I have tried rebooting everything, clearing dns cache, reinstalling everything.. still doesn't work.
The only way this works is by manually entering the other Family OpenDns IP on the right side
It seems their default DNS IP (208.67.222.222 - 208.67.220.220) is not working. I searched to see if they are having issues, but apparently they are not.
If I use any other Upstream DNS from the list, it works fine, just not OpenDns.
Any ideas as to why this is happening outside of OpenDns having issues?
Go to https://www.dnsleaktest.com and run the Extended test. This will try to find the DNS servers being used by your network. If you're using just OpenDNS then you should see just that organisation listed in the results in the ISP column.
That information hasn't changed, it was last edited 2 years ago (to update the description to include DNSSEC as adopted by OpenDNS on 2020-03-10).
Those OpenDNS resolvers only provide minimal filtering of some known phishing and malware domains by default.
Customising OpenDNS filtering behaviour is possible, but would require you to sign up for an OpenDNS account, and for that to work, OpenDNS has to always be aware of the current public IP(s) of the device that is sending those DNS requests - typically, those of your router.
If you did sign up with OpenDNS, you probably should check your OpenDNS account settings.
In contrast, the alternative OpenDNS FamilyShield resolvers 208.67.222.123 and 208.67.220.123 you have been using as Pi-hole's custom upstreams are preconfigured by OpenDNS to block adult content as well.
I use Pihole to block ads and OpenDNS as the upstream DNS to filter adult content.
I have been using OpenDns for many years and I know exactly how their DNS service works.
I have an account with them as well and have custom filtering.
This is not the issue. The issue I am having is, OpenDns is not filtering ANY adult content at all. Whether I select OpenDNS from the Pi-hole's UI or by entering manually the family DNS 208.67.222.123 - 208.67-220.123. It just won't filter anything.
The only way it works is by using their DNS service without using Pihole, meaning like this...
where your screenshot shows the very FamilyShield IPs that you now state as not working neither?
Am I assuming correctly then that your complaint is not about Pi-hole's OpenDNS resolvers not working at all, but rather that they would not apply custom filtering as you would expect based on your OpenDNS account settings?
If that's the case, it would mean that OpenDNS is answering DNS requests, but it is not applying your custom OpenDNS account filtering, likely because it cannot associate the requests with your account.
One possible area to investigate would be:
If it would be your router that registers its public IP with your OpenDNS account, then you should be able to use 208.67.222.222 and 208.67.220.220 with custom OpenDNS account filtering straight away, as your router would NAT your Pi-hole host machine's IPv4 traffic via its public IP.
I am not familiar with OpenDNS account, but would there be a way to list the IP addresses associated with your account?
You may want to check whether that would match your router's current public IP, which may have changed.
Maybe I am not explaining my issue correctly and I apologize about that... let me try again.
I have been using Pihole to block ads and OpenDNS as the Updtream DNS to block adult content. It has been working great until recently when I noticed adult sites were not being filtered.
So, I started trying out different things and that's when I notice that OpenDNS is the only Upstream DNS that's not working for me when using the Pihole UI... whether I use the right side or the left..whether I use 208.67.222.222 - 208.67.220.220 or 208.67.222.123 - 208.67.220.123. If I set it in Pihole, it has not effect at all.
All other Upstream DNS servers from the Pihole UI work fine, just not OpenDNS, either IP address.
But, if I point my PC to OpenDNS, then it blocks adult sites.
This is why I am thinking it has to be something with Pihole and OpenDns Upstream not working properly. This started happening after the last Pihole update.
Not too familiar with dig, but when I try to follow your commands, I get "*dig is not recognized as an internal or external command, operable program or batch file"
You should run that dig from the machine that hosts your Pi-hole.
If you would be hosting your Pi-hole in a virtualised environment like a VM, please run those commands from within the VM.
The first dig send the domain directly to OpenDNS's public IP @208.67.222.222, whereas the second send it to @127.0.0.1, i.e. your localhost Pi-hole.
You'll note that the IPs provided by those two replies are identical:
That means that OpenDNS is providing the same answer, regardless whether Pi-hole is involved or not.
The results you get are the same that I get when running those commands, i.e when using OpenDNS without a registered account.
As it is OpenDNS supplying that answer, that would strongly suggest that OpenDNS is not able to identify those requests as being associated with your account, and hence not subject to the additional filtering you did configure through that account.
As I do not know OpenDNS internals, I can only repeat my previous advice:
I will use 208.67.222.123 - 208.67.220.123 which doesn't require an account and will block adult sites by default. Once I add the change in Pihole, I will do a dns flush and wait a few minutes.
