering, or if you are using FamilyShield.

How do I open an OpenDNS account?

To sign up for our OpenDNS Basic account with content filtering, please click here to open an account.

Updating billing information on my OpenDNS VIP/Deluxe account?

In order to change your payment information, simply log in to your OpenDNS account at http://dashboard.opendns.com, go to the Home page and click on theManage This Organizationlink and selectPlan Info. https://support.opendns.com/entries/48988474

On the next page click on thePayment Methodoption to update your credit card.

How and why do I add a network to my account?

In order to filter content, you must have a registered network with a public IP address tied to your account. This is necessary to ensure that your filtering settingsaren'tapplied to other OpenDNS users, nor their settings to your network. In order to add a network, follow the steps on our adding a network guide.

Getting a You cannot add an IP in private address space error.

This error messages means that you are attempting to add a private IP address to your OpenDNS account. In order to find out what your public IP address is, you can visit a site like http://whatismyip.com or http://myip.dnsomatic.com from a computer on your home network.

Do I have a dynamic IP address or a static IP address?

Most home users have a dynamic IP address, but the best way to tell is to either ask your ISP or review your billing statement. A dynamic IP address will change periodically based on the ISPs settings.

What is the OpenDNS updater client? Why do I need it?

The OpenDNS Dynamic IP Updater Client is a piece of software developed to handle the problems of having a dynamic IP address. Because your registered IP address needs to match your public IP address, and it may change without you knowing, we wrote this piece of software to be run in the background of your computer. It detects when your public IP address changes, and updates our systems records to keep your filters and logs from breaking because of a change.

If you wish to the OpenDNS updater client to keep your dynamic IP address updated, you will first need to mark your network as Dynamic using the following steps:

Select the Settings tab, and then select your network. After that, select Advanced Settings and then navigate to the Dynamic IP Update section, select Enable, and then select Apply.For more detailed steps, see our guide at https://support.opendns.com/entries/48988474.

After that, you can download the updater client here: http://www.opendns.com/support/dynamic_ip_downloads/

Please Note:

This client is NOT intended for computers that traverse multiple networks. This is due to the fact that the client will send IP address updates for your present network, and you risk leaving your home network protected and unfiltered.

How else can I update the dynamic IP in my account?

If you do not wish to the OpenDNS updater client but want to keep your dynamic IP address updated, you will first need to mark your network as Dynamic using the following steps:

Select the Settings tab, and then select your network. After that, select Advanced Settings and then navigate to the Dynamic IP Update section, select Enable, and then select Apply. For more detailed steps, see our guide at.

In order to manage your dynamic IP address manually, log into your OpenDNS account and select Settings. If OpenDNS has detected a new IP address for the network, an icon displaying green arrows will be visible next to your network's IP address. Another IP address will be displayed underneath the original. If this second IP address is now being used by this network, click the icon to complete the IP address update to OpenDNS.

No, but for good reason. Blocking advertising providers at the DNS level can have adverse affects on browsing behavior and speed.

Significant reduction in speed is partially due to the process used by many browsers to render a Web page. Each element of content on a Web page is loaded sequentially and if several elements are blocked, the browser waits for a timeout to expire before moving to the next element. This will cause very significant delays when there are multiple elements being blocked.

This performance degradation on the user experience is the main reason OpenDNS does not offer an Advertising category in Web Content filtering.

Note: OpenDNS' service will work on older versions of Mac OS than those listed here, but we do not support these older versions in regard to published configuration.

Please select the operating system that applies to you:

Configuration for Apple OSX Mavericks

Configuration for Apple OSX Snow Leopard

Configuration for Apple OSX Leopard

Configuration for Apple OSX Mountain Lion

Configuration for Apple OSX Yosemite

There are several D-Link Routers with seperate configurations. Please select your model number below:

DIR-890L AC3200 Ultra

EBR-2310

DIR-330

DIR-605L

DIR-615

DIR-660

DIR-855

DIR-825

DIR-657

DIR-624

DGL-4300

DGL-4500, DIR-628, DIR-655, WBR-2310

DSL-2640

DSL-2750B

DIR-816L

DIR-860L, DIR-866L

DIR-890L AC3200 Ultra Wi-Fi

D-Link Router Configuration Supplement - DNS Relay - This guide is designed to be a supplement to the router configuration instructions for D-Link routers.In addition to configuring your device to use OpenDNS for its DNS requests, please follow these steps to disable the DNS Relay functionality on the router to enable OpenDNS to work properly.

Overview: *.opendns.com or *.cisco.com certificate errors: adding an exception to the browser.

GOOD NEWS! A solution for this problem that is easier to manage and persistent for all sites is now available!

As a result, the information below is still applicable but can now be worked around with a permanent solution. We encourage you to try installing the CiscoRoot CA with this article:

https://support.opendns.com/entries/98279288

Why does this occur?

This error is caused by a HTTPS site's certificate expecting to load the original site (like internetbadguys.com, facebook.com, twitter.com) but is being redirected to the OpenDNS block page which the certificate is not signed for. Effectively, the block page is appearing instead of the certificate that the browser (correctly) expects and it's warning you there may be a problem with the connection. In fact, there is an issue: OpenDNS is intercepting the request and blocking it, as per the policies you've configured. This is fully expected given the way in which browser security is designed.The warnings and browser behavior vary slightly between Chrome, Safari, and Firefox, but the root cause is the same in all cases.

When using Block Page Bypass, the scenario changes slightly. Block Page Bypass is essentially an HTTP proxy, and when you request items over HTTPS, we present you an OpenDNS certificate from our block page since we're not able to impersonate other certificates or identities. Once you bypass an HTTPS site, your traffic is then going through the OpenDNS proxy server. This proxy server is using a certificate registered to "*.opendns.com" which is not valid for the domain requested.

The error can be confusing to users and you may wish to stop it from appearing. These messages are all written to sound dangerous and menacing; however, in the case of OpenDNS exceptions, this is expected due to the redirection method of how our blocking service works. It is completely safe to add *.opendns.com security exceptions!

The errors can be avoided in some or all cases. To remove this error, you will need to add an exception. Instructions are presented below for the major three browsers that have certificate errors.

HSTS: A Special Case for Certificate Errors.

There is a special case that isn't covered by the instructions below. If your error does not include the ability to add an exception, this means that the error is a certificate pinning error that is most likely due to an active login session active at the website, and that Chrome, Safari, or Firefox has detected this as a "session hijack" . The solution is to clear your browser's cache (Instructions athttp://www.opendns.com/support/article/68) and refresh the page to return to the certificate error that may be added as an exception and hidden. For more information on the special non-bypassable certificate pinning error and how to bypass it, please see our KB article at https://support.opendns.com/entries/42404534

Safari - Adding an Exception

Click 'Show Certificate' to reveal the full details:

If the certificate looks good to you, check the 'Always trust <name> when connecting to <server name> and click 'Continue'. You will be asked to provide your password to authorize the addition of this certificate to your keychain.

Firefox - Adding an Exception

The Firefox certificate error looks like the below message. The following three images will explain how to add the exception.

First, click "I Understand the Risks"

Then, choose "Add Exception"

Check the box for "Permanently store this exception" and then click Confirm Security Exception

If your error does not include the ability to add an exception, this means that the error is a certificate pinning error that is most likely due to an activelogin session active at the website, and that Firefox has detected this as a session hijack. The solution is to clear your browser's cache (Instructions athttp://www.opendns.com/support/article/68) and refresh the page to return to the certificate error that may be added as an exception and hidden. For more information on the special non-bypassable certificate pinning error and how to bypass it, please see our KB article at https://support.opendns.com/entries/42404534

Chrome - Adding an Exception

Chrome has only one button to Proceed anyway. This will add the security exception for the course of the browser session. Unfortunately, it may return later, so please be aware that it does not store it permanently like Firefox.

If your error includes the words "Cannot connect to the real..." and does not include the ability to add an exception (no "Proceed Anyway" button), this means that you have an active login session active at the website, and that Chrome has detected this as a session hijack. The solution is to clear your browser's cache (Instructions athttp://www.opendns.com/support/article/68) and refresh the page to return to the certificate error that may be added as an exception and hidden.For more information on the special non-bypassable certificate pinning error and how to bypass it, please see our KB article at https://support.opendns.com/entries/42404534

Internet Explorer - Adding an Exception

For Internet Explorer, if you see a security certificate prompt, choose "Continue to this website" to bypass the prompt. Like Chrome, it will store the exception for your current session.

To permanently hide all certificate errors, which may make it difficult to spot legitimate certificate errors not due to blocked domains, see the steps here at this third party resource.

Overview

Umbrella/OpenDNS's global distribution of DNS servers supports huge caching of DNS lookups and enables us to store those lookups for the full Time-to-Live (TTL).

TTL is set by domain owners and tells recursive servers how long they may cache a resolved location before asking the authoritative nameservers once again where the domain points.

If you are a domain owner that is moving a domain from one host to another or just visiting a site that isn't resolving correctly, OpenDNS has a helpful tool that allows you to check the cache on our global resolvers. This tool is called CacheCheck and is available free at the following URL: https://cachecheck.opendns.com/

For domain owners:

OpenDNS gives you unique insight and control into how OpenDNS resolves your domain with OpenDNS CacheCheck. If you are moving a domain from one DNS host to another, CacheCheck can help you make that transition smoother. In effect, you tell OpenDNS to "refresh now," ahead of Time-To-Live (TTL) expiration.

For website visitors:

If you visit a domain and find that it's not resolving, CacheCheck is a way for you to learn more about why that might be happening. In some cases, you can help fix the problem even though you don't control the domain itself.

How to use the CacheCheck tool

If there's anthing amiss with a certain domain, you may always refresh OpenDNS's cache for it using this tool. The steps to do so are very easy and are as follows:

Visit the CacheCheck site at https://cachecheck.opendns.com

Enter a domain name to check and select the "Check this domain" button.

If you haven't used the CacheCheck recently, you might be presented with a Captcha prompt. Please enter the code from the image next to the input box.

Your results will then be displayed as below: diagnostic tool

If you notice an IP discrepancy with any of our resolvers, scroll down to the very bottom of the screen and press the "Refresh the Cache".

That's it! If successful, you will see the following message: "All locations returned the same (valid) answer. If the refreshed results look good, you're done! Our cache now has the correct answers for your domain."

If you are still running into issues with an IP resolving correctly on one or more of our servers, please provide us with the following results and contact one of our support engineers at [email protected] for help.

Overview

In this article, we cover how to change the DNS servers on a router. The aim is to change the servers to use the OpenDNS IPv4 addresses 208.67.222.222 and 208.67.220.220.

NEXT: Test your new settings

Note:

While we have documentation for the most popular routers available here, we do not have the resources to list each single make and model of the router on the market. In general, the instructions below should suffice for most routers.

Solution

1. Open the preferences for your router.

Often, the preferences are set in your web browser, via a URL with numbers (example: http://192.168.0.1 or http://192.168.1.1). You may need a password.

If you're like us, and you set the router password long ago and cannot remember it now, you can often reset the password to the manufacturer default by pressing a button on the router itself.

Or preferences may be set via a specific application for your router, which you installed on your computer when you added the router.

2. Find the DNS server settings.

Scan for the lettersDNSnext to a field which allows two or three sets of numbers, each broken into four groups of one to three numbers. It might look like this:

3. Put in the OpenDNS server addresses as your DNS server settings and save/apply.

Please write down your current settings before entering the OpenDNS addresses, just in case.

208.67.222.222

208.67.220.220

4. Cache Flushing.

Once you have configured your DNS settings and saved them,we highly suggest that you flush your DNS resolver cache to ensure that your new DNS configuration settings take immediate effect.

5. Check your Settings.

Once you have configured your DNS, check the router has retained the settings.

Overview

When a page is blocked by the Cisco Umbrella service, our DNS resolvers display a block page instead of the page with the blocked content. These block pages are served from Cisco Umbrella servers. The anycast IP address and associated block type for these servers are outlined in the table below.

Note:

We do not expect these IPs to change again in the near future, but if they did change, that update would be included in this article.

Solution

Requests using the Block Page Bypass feature could use any of the IP addresses listed on the following website: https://www.opendns.com/data-center-locations /

Name

RecordType

Address

Domain List Block Page

a

146.112.61.104

Domain List Block Page

aaaa

::ffff:146.112.61.104

Command and Control Callback Block Page

a

146.112.61.105

Command and Control Callback Block Page

aaaa

::ffff:146.112.61.105

Content Category Block Page

a

146.112.61.106

Content Category Block Page

aaaa

::ffff:146.112.61.106

Malware Block Page

a

146.112.61.107

Malware Block Page

aaaa

::ffff:146.112.61.107

Phishing Block Page

a

146.112.61.108

Phishing Block Page

aaaa

::ffff:146.112.61.108

Suspicious Response Block Page

a

146.112.61.109

Suspicious Response Block Page

aaaa

::ffff:146.112.61.109

Security Integrations Block Page

a

146.112.61.110

Security Integrations Block Page

aaaa

::ffff:146.112.61.110

Content Filtering through OpenDNS is not available through IPv6. As a result, you'll have to disable IPv6 in order to get content filtering through our service.

To disable IPv6 on your computer, follow the guides below. To jump to Windows, click here.

Mac OSX:

1. Go to System Preferences.

2. Click on Network.

3. Select the first connection in your list and click Advanced.

4. Select Local-Link only or off for Configure IPv6.

Note:Depending on the version of OSX, this may be able to be turned off just set to Local-Link only.

Windows: There are two options for disabling IPv6 in Windows. The first is to disable IPv6 completely and the second is to disable it on your current network device. It is preferable to disable it via method 2; however, method 1 is easier to accomplish.

Disable completely:Microsoft has made an easy fix for this - please see the following page and click to download the "Disable IPv6" Microsoft FixIt from http://support.microsoft.com/kb/929852. In the event that this is needed once again in the future, there is also an "Enable IPv6 FixIt" available for download.

Disable IPv6 on the network connection. The instructions below cover Windows 7 and Windows 8:

Windows 8:

1. From the Windows 8 Start Menu, go to Desktop.

Click or tap the Desktop tile.

2. From the Desktop, right click the Networks icon and select Open Network and Sharing Center.

3. Click on your primary connection or Local Area Connection under 'Active Networks.'

While in the Open Network and Sharing Center, click the current active connection or the connection that you want to configure OpenDNS on. In our example, the Ethernet adapter is the active connection.

4. When the adapter status window pops up, click Properties.

5.Uncheck Internet Protocol Version 6, then click OK.

Windows 7:

Policy Editor

1. Click the Start menu, then select Control Panel.

2. Click on Network and Sharing Center.

3. Click on your primary connection or Local Area Connection under 'Active Networks.'

4. Click the Properties button.

Windows 7 may prompt you for permission to make network setting changes.

4. Uncheck Internet Protocol Version 6.

Then click OK.