OpenDNS FamilyShield doesn't seem to work

Hi!

Not sure my situation has anything to do with pi-hole, but I don't know where to ask about this, and I am hoping someone here can help me.
I have Pi-hole running on an RPi with docker compose.
As upstream DNS I set the OpenDNS family shield IPs:

• 208.67.222.123
• 208.67.220.123

And I think I did that right, because the query log shows:

Screenshot_20250125_163458_Firefox1080×2402 213 KB

At the same time, I set dyndns with a ddclient also under docker compose.
This also seems to work. Ddclient log shows

Screenshot_20250125_165810_Firefox1079×172 47.7 KB

And when I login to OpenDNS, the IP there is the correct one.

However, the filtering I configured in OpenDNS is not applied. And the test pages from OpenDNS show me I am not using it.

Now, I know this should work because it has worked for me in the past. It's just, I upgraded RPi OS and after this I can't get it to work anymore.

Any ideas, anyone?

OK, I managed to clarify in the meantime that for opendns filtering as I set it in my account I need to use the IPs

208.67.222.222 and 208.67.220.220

I wasn't clear on this before, but I had in fact tried both combinations of IPs with the same result.

In the meantime, I've changed again to the correct ones and I did all kinds of attempts at debugging this, with no success.

I still don't get the filtering that I set in my account.

This is driving me crazy because it used to work so well, for several years. Then, I upgraded and can't get it to work to save my life.

If it helps, my docker compose entry for pi-hole is:

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    environment:
    - WEBPASSWORD=Redacted
    - TZ=Europe/Berlin
    - WEB_UID=1000
    - WEB_GID=1000
    volumes:
    - ./volumes/pihole/etc-pihole/:/etc/pihole/
    - ./volumes/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/
    dns:
    - 127.0.0.1
    - 1.1.1.1
    cap_add:
    - NET_ADMIN
    restart: unless-stopped
    network_mode: host

I've also tried removing the dns block, with the same result. The block was in fact the same before, when it used to work. The only new thing are WEB_UID and WEB_GID which I added trying to solve a different problem I have.

Any help will be greatly appreciated.

What did you upgrade?

@CallMeCurious Sorry, I confused this post with another one I made recently, and I was under the impression I had written this.

So I'm running pi-hole on an RPi4 with docker compose. I had been running it all an old version of Raspbian and it worked great for several years.

Then, I did a botched attempt at in-place upgrade of the OS and ended up with a bricked system. I backed up the data in that system and decided to start from scratch. It took a few months until I was able to get to this, and other things were also updated in the meantime (e.g. docker-compose no longer accepted a yaml with network-mode host and port mappings) - I guess pihole itself has also seen some updates, so I'm not saying the OS update is at fault.

In any case, after a while, I installed bookworm aarch64 and reinstalled everything. I started by using the previous docker-compose and even restored the backed volumes. This worked in most cases, though I did have a bit of trouble with file permissions here and there.

However, I never could get pi-hole to work properly with OpenDNS again.

PS: ddclient itself was also updated and created some problems. With the same ddclient.conf that I had been using before, the newer version just didn't want to work anymore, on the host OS. It was throwing out some errors, but I forget what they were.

So I installed ddclient also as a docker container. According to the logs, it works. Even in the opendns settings I can see that my IP is updated.

Gotcha. There is lot of moving parts there. Its possible that what you backed up isn't compatable with the new os. Alot has changed, network wise, from older versions of raspbian to Bookworm. I think this is beyond me but hopefully the addition info may give others some insight.

I know what you mean and I'm also hoping someone can help.

The thing is, I even tried to rebuild the entire container from scratch and still no joy. So all I kept was the docker_compose.yaml entry (with some corrections, as I mentioned).

Then I reconfigured everything by hand. Same result.

I tried to get help from ChatGPT, but that didn't go too far.

dig +short whoami.opendns.com TXT

Returns nothing.

dig +short myip.opendns.com @208.67.222.222

also returns nothing

I also get this but I'm not sure what to do with it.

dig @208.67.222.222 whoami.opendns.com TXT

; <<>> DiG 9.16.48-Debian <<>> @208.67.222.222 whoami.opendns.com TXT ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52837 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;whoami.opendns.com.            IN      TXT

;; AUTHORITY SECTION: opendns.com.            1800    IN      SOA     auth1.opendns.com. noc.opendns.com. 1738016514 16384 2048 1048576 2560

;; Query time: 95 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Mon Jan 27 23:22:26 CET 2025 ;; MSG SIZE  rcvd: 93

Apart from this, ChatGPT keeps going on circles.

Your other queries are no differnent that mine ( running bare metal ) but this one should return you public IP ( it did for me, again running baremetal ). I'm only guessing here but perhaps this has something to do with the docker bridge?

You mean for pihole? Its container has network_mode: host

And those dig results, I get the exact same inside the pihole container and on the host.

Oh!

Almost forgot about this.
I set my phone to use the DNS servers
208.67.222.222

208.67.220.220
(while in the same network)

and I still don't get filtering. So it seems it's some kind of problem on opendns site, maybe.

But how might I find out what?

It could have something to do with the way ddclient updates the dynamic DNS, but I don't know.

You may wish to uninstall the ddclient stuff and make sure the base opendns filtering works as intended and then add back in the ddns piece.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.