Using OpenDNS for site filtering

I'd like to start using OpenDNS so I can use its category-based site filtering. I can get this working on my local machine, but I'd like to have it working on the router so all the devices connecting to it use the same DNS.

I've installed the dynamic DNS package so I've got the Dynamic DNS option showing up in LuCI, but I'm not sure what settings to put in here. I've got OpenDNS and DNS-O-Matic accounts. (I understand that this bit is necessary to inform OpenDNS of the IP address my ISP assigns to me.) I also need to change the DNS servers that the router uses, and I'm not sure where to do that either (bit of a n00b here!)

Anyone have any experience with a similar setup?

(I'd much prefer to do this via LuCI if possible)

To be honest, I thought this is all you needed to do anyway:

In /etc/config/network - add under: config interface 'wan'

	option peerdns '0'                        
	option dns '<your_DNS_Server1>,<your_DNS_Server2>'

Did you install luci-app-ddns so you can configure it easily form the web GUI?

Your DDNS provider should have given you your credentials.

• You may also wish to install ddns-scripts, they might give you some tips on how to setup, or may have a script for your provider.

Hi - yes, I installed luci-app-ddns. I'll install ddns-scripts, see if that helps. Do you know where to change the DNS servers in LuCI (as opposed to the config file)?

Two ways, one in wan interface & one in dhcp and dns menu.

Thanks @leeandy, I managed to set them in the WAN interface.

Hi Dave did you get this going? I've been using OpenDNS for some years with my old router, but am trying to get it running with OpenWRT.

I have the DNS servers set up pointing to OpenDNS, I'm just trying to get the dynamic DNS updates running. At the moment I THINK ddclient is running on my laptop, (it has been for years), but occasionally I can go days between using my laptop and OpenDNS requires constant updates whenever your gateway IP address changes, so I'm hoping to get the "Dynamic DNS Client" (aka luci-app-ddns) to do the daily network IP address updates, I just cannot get my head around what the luci-app-ddns set up asks for compared to what OpenDNS needs.

The linux ddclient config for OpenDNS is:

OpenDNS.com account-configuration

protocol=dyndns2
use=web, web=myip.dnsomatic.com
ssl=yes
server=updates.opendns.com
login=opendns_username
password=‘opendns_password’
opendns_network_label

I just don't know how to set that up for luci-app-ddns .

Hi @WayneSb - no I didn't I'm afraid, I only managed to set the IP addresses for DNS in the WAN interface in Luci. It works until my ISP changes the IP address (which doesn't happen very often but I notice when it does). For now it works, and I haven't really got time to investigate it further (although it would be nice if it did work on its own) Sorry I couldn't be more help!

How about an easier solution

1. Install curl (System -> Software);

2. Then set a task like this bellow (System -> Scheduled Tasks):

0 * * * * curl -v -u username:password https://updates.opendns.com/nic/update?hostname=network

P.S.: Username, password and network are your OpenDNS data.

And be happy!

So what is supposed to go in place of "0 * * * *"?

Copy the whole line with the 0 * * * *.
The 0 * * * * is the time schedule of the task. For more info look for crontab.

Ok, thanks. So the asterisks are to be used as-is, since they are wildcards?

They are not wildcards, but part of the crontab syntax - see https://linux.die.net/man/5/crontab for reference (warning, the referenced man page is for vixie cron, while OpenWrt uses a trimmed down busybox cron, while the syntax is the same, advanced features might not map exactly).

Here is an example of using OpenDNS with DDNS. If you are using OpenDNS, then you already have an account at dnsomatic.com (the same username/password). Then you get a domain at a free DNS service like duckdns.org and configure dnsomatic with two services: OpenDNS & DuckDNS. DDNS updates dnsomatic and dnsomatic updates OpenDNS & DuckDNS. Then DDNS is using the domain at DuckDNS to check if the update actually happened (this is a workaround of sorts, because DDNS does require a way to validate the change and OpenDNS does not provide one). The assumption here is that if DuckDNS is updated, then OpenDNS must be as well.

cat /etc/config/ddns 

config ddns 'global'
	option ddns_logdir '/var/log/ddns'
	option ddns_dateformat '%F %R'
	option ddns_loglines '250'
	option upd_privateip '0'

config service 'dnsomatic'
	option service_name 'dnsomatic.com'
	option domain 'all.dnsomatic.com'
	option username ‘YOUR-EMAIL'
	option password ‘YOUR-PASSWORD’
	option use_https '1'
	option ip_source 'interface'
	option interface 'wan'
	option ip_interface 'YOU-WAN-INTERFACE'
	option enabled '1'
	option use_syslog '1'
	option lookup_host ‘YOUR-LOOKUP-HOST.duckdns.org'

UPDATE: This is how to set up OpenDNS IPs in /etc/config/network. It has been working for me for years.

config interface 'wan'
        ...............
        option peerdns '0'
        option dns '208.67.222.222 208.67.220.220'

Or in LuCI: Network / Interfaces / WAN / Advanced Settings:

• Uncheck Use DNS servers advertised by peer
• Add OpenDNS IPs to Use custom DNS servers

Thank you for the detailed answer @fantom-x - I'll give that a try!

Hello Daveh,

Seeing your post 2 years after the facts ;-).
I've been setting up luci-app-ddns today to update my external IP address on OpenDNS.
Got it working using settings as on screenshots below. Hope it can be of any use to someone...

Basic settings:

opendns-luci-ddns-1612×720 24.7 KB

And advanced settings (sorry, could not share multiple screenshots at once, new member).

Since my OpenWRT router is behind another router, I the default option (WAN) was not working (was returning an internal IP address, which is useless for OpenDNS.
Therefore, obtaining external IP address by means of a URL.
http://checkip.dyndns.com will always return your external ip...

opendns-luci-ddns-2788×240 8.44 KB

Hi @pajotsetrapper, that's great, thanks!