Opendns.com Must Die! Facebook Is Blocked!

[koheesti]

OK, I'm addicted to FaceBook, I admit it. Why is the subject for another thread. Right now I'm having problems getting on FaceBook because I'm redirected something called OpenDNS.com and see this message:

Site blocked. www.facebook.com is not allowed on this network.

This site was categorized as:

Instant messaging, Social networking

Questions? Not properly categorized?

OpenDNS looks like a legit operation but WHY is it suddenly blocking FaceBook and sometime my Azureus? My ISP is TT&T. Is this something they have started using? Or is this virus/trojan related?

Yes, I have sent them an email asking what's up but as of yet no reply.

Edited May 22, 2009 by koheesti

[RKASA]

Opendns has a parental block system.  Purhaps its been made active for facebook by TT&T.  As its their network.  Someone at TT&T purhaps having more fun then they should.  Its not a gov. assigned block so its ok to proxy it as a test.  If it was an offical block the message would be from MCIT or TT&T with info from MCIT.  All other things are just network problems.  And opendns won't block without a request from whom ever controls your IP.  It opens fine from ToT with opendns addy 

[koheesti]

I called TT&T customer service but this issue is beyond their English language competence (hint to all you English teachers out there).

[monkfish]

Are you using Trend Micro? if so turn off website filter!

[davidsallen]

OpenDNS is indeed evil, but for some reason, the security team at the company I work for inists that we use it. On several occasions it has caused email to be blocked with no real notification that OpenDNS blocking it was the cause. (we had to look through the SMTP logs to verify it) If you created an account with OpenDNS - in theory you should be able to modify the settings to white list facebook so you can get your messages through.

-David

Edited May 22, 2009 by davidsallen

[webfact]

Most of theses outcries "my website has been blocked" are mostly due to wrong user settings either in the firewall or in other security packages!

Facebook.com was up and running and is alive. EVERY provider can block web sites. For this easy to achieve task openeDNS is not needed.

Not every "down" is an immediate blocking of something. We deal with the is the internet, were gazillions of computers/networks must play together and be balanced -

Most of these "blocking issues" are temporarily and can be caused by sever maintenance or network issues at the providers site.

Users here in Thailand tend to get paranoid immediately if someone can't access a site no matter what might be the cause.

Let me remark even openDNS was down sometimes in the past. Its not the holy grail. You can look at their web site which servers are up or down!

If you use DNS goo to your TCP/IP settings and st your providers DNS on the list as well.

In case you are redirected to open DNS (and don't use it) Facebook might use openDNS and has blocked Thai IP addresses... Sometimes

a user must view the issue from the opposite direction too, not only from his site.

To make 100% sure something is down or not test with http://downforeveryoneorjustme.com/ or use the Sam Spade utility.

Edited May 23, 2009 by webfact

[Texpat]

I wouldn't be overly surprised if Thailand blocks facebook at some future point.

There are some very funny and (ahem) interesting entries listed for a select few Thai icons.

[monty]

Facebook works perfectly fine for me using TT&T with openDNS servers...

[Crushdepth]

OpenDNS is working with Facebook for me. Problem lies elsewhere.

[stumonster]

facebook and myspace users should be segregated from the rest of us on the internet

[koheesti]

Users here in Thailand tend to get paranoid immediately if someone can't access a site no matter what might be the cause.

With just cause me thinks.

I don't use OpenDNS. Never even heard of it before yesterday. I haven't made any changes to anything on my end so the problem must be with someone else. It works OK this morning so far but it could be like last night and go on and off.

And thanks for all the informative replies.

[webfact]

I did try my luck with OpenDNS for an week. Never going to use it again. Why?

Well.

1) OpenDNS had it's problems of resolving dns-names. True on not, but I did got too many times DNS name not found while browsing. Naturally OpenDNS did offer some of it's advertises. Yes. Those URL's were correct so I think this was just an advertise scheme.

2) OpenDNS reroutes for example Google traffic to OpenDNS servers. This will cause two things.

- Slowdown of the traffic as Google has it's own backbone internet connection from Thailand

- OpenDNS can snoop out what I was doing - man in the middle problem that is.

3) This was the most severe one. While trying to log in to ovi.com with my Nokia phone I got an certificate error. Lucky for me the Nokia phone had old certification database. Otherwise I would not notified it. So OpenDNS is acting as man in the middle on the https-connections as well. I wish not to share my login creditials with an company which don't really have so good reputation.

Please check the OpenDNS forums and see that there is lots of security concerned persons who will not use the OpenDNS anymore. I'm not security-geek and think that most of the security issues are actually minimal. This was not the case with OpenDNS for me.

My solution was to setup my own DNS-server, which I can count on (I have almost 20 years of Unix experience, so not a big task). This might not be the solution for others, but just search for alternatives.

-Pekka

Partly I agree with you. For an alternative DNS I would try this one: http://www.dnsadvantage.com/

[Veazer]

OK, I'm addicted to FaceBook, I admit it. Why is the subject for another thread. Right now I'm having problems getting on FaceBook because I'm redirected something called OpenDNS.com and see this message:

Site blocked. www.facebook.com is not allowed on this network.

This site was categorized as:

Instant messaging, Social networking

Questions? Not properly categorized?

OpenDNS looks like a legit operation but WHY is it suddenly blocking FaceBook and sometime my Azureus? My ISP is TT&T. Is this something they have started using? Or is this virus/trojan related?

Yes, I have sent them an email asking what's up but as of yet no reply.

It's not the fault of OpenDNS per se, it's just another user sharing your IP range that has chosen to block these services. Start an OpenDNS account and try so setup your own rules. IIRC, they will see a conflict and you'll both lose the right to tighten down the settings and it will revert to standard OpenDNS. Let us know how it works out.

[Prasert]

...

2) OpenDNS reroutes for example Google traffic to OpenDNS servers. This will cause two things.

- Slowdown of the traffic as Google has it's own backbone internet connection from Thailand

- OpenDNS can snoop out what I was doing - man in the middle problem that is.

....

Very true. OpenDNS claims they do this to bring down the amount of traffic.

My solution was to setup my own DNS-server, which I can count on (I have almost 20 years of Unix experience, so not a big task). This might not be the solution for others, but just search for alternatives.

There are advantages in running your own dns server:

• real answers - the dns uses all the root-name servers to direct a query at an authorized name-server. Unless you change a host yourself, no wrong answers will be given.
  
• your own TLD - if you run your own intranet (e.g. company network) it is possible to create a top-level domain (or normal domain) on the network. E.g. www.developer.test for an intranet server used by website designers. Microsoft Server is usually set up this way as well, in the TLD .local
  
• Can be used by as many clients as you want.
  

I am also running my own dns servers - Bind9 on two unix machines (bind + unix is still thé standard after more than two decades).

I admit there might be some disadvantages, mainly in administration:

• No GUI - to fully use the potential one has to configure the files with a text editor, carefully checking no mistakes have been made. Forgetting a simple dot can disrupt everything.
  
• Administration requires knowledge about how DNS works. The DNS in Windows Server is equiped with a GUI, which partially helps in preventing mistakes but one still has to configure it all from scratch.
  

[webfact]

Look at my post #13. I am using this dns and I got the impression it is much faster than openDNS.

They have a location node in Hong Kong http://www.dnsadvantage.com/dnsadv/node_locations.html

and I would like to know the opinion from other users about the quality of that DNS.

[Phil Conners]

^ Hm, dnsadvantage is free just like opendns, but all businesses need to make a profit somehow. opendns obviously do it by redirecting typos, is dnsadvantage doing the same thing? In that case I don't see the point of changing. OpenDNS works fine for me, never had a problem.

[vagabond48]

^ Hm, dnsadvantage is free just like opendns, but all businesses need to make a profit somehow. opendns obviously do it by redirecting typos, is dnsadvantage doing the same thing? In that case I don't see the point of changing. OpenDNS works fine for me, never had a problem.

same for me. I am on TOT and am using facebook with no problem. Unless I am missing something OPENDNS appears invisible to me except on rare occasion when it cannot resolve a URL address and I am redirected to their site.

[Crushdepth]

1) OpenDNS had it's problems of resolving dns-names. True on not, but I did got too many times DNS name not found while browsing. Naturally OpenDNS did offer some of it's advertises. Yes. Those URL's were correct so I think this was just an advertise scheme.

I'd rather use OpenDNS than the broken and poisoned DNS service of a local ISP any day. I don't think OpenDNS are evil at all, they provide a good service and it costs you nothing. I can live with the occasional ad when a nameserver isn't working.

[livinthailandos]

I'd rather use OpenDNS than the broken and poisoned DNS service of a local ISP any day. Crushdepth you hit the nail on the head

You know back last year when Dan Kaminsky put out the word, I didnt know much about dns until that article came out, since then I"ll tell you this much, there are many different kinds of man in the middle attacks, if opendns was doing something bad you'd hear about it pretty fast actually. many places have positive points and reviews of opendns. Lets be realistic on the issue especially thailands ISP and dns servers

1. I am sure its well noted that ISP's employees in thailand are generally not well educated. From customer service there so called tech people. I think this is due to low pay, lack of training and understanding, although I have had a few good experiences I believe most ISP here would have possibly a C rating.

2. From thailand to anywhere any local ISP DNS server is most likely going to have holes or not be patched, I'm pretty sure its not hard to find

3. From an ISP point of view, security isn't there highest properity, its making money, pleasing investors.

4. Between exploits, virus, malware, rootkits, denial of service, and the list goes on and on, having some form of help for an alternative DNS Server besides a local ISP is very useful. In my opinion.

5. Setting up a DNS Server, Im not that skilled to set something like that up, and looking for alternatives, can you give me some idea what i can do besides using a local isp dns server or opendns. If so please provide details

[webfact]

1) OpenDNS had it's problems of resolving dns-names. True on not, but I did got too many times DNS name not found while browsing. Naturally OpenDNS did offer some of it's advertises. Yes. Those URL's were correct so I think this was just an advertise scheme.

I'd rather use OpenDNS than the broken and poisoned DNS service of a local ISP any day. I don't think OpenDNS are evil at all, they provide a good service and it costs you nothing. I can live with the occasional ad when a nameserver isn't working.

100% true! Local ISP DNS is x%$/&§"=?.

Currently I am using DNS Advantage (www.dnsadvantage.com) which seems to be very reliable and stable but doesn't provide a dashboard yet but well worth a try!

[Veazer]

Currently I am using DNS Advantage (www.dnsadvantage.com) which seems to be very reliable and stable but doesn't provide a dashboard yet but well worth a try!

I've been using both, dnsadvantage as primary and opendns as backup. seems to work well.

[sabaijai]

Does anyone know if myspace is now blocked in Thailand? I get an 'Address Not Found' message the last couple of days.

[webfact]

Does anyone know if myspace is now blocked in Thailand? I get an 'Address Not Found' message the last couple of days.

fast access at 2:40pm with CSloxinfo from Bangkok (DNSadvantage)

[sabaijai]

Must be my service provider then. I'll give them a call.