Received a "wonderful" Arris modem (TG862) from Comcast and/or Xfinity and found that your OpenDNS settings no longer work at all? Read below if you're ready to fix it.
The Arris TG862 is a telephony modem Comcast will send to you if you have internet and digital voice double play or for those who might have purchased this item on their recommendation (trying to avoid renting one). Likely you have already discovered that your family-friendly OpenDNS web filtering no longer works! This configuration requires a few steps to ensure our Comcast friends' connectivity is limited and the DNS resolution can occur.
The best (and only?) solution is to place your own router directly after your ethernet cable reaches the Arris modem. The yellow ethernet cable leaves the main data-out port on the Arris modem and enters the main data-in on the Belkin router. Any wired connections leave the Belkin router (this could be a physical desktop computer, a NAS box or other such wired device) with a secondary ethernet cable.
There is only a single data ethernet cable plugged into the Arris modem, period. Note there is also a single coaxial cable coming into the Arris modem from the wall (it has a copper wire and threaded fitting). The digital voice plug obviously would also be plugged into the Arris modem but NOTHING ELSE! All other wiring should flow through your secondary router!
Arris >>> Belkin wireless router >>> wifi
arris >>> wireless router >>> wired device 1 (PC)
arris >>> wireless router >>> wired device 2 (NAS)
arris >>> wireless router >>> wired device 3 (occasional device)
STEP 1. DISABLE HOTSPOT: Log into your Comcast account and make sure your wifi hotspot is turned off! This is the free hotspot anyone can use for any reason on the back of both your wireless modem hybrid and your wallet. Can we say botnot or torrent node?
STEP 2. SET THE ARRIS MODEM TO BRIDGED: This will disable the wireless router inside your Comcast equipment and kill any remaining hotspot they'd like your kids to use unsupervised.
STEP 3. ENSURE YOUR BELKIN ROUTER DNS IS SET TO AUTO: This allows the OpenDNS server to resolve your IP address.
STEP 4. SET YOUR BELKIN PARENTAL CONTROLS > WEBSITE FILTERS TO NO FILTERS (NULL). Although we're pleased to see this built-in feature right in the router, the results were way too explicit still for minors.
STEP 5. LOG INTO YOUR OPENDNS ACCOUNT.
STEP 6. CHECK YOUR IP ADDRESS AT GOOGLE OR THE MANY ONLINE PROVIDERS.
STEP 7. CONFIRM YOUR LISTED IP MATCHES STEP #6.
STEP 8. SET UP YOUR PREFERRED FILTERS IN OPENDNS AND SAVE THEM.
STEP 9. RESTART YOUR WIRELESS ROUTER (NOT THE ARRIS MODEM!). If you restart the Arris modem equipment from Comcast the previous settings will most likely be lost.
STEP 10. RESTART YOUR BROWSER BY SOFT REBOOTING YOUR PC. OpenDNS tends to cache pages so sometimes if you try to visit the same type of website too soon. Closing the browser is also simply not enough. To be really sure, use CCleaner (for you Windows people) or BleachBit (for Linux users) to absolutely clear the browser caches.
STEP 11. TRY TO VISIT A FILTH WEBSITE. OpenDNS will now appropriately block the garbage on the net and hopefully, keep your kids safer online for awhile longer. Visit https://www.opendns.com/welcome/ to check. OpenDNS will display the image below if it's all good:
STEP 12. CONSIDER THE CONSEQUENCES OF MOBILE DEVICES SUCH AS 3/4G HOTSPOTS, PHONES, LAPTOPS, TABLETS AND NEIGHBORING OPEN WIFI (dumb neighbours and sniffers). OpenDNS can be circumvented by TOR, independent wifi and other networks (like ethernet at libraries, etc).
If you are interested in keeping your network users safe from the underbelly of the net or would like to guarantee a safe-for-work (SFW) network in your business, please contact us!
PS: We'll follow up a bit later on how to use OpenDNS' dynamic IP resolution using ddclient.