Need help configuring OpenDNS' FamilyShield nameservers

Hello UM Community,

I just installed Ubuntu Mate last night and so far things look good. Because I have kids, I would like to set up an internet filter to protect them from inappropriate sites. I was using OpenDNS’ FamilyShield https://www.opendns.com/home-internet-security/ before on my WinXP machine and it worked great. I would like to do the same for Ubuntu-Mate.

I followed OpenDNS’ set up guide for Ubuntu and Linux here (scroll to the bottom to find Linux): https://support.opendns.com/forums/21618384-Computer-Configuration, but it didn’t work.

The instructions for Ubuntu https://support.opendns.com/entries/38042814-Ubuntu even included some terminal commands, which I followed, but to no success. Honestly, I don’t know if I did it right since I’m new to using terminal commands

Anyone have an idea or solution on how to make this work?

Thanks everyone!

The dhclient configuration for the newer Linux versions is different from what is on the OpenDNS website.

(1) Edit the file "/etc/dhcp/dhclient.conf" with "sudo pluma /etc/dhcp/dhclient.conf".

(2) (optional) Remove "domain-name-servers" from the dhcp request stanza:

request subnet-mask, broadcast-address, time-offset, routers,
	domain-name, domain-name-servers, domain-search, host-name,
	dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
	netbios-name-servers, netbios-scope, interface-mtu,
	rfc3442-classless-static-routes, ntp-servers;

(3) Next, add OpenDNS servers to a supercede line:

#send dhcp-lease-time 3600;
#supersede domain-name "fugue.com home.vix.com";
supercede domain-name-servers 208.67.222.222, 208.67.220.220
#prepend domain-name-servers 127.0.0.1;

(If you removed the request for "domain-name-servers" then the correct entry would be:

prepend domain-name-servers 208.67.222.222, 208.67.220.220

)

(4) Remove any customization you made in Network Manager. Set Connections Method to "Automatic (DHCP)".

(5) Reboot and enjoy.

Thanks @Dave_Barnes! I’m a noob with Linux and using terminal commands, do I type this all in the terminal as is? Sorry. I just want to make sure I do it right and not mess anything up.

I think I understand (1). Since (2) is optional, do you recommend that I do it? Do I type everything as is, but replace “domain-name-servers” to “prepend domain-name-servers 208.67.222.222, 208.67.220.220,” correct?

After this, then I type all of (3) as is?

Thank you for your patience and understanding.

If you delete “domain-name-servers” from the dhcp request then you want to use the “prepend” line.

For best safety, I would recommend that you remove the request “domain-name-servers”.

For OpenDNS FamilyShield, he new request stanza would be:

request subnet-mask, broadcast-address, time-offset, routers,
	domain-name, domain-search, host-name,
	dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
	netbios-name-servers, netbios-scope, interface-mtu,
	rfc3442-classless-static-routes, ntp-servers;

And then add the “prepend” line:

prepend domain-name-servers 208.67.222.123, 208.67.220.123

Cut and paste is your friend

Once upon a time I used OpenDNS, but not lately.

@Dave_Barnes, so I finally had a chance to do this today, but it didn't work. I got into Pluma, deleted the "domain-name-servers" as recommended and I added the prepend domain-name-servers 208.67.222.222, 208.67.220.220 (this is their other DNS servers besides the FamilyShield one).

I clicked on Save while in Pluma, then I exited. I rebooted then launched Firefox to test a website and it was not getting blocked. Did I miss something?

Screenshot at 2016-08-08 19:45:43.png720×218 36.5 KB

Thanks!

@PointMan I use OpenDNS’s family filtering also. However, I implement it on my home router.
Is there a reason you don’t?
Basically, you create an account on OpenDNS, plug their DNS servers in your router settings (OpenDNS has guides on how to do this), and then register your Public IP with them then turn the filtering on under the Settings of your Public IP address.

Hey @t3kg33k, I wish I could, but our internet service provider doesn’t allow it. They blocked us from changing the DNS settings in their modem/router. I even tried connecting my own router to their modem (and changing the DNS settings in my own router), but it still didn’t work

From your screenshot it looks as if you have prepend commented out with a #. You will need to remove the # from that line.
Most of the time when you edit a config file the # symbol represent a comment, that line will be ignored. Remove the #. Also make sure there is a semi-colon at the end of the line.
I would actually recommend using nano with sudo rights from the command line like this:

sudo nano /etc/dhcp/dhclient.conf

And, from what I gather from @Dave_Barnes, it should look like this:

umate1604 on QEMU-KVM_006.png737×414 50.9 KB

Then the save and close the file using the keyboard shortcuts Ctrl+x to exit, select 'Y' as yes to save the file, then enter to confirm the file you are saving, then reboot.
Let us know what happens.

Ok, after rebooting twice, it worked! I’m not sure why it didn’t work on the first reboot, but it seems to be ok now. Thanks! I will continue to test it to see if it sticks. For now, I can say that it’s ‘safe.’ Another user saved by the MATE community. Thanks guys!

So… I just logged in right now to test if the settings are still intact (and works), but unfortunately, it’s not working.

I rebooted twice hoping that it will work like last night, but it didn’t. I guess I can try rebooting one more time, but I wonder why it’s not sticking. I checked the configuration and it’s still the same. Any idea why it seems to be getting bypassed? Thanks.

Can you please post a screenshot of the configuration?

Here you go. It worked last night after two reboots, but not tonight.

Screenshot at 2016-08-09 10:26pm.png732×432 53.8 KB

Hmmm… I’m stumped because that looks right according to @Dave_Barnes instructions .
Hopefully, @Dave_Barnes will have some input and can assist.

I hope so too. Thanks for taking a look.

Hey @t3kg33k, I was able to finally configure my personal router with the help of my ISP (like your set up). So far, so good. I will continue to watch it. My new question is, did you have to download the Linux IP Updater? See here:

https://support.opendns.com/entries/23554765

If yes, do I just follow the instructions as is or is it different for Ubuntu Mate?

Thanks!

Good deal.
I have used the IP Updater in the past but do not currently. I just, on occasion, check to see if my WAN IP has changed, which is not too often.
Yes, you can follow those steps for Ubuntu Mate as they still apply.

The DNS server settings are not sticking? Could it be DNSMasq and resolvconf are getting in the way?

Here’s how I deal with DNSMasq and resolvconf. Copy the script to a file, chmod to 755 and then run:

#!/bin/sh
# Housekeeping....
# dnsmasq and resolvconf interfere with named and DNS
if ( grep "#dns=dnsmasq" /etc/NetworkManager/NetworkManager.conf >/dev/null ); then

  echo .

else

# Disable dnsmasq
  echo "Housekeeping required..."
  sudo cp /etc/NetworkManager/NetworkManager.conf /etc/NetworkManager/NetworkManager.conf.org
  cp /etc/NetworkManager/NetworkManager.conf.org /tmp
  echo "- Disabling DNSMASQ..."
  sed -e "s/dns=dnsmasq/#dns=dnsmasq/g" /tmp/NetworkManager.conf.org >/tmp/NetworkManager.conf
  sudo cp /tmp/NetworkManager.conf /etc/NetworkManager/NetworkManager.conf
  rm /tmp/NetworkManager.*

# Remove resolvconf
  echo "- Removing resolvconf..."
  sudo apt-get -y purge resolvconf
  
# Restart NetworkManager
  echo "- Restarting NetworkManager"
  sudo service NetworkManager restart

# Wait for NetworkManager to restart - may take up to 2 minutes
  echo -n "."
  sleep 30
  until ( sudo service NetworkManager status | grep "running" ); do
    echo -n "."
    sleep 30
  done

fi