Content filtering works, dnsleaktest fails

Forums Service Issues Setups & Configurations Content filtering works, dnsleaktest fails

  • aryeh
    October 15, 2020 at 9:06 pm

    Hi, I got my router (running Openwrt) pointing to 185.228.168.10. Content filtering seems to be working, but dnsleaktest.com shows Google servers. I’m located in Israel, and am a free user.

    From a computer with linux

    aryeh@chromebook:~$ nslookup google.com
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Name: google.com
    Address: 216.239.38.120

    aryeh@chromebook:~$ nslookup sex.com
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    ** server can’t find sex.com: NXDOMAIN

    aryeh@chromebook:~$ nslookup sex.com 8.8.8.8 <I have a port forward rule to hijack dns requests>
    Server: 8.8.8.8
    Address: 8.8.8.8#53

    ** server can’t find sex.com: NXDOMAIN

    aryeh@chromebook:~$ nslookup -q=TXT mylocation.whois.dnscontest.cleanbrowsing.org
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    mylocation.whois.dnscontest.cleanbrowsing.org text = “CleanBrowsing: dns-edge-israel-telaviv-k, 185.228.168.10”

    Authoritative answers can be found from:

    When I run the standard test at dnsleaktest.com I get different results each time I run it, sometime cleanbrowsing servers alone, sometimes cleanbrowsing and Google servers, and sometimes only google.

    IP Hostname ISP Country
    172.253.225.35 None Google Frankfurt am Main, Germany
    185.229.226.229 dns-edge-israel.cleanbrowsing.org. O.m.c. Computers & Communications Ltd Tel Aviv, Israel

    IP Hostname ISP Country
    172.217.33.130 None Google Frankfurt am Main, Germany
    172.217.33.195 None Google Frankfurt am Main, Germany
    172.217.34.4 None Google Frankfurt am Main, Germany
    172.253.197.1 None Google Frankfurt am Main, Germany
    172.253.199.1 None Google Frankfurt am Main, Germany
    172.253.199.5 None Google Frankfurt am Main, Germany

    IP Hostname ISP Country
    185.229.226.229 dns-edge-israel.cleanbrowsing.org. O.m.c. Computers & Communications Ltd Tel Aviv, Israel

    IP Hostname ISP Country
    172.253.225.34 None Google Frankfurt am Main, Germany
    185.229.226.229 dns-edge-israel.cleanbrowsing.org. O.m.c. Computers & Communications Ltd Tel Aviv, Israel

    Is this the expected results? Any idea why dnsleaktest.com would be reporting Google servers?

    Thanks

    Daniel Cid
    October 22, 2020 at 6:04 pm

    If you are getting the Google servers on DNSleaktest, it means your setup is not working properly.

    You are supposed to always be getting the CleanBrowsing one, otherwise it means some of your requests are not going through us.

    Mind sharing more how you configured it? You mentioned a redirect on your router, maybe that’s something wrong there?

    thanks,

    aryeh
    October 27, 2020 at 5:53 pm

    Here is my port forwarding rule, not sure if it would cause problems.
    port forward rule

    I noticed on my router’s main page that the ipv4 dns address points to cleanbrowsing, but the ipv6 dns address is google’s. I’m not sure how the ipv6 dns gets set, and I suspect it could be causing DNSleaktest to fail.

    main page

    below are my DNS page settings
    dns setting 1
    dns settings 2

    Below is an nslookup to google ipv4 and then to ipv6 addresses. The ipv6 address unfortunately returns an IP. It looks like my port forward doesn’t intercept it.

    aryeh@olddesktop:~$ nslookup sex.com 8.8.8.8
    Server: 8.8.8.8
    Address: 8.8.8.8#53

    ** server can’t find sex.com: NXDOMAIN

    aryeh@olddesktop:~$ nslookup sex.com 2001:4860:4860::8888
    Server: 2001:4860:4860::8888
    Address: 2001:4860:4860::8888#53

    Non-authoritative answer:
    Name: sex.com
    Address: 15.222.86.183
    Name: sex.com
    Address: 99.79.105.69
    Name: sex.com
    Address: 2600:1f11:f61:1000:d6:b66b:6dc3:970b
    Name: sex.com
    Address: 2600:1f11:f61:1000:5374:c426:aa04:a354

    I guess I have to figure out how to set my ipv6 dns address in my openwrt router, or disable it. Am I understanding the problem correctly? any suggestions of how to fix?

    • This reply was modified 2 years, 4 months ago by aryeh. Reason: cant upload pictures, need to use hosting service
    aryeh
    October 27, 2020 at 6:09 pm

    port forward
    Here is my port forwarding rule, not sure if it would cause problems.

    I noticed on my router’s main page that the ipv4 dns address points to cleanbrowsing, but the ipv6 dns address is google’s. I’m not sure how the ipv6 dns gets set, and I suspect it could be causing DNSleaktest to fail.

    main page

    below are my DNS page settings
    dns settings 1
    dns settings 2

    Below is an nslookup to google ipv4 and then to ipv6 addresses. The ipv6 address unfortunately returns an IP. It looks like my port forward doesn’t intercept it.

    aryeh@olddesktop:~$ nslookup sex.com 8.8.8.8
    Server: 8.8.8.8
    Address: 8.8.8.8#53

    ** server can’t find sex.com: NXDOMAIN

    aryeh@olddesktop:~$ nslookup sex.com 2001:4860:4860::8888
    Server: 2001:4860:4860::8888
    Address: 2001:4860:4860::8888#53

    Non-authoritative answer:
    Name: sex.com
    Address: 15.222.86.183
    Name: sex.com
    Address: 99.79.105.69
    Name: sex.com
    Address: 2600:1f11:f61:1000:d6:b66b:6dc3:970b
    Name: sex.com
    Address: 2600:1f11:f61:1000:5374:c426:aa04:a354

    I guess I have to figure out how to set my ipv6 dns address in my openwrt router, or disable it. Am I understanding the problem correctly? any suggestions of how to fix?

    • This reply was modified 2 years, 4 months ago by aryeh.
    aryeh
    October 27, 2020 at 6:13 pm

    Here is my port forwarding rule, not sure if it would cause problems.

    I noticed on my router’s main page that the ipv4 dns address points to cleanbrowsing, but the ipv6 dns address is google’s. I’m not sure how the ipv6 dns gets set, and I suspect it could be causing DNSleaktest to fail.

    below are my DNS page settings

    Below is an nslookup to google ipv4 and then to ipv6 addresses. The ipv6 address unfortunately returns an IP. It looks like my port forward doesn’t intercept it.

    aryeh@olddesktop:~$ nslookup <bad site> 8.8.8.8
    Server: 8.8.8.8
    Address: 8.8.8.8#53

    ** server can’t find <bad site>: NXDOMAIN

    aryeh@olddesktop:~$ nslookup <bad site> 2001:4860:4860::8888
    Server: 2001:4860:4860::8888
    Address: 2001:4860:4860::8888#53

    Non-authoritative answer:
    Name: <bad site>
    Address: 15.222.86.183
    Name: <bad site>
    Address: 99.79.105.69
    Name: <bad site>
    Address: 2600:1f11:f61:1000:d6:b66b:6dc3:970b
    Name: <bad site>
    Address: 2600:1f11:f61:1000:5374:c426:aa04:a354

    I guess I have to figure out how to set my ipv6 dns address in my openwrt router, or disable it. Am I understanding the problem correctly? any suggestions of how to fix?

    aryeh
    January 24, 2021 at 12:22 am

    port forward
    Here is my port forwarding rule, not sure if it would cause problems.

    I noticed on my router’s main page that the ipv4 dns address points to cleanbrowsing, but the ipv6 dns address is google’s. I’m not sure how the ipv6 dns gets set, and I suspect it could be causing DNSleaktest to fail.

    main page

    below are my DNS page settings
    dns settings 1
    dns settings 2

    Below is an nslookup to google ipv4 and then to ipv6 addresses. The ipv6 address unfortunately returns an IP. It looks like my port forward doesn’t intercept it.

    aryeh@olddesktop:~$ nslookup sex.com 8.8.8.8
    Server: 8.8.8.8
    Address: 8.8.8.8#53

    ** server can’t find sex.com: NXDOMAIN

    aryeh@olddesktop:~$ nslookup sex.com 2001:4860:4860::8888
    Server: 2001:4860:4860::8888
    Address: 2001:4860:4860::8888#53

    Non-authoritative answer:
    Name: sex.com
    Address: 15.222.86.183
    Name: sex.com
    Address: 99.79.105.69
    Name: sex.com
    Address: 2600:1f11:f61:1000:d6:b66b:6dc3:970b
    Name: sex.com
    Address: 2600:1f11:f61:1000:5374:c426:aa04:a354

    I guess I have to figure out how to set my ipv6 dns address in my openwrt router, or disable it. Am I understanding the problem correctly? any suggestions of how to fix?

    aryeh
    January 24, 2021 at 12:22 am

    port forward
    Here is my port forwarding rule, not sure if it would cause problems.

    I noticed on my router’s main page that the ipv4 dns address points to cleanbrowsing, but the ipv6 dns address is google’s. I’m not sure how the ipv6 dns gets set, and I suspect it could be causing DNSleaktest to fail.

    main page

    below are my DNS page settings
    dns settings 1
    dns settings 2

    Below is an nslookup to google ipv4 and then to ipv6 addresses. The ipv6 address unfortunately returns an IP. It looks like my port forward doesn’t intercept it.

    aryeh@olddesktop:~$ nslookup <bad site> 8.8.8.8
    Server: 8.8.8.8
    Address: 8.8.8.8#53

    ** server can’t find <bad site>: NXDOMAIN

    aryeh@olddesktop:~$ nslookup <bad site> 2001:4860:4860::8888
    Server: 2001:4860:4860::8888
    Address: 2001:4860:4860::8888#53

    Non-authoritative answer:
    Name: <bad site>
    Address: 15.222.86.183
    Name: <bad site>
    Address: 99.79.105.69
    Name: <bad site>
    Address: 2600:1f11:f61:1000:d6:b66b:6dc3:970b
    Name: <bad site>
    Address: 2600:1f11:f61:1000:5374:c426:aa04:a354

    I guess I have to figure out how to set my ipv6 dns address in my openwrt router, or disable it. Am I understanding the problem correctly? any suggestions of how to fix?

    aryeh
    January 24, 2021 at 12:22 am

    having trouble with links and uploading images

    port forward rule
    port-forwards

    main page
    main-page

    dns settings
    dns-setup-1
    dns-setup-2

Tagged: