
OpenDNS redirects torproject, archlinux and stackexchange to blocking-page - alcoholic_byte
My setup was working fine until I turned it on again and noticed that I was unable to access  torproject.org, bbs.archlinux.org or security.stackexchange.com or a torrent-tracker site I occasionally query always using a VPN.<p>$&gt; resolvectl query torproject.org
torproject.org: 146.112.61.106<p>-- Information acquired via protocol DNS in 56.6ms.
-- Data is authenticated: no<p>Calling this IP will yield a website that loads a JS snippet replacing the URL.
$&gt; curl 146.112.61.106
&lt;html&gt;&lt;head&gt;&lt;script type=&quot;text&#x2F;javascript&quot;&gt;location.replace(&quot;https:&#x2F;&#x2F;block.opendns.com&#x2F;?url=1821231518181915231815181723&amp;ablock&amp;server=ams16&amp;prefs=&amp;tagging=&amp;nref&quot;);&lt;&#x2F;script&gt;&lt;&#x2F;head&gt;&lt;&#x2F;html&gt;<p>IMHO DNS-service-providers, especially 3rd-party ones ought to be impartial.
I know the arguments, but it does not readicate the problem(this may vary depending on what example you are leading with), and TBH I rather not be protected from &quot;the big bad internet&quot; as if I am &quot;Little Red Riding Hood&quot; and the Internet &quot;The Big Bad Wolf&quot;. I am a grown human being with full command over my faculties.
Besides, I wonder what the excuse is for blocking bbs.archlinux.org(did MS or Google or Disney(fearing the &quot;security&quot; for their content on Plus) complain and is it not enough that their DRM prevents watching content on Linux), torproject.org(hmmm too easy constructing s.th.), and of course stackexchange is ground zero for all evil things.<p>I for one find it sad that OpenDNS is doing this under the aegis of Cisco.
One could say that they are following a notice for the tracker, BUT torproject, stackexchange and bbs.archlinux.org?<p>Maybe some people more familiar with this matter can enlighten me.
All the SSL-certificates are only valid for ~7days. Why such a short time?
Also note that the SSL-Certificate is self-signed, by Cisco and since they are  allowed to sign, it is automatically valid.
Only reason this raised flags was certificate-pinning.<p>Happy Holidays folks! :D
======
Phylter
Their categorizations are crowd sourced. Are they classified under something
you've chosen to block?

For example, torproject.org is classified as a proxy/anonymizer. This is
something people that filter networks would want to block because it defeats
the purpose.

Try checking here with the others and see what you can find. It'll tell you
what they're classified as and will give you the option to vote.
[https://domain.opendns.com/](https://domain.opendns.com/)

~~~
alcoholic_byte
Well my point here is, that it worked before and not after I rebooted my
computer, so aside from my DNS-cache there shouldn't have been anything
different going on.

It is a very bad model IMHO. Think Pizzagate, or other events were stupid
people, brainwashed by others go out and do stuff they think is right. e.g.
Clicking on it serves un-appropriate content, oh no s.th. must be done, I am
self-righteous and want to protect the world from SMUT. Where un-appropriate
is subjective.

Also looking here:
[https://domain.opendns.com/torproject.org](https://domain.opendns.com/torproject.org)
Why is pornography bad or even associated with tor? Same with drugs. Oh yes
the big bad wolf in the deep web's clothing.

And yes I have seen the "manage your filter-settings" but using a VPN, looking
at tor, etc. I am one of those people that don't like all their internet-
activity attributed to them with the ease of looking up an account, please
also be required to mine millions of connections and cross-reference meta-data
and my style of writing before you get me.

It just comes as a shock that all of the sudden this does not work any more
and OpenDNS forces the despotic rule of uneducated and feeble(read scared
shitless for no reason) people upon everyone.

I see the reason for the existence of such mechanisms: e.g. I like to take
responsibility for my child's education or I am a Network-Admin who cannot
curate a list of allowed domains on their time. So they turn to a DNS-resolver
that does it for a living. But IMHO that should be opt-in, so create an
account and use restrictive filters. Also there is a DNS-standard in the RFC
RCODE 5, instead of running a MITM they ought to use that.

These days there is also DoH, DNSSec, DNS over mail, etc. So why do it this
way instead of providing means to either access one list(filtered) or the
other(unfiltered) depending on the query/DNS-Server without needing an
account. The defaults are reversed, it is not OpenDNS/Cisco's responsibility
but mine to protect my kids.They may help providing tutorials on how to do it,
but they shouldn't force these low-balled, over-bearing, pretentious
protective attitude on the masses.

Because adults should and want to take take responsibility for their own
actions. If I cannot handle one stuff or the other, I will gladly turn to
OpenDNS's mechanisms to hold my hand and shield me, but until then GTFO of my
way. Same with protecting against maleware-/phishing-sites.

Considering their importance and reach, this(the choosing of a wrong default)
is s.th. that needs to be discussed; and, this discussion is actually going
deeper, because we need to ask ourselves if we want _society_ to be run by
rules meant to minimize law-suites and financial risks for corporations. You
cannot run a society like that, because the ultimate outcome would be adults
being treated as children. A prime example, these days, would be the "Do not
Intervene"-Rule in Canada's retail-shops.

------
duelingjello
dnscrypt appears to be better

\- client: dnscrypt-proxy

\- server: dnscrypt-wrapper

