ISP Reporting Open DNS Resolvers

Similar Messages

• Open DNS follow-up report

  Interestingly, after a very positive experience by adding the open DNS numbers 208.67.222.222 and 208.67.220.220, I found today that every time I tried to open Safari it knocked me offline. So I've now resorted back to the number originally assigned to me.
  What's going on with Safari?

  Jake,
  One Verizon DSL account; one Westell 6100 modem
  Check with Verizon and find out what the max download / upload speeds should be.
  If this is the plan you purchased: http://www22.verizon.com/residential/highspeedinternet/
  *"And we’re constantly looking for ways to make our DSL faster—recently upgrading our Starter plan to 1 Mbps* download and our Turbo plan to 7.1 Mbps."*
  1 Mbps download / 7.1 Mbps is hardly high speed.
  You can check your upload/download speeds here. http://www.speedtest.net/
  To realize faster download and uploads speeds you would need to upgrade your service.
  This is more then just a DNS issue.

• Open DNS vs TWC DNS (Dallas)

  Should I use an open DNS or stay with TWC DNS (Dallas, TX)?
  Are there really benefits to speak of as a second year Computer Engineering student?
  Thanks all.

  This is a comment on OpenDNS and other public domain-name system (DNS) services, such as Google DNS. You should use such a service if it solves a problem for you, and not if it creates problems you don't already have. To summarize:
  1. Using public DNS will probably not make your network faster, and may make it slower.
  2. It will probably not stop your browser from being redirected when you try to connect to a valid web address.
  3. It will not make you safer from malware attacks.
  4. It could cause confidential information to be compromised.
  5. It has other privacy implications that you should take into account.
  A DNS server resolves the human-readable "domain name" of an Internet host, such as www.apple.com, to the numerical address by which that host can be reached. The process is analogous to looking up a phone number by name. There is no chance that changing the DNS server you use will have any effect on a network problem not related to name resolution.
  There are two valid reasons why you might want to use a public DNS service:
  The DNS servers provided by your ISP are misconfigured (perhaps deliberately) or don't perform well.
  You have a use for the filtering controls provided by OpenDNS and others.
  Although some DNS services are touted as responding faster than others, there will be no noticeable difference if your ISP is delivering what you pay for. Most likely, the difference in response time among the DNS servers available to you is on the order of a hundredth of a second or less. But under some conditions, public DNS will significantly slow down network performance. Here is a case in point.
  A content-distribution network (CDN), such as the one used by Apple to deliver software updates and iTunes content, relies on the location of the DNS server to optimize performance. If your query goes to a distant server, you may get slow downloads of Apple content, among other things. From the report of a test carried out by a networking consultant:
  We listed 9 CDNs that would benefit from supporting/using edns-client-subnet, and only two actually support edns-client-subnet: CDN77 and ChinaCache. Others, including Akamai, Internap and CDNetworks, do not currently. This really is too bad, because from the performance data we collected, it is clear these CDNs deliver (much) worse performance currently in many countries to Google DNS and OpenDNS users.   
  Another reason often given for using public DNS is to avoid "redirection," that is, false results from a query for a valid domain name. Ethical ISP's do not intentionally redirect valid DNS queries, though it might happen unintentionally because of a misconfiguration; for example, because the address of a network host has recently changed, or because of a "poisoning" attack on the DNS server. Recently, some low-quality commercial ISP's such as CenturyLink have taken to redirecting DNS queries for search engines such as Google. Do not tolerate this practice. If your ISP is doing it, then you should demand that the redirection be stopped, or else switch to another ISP. Note that many ISP's may, and OpenDNS certainly will, redirect invalid queries to ad sites, in violation of published standards for DNS.
  Some ISP's have been said to re-route all DNS queries to their own name servers, regardless of where the queries were directed. This is another intolerable practice. I don't know of any commercial ISP that is currently doing this, but if yours is, you won't be able to use a public DNS service, even if you change the network settings on your computer or router.
  If your Internet access is provided by an employer or institution, rather than a commercial ISP, then you have to take what is dished out.
  The claims on the OpenDNS website that it blocks malware attacks such as "Flashback" are false advertising. A DNS service does not and cannot block anything. All it can do is to selectively refuse to answer queries. It's trivial for a malware attacker to evade such controls. It's just as easy to evade the parental controls offered by OpenDNS. Nevertheless, you may find those control features useful, despite their limitations. Here is an example of an ASC user who had undesirable results from OpenDNS content filtering.
  There is one exception to the rule that OpenDNS and Google DNS don't improve performance. The "prefetching" performed by modern web browsers, including Safari, may confuse some DNS servers, with the effects described in this Apple Support article. The article suggests testing OpenDNS, Google DNS, or another third-party DNS service as a possible way to overcome the problem.
  If you need to switch DNS providers because of a misconfiguration of your ISP's servers, the change will most likely only need to be temporary. The problem may be resolved automatically within a matter of hours.
  If you intend to use public DNS, such as OpenDNS, on a long-term basis, you should be aware of the privacy implications. As a user of the free service, you are not an OpenDNS customer, and the service provider  — a for-profit corporation — doesn't have a contract with you. The marketers to whom OpenDNS sells access and information are its customers.
  OpenDNS will know, and store, the address of every Internet server you use from now on. This is from its privacy policy:
  When you use our Services, OpenDNS stores certain DNS, IP address and related information about you to improve the quality of our Service, to provide you with Services and for internal business and analysis purposes.
  Concerning personal information, the policy states:
  ...[I]t is disclosed to entities that perform marketing services on our behalf or to other entities with whom we have joint marketing agreements...
  You can't opt out of those disclosures. Read the privacy policy carefully and draw your own conclusions. The privacy policy of Google DNS seems to be somewhat more benign, but again, you should judge for yourself.
  That's not the worst of it, though. The practice of hijacking nonexistent domains followed by most public DNS services could result in leaking confidential information to a hacker:
  For example, consider the "same origin trust model" used for Web cookies. If you're holding a cookie for GOOGLE.COM and you can be fooled into following a link to KJHSDFKJHSKJHMJHER.GOOGLE.COM, and the resulting NXDOMAIN response is remapped into a positive answer to some advertising server, then you're going to send your cookie to that advertising server when you send your HTTP GET request there. Not such a bad thing for a GOOGLE.COM cookie, but a real problem for a BANKOFAMERICA.COM cookie.  
  To emphasize, NXDOMAIN remapping is not something that only happens when you randomly mistype a domain name. It can be exploited deliberately by malicious links placed on any web page. In the case of OpenDNS, the result would be that a cookie intended for another server would be sent to the OpenDNS web server instead. A rogue OpenDNS employee, or anyone who managed to break into the web server, might then be able to impersonate you on another website. If this scenario seems far-fetched, it's the stuff that network exploits are made of.
  See also a brief. somewhat outdated, critique of OpenDNS on a Harvard Law School blog, with a response from the company's founder.

• Having trouble setting up Open DNS with mac.

  When I try to set up Open DNS I get the following error message:
  Safari can’t open the page “http://192.168.1.1/Basic.tri” because the server unexpectedly dropped the connection. This sometimes occurs when the server is busy. Wait for a few minutes, and then try again.
  I have a Linksys router. I can get the router so save the settings using my Microsoft laptop, but I get an "oops" error message from Open DNS saying I am not set up on their site and just sends me back to step one. Does this sound familiar to anyone?

  No, you cannot put the router in front of the modem.
  You might look for any information your ISP gave you for your modem, such as a user guide. Or use the instructions at OpenDNS for a Motorola router, it should be similar. Remove the router and directly connect just one computer to the modem and try to access the modem's built in utility, as you have with your Linksys router. Motorola's default address appears to be "http://192.168.10.1/", the default username is "admin", and the password "password". If you encounter a question about obtaining the DNS service dynamically, check NO, then handset the OpenDNS servers, save and possibly restart the modem.
  If you are successful in configuring the modem, go back to the router and leave the DNS settings blank, as well as on each computer. Then the computers should receive the service dynamically from the modem.
  After all that, hopefully the OpenDNS website detects you using their service and allows you to proceed with setting up your account.
  Dah•veed

• Open DNS? Why do we have to do this, all of a sudden?

  I'm one of the folks who has been experiencing this inexplicable hanging/not loading web pages and slower connection since I upgraded to Snow Leopard and the new Safari.
  I did this DNS thing, which is fine, I understand what it means -
  but I never had to do that before, and so I don't understand why I have to do it now, and why isn't my clever computer doing it automatically?
  My 67 year old mother would never have known this if I didn't come along and fix it! LOL
  So is this something that will be incorporated in a future update so people like my mother don't have to be so savvy, or is this the kind of thing we have to keep doing as new things get added?
  Is this the only thing that is making my Safari hang on some websites that weren't hanging before all the new updates? Is there some other reason? I've done nothing new to my connection, it's the same DSL as before, and my ISP seems to show no problems at all.
  Thank you for your help.

  I wonder myself why Carolyn has the same answer on countless postings of just switching to Open DNS? Actually their not a bad DNS provider. But people are right to question why their current DNS servers that their ISP use are all of a sudden the cause for Safari nor loading pages. If that were the case I would think the ISP provider would be flooded with complaints. Considering the fact also that a Windows computer using IE 8 or Firefox with the same ISP is not affected tells me that its not the DNS servers and that changing to Open DNS would not provide the best solution. As I have also been affected by this issue and have traced it more to Safari and Snow Leopard then any other issue.
  Do I have a solution? No. But suggesting that its a DNS issue is not on target.

• Open dns resolver issues on windows server 2008 R2

  my client is running a windows 2008 r2 server with dns and dhcp roles. it's not a domain controller, just a workgoup server.
  got a notification from my client's isp:
  "These attacks have been facilitated through DNS
  amplification attacks. AT&T has detected these attacks and has confirmed
  that the IP address x.x.x.x allocated to your Internet access account is
  accessible from the Internet as an open DNS resolver. "
  tried disabling recursion, but then there is no access to the internet.
  tried disabling the firewall rule for dns udp, and no access to the internet.
  does anyone have any idea how to correct this? do i need to add a public dns server to my dhcp scope for internet access? if i do, then what good is a dns server and it doesn't resolve internet addresses?
  Gary

  Just to add, I was wondering why you had port 53 opened to your DNS servers. And just to point out, that rule you created is a port translation rule that allows access to your DNS server from the internet, just as if you had created a rule to allow access
  to an internal web server for public use, or for allowing webmail (OWA) access from the internet to your internal mail server.
  What you did, as Keith said, will stop that, but to further point out, the rules are not really needed again, I would just remove the rules completely. For internet access, such as allowing your users to access websites, your DNS to resolve external names
  (whether using Root hints or a Forwarder), just about any firewall will allow that out-of-the-box. In some firewalls, you have to create a rule to the outside untrusted interface to "allow established" meaning when an internal request goes to an outside resource,
  such as a website, to allow the response back in.
  The only time you want to create rules is either you want to allow inbound traffic with a port translation rule (such as what you originally unknowingly did for TCP & UDP 53) to a web server, OWA, SMTP traffic to a mail server, etc.), otherwise,
  leave it out of the box.
  As for what the ISP is concerned about regarding DNS amplification attacks, is that they are a fairly recent method for attackers to create a DOS (denial of service). You can read up at a couple of recent discussions about what all that means in
  the following threads, with ways to stop or mitigate them.
  Best way to reduce or disable DNS amplification for external DNS?,
  Sunday, June 16, 2013 6:08 PM
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/d087a768-2075-49e4-afec-4fd23b50af0a/best-way-to-reduce-or-disable-dns-amplification-for-external-dns
  Protecting Windows DNS Server from being abused for DNS amplification attacks,
  Wednesday, April 10, 2013 8:05 AM
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/fac86dc7-779d-48eb-a113-9c06c2222af9/protecting-windows-dns-server-from-being-abused-for-dns-amplification-attacks
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• How do I close an open DNS Server

  I have received an email from my internet provider stating I have an open DNS Server and my network has been used to attack other networks (DOS) Denial of service. I can't figure out how to secure my network. or close the open DNS server.

  You should at least update your Mac to 10.6.8 although I am not sure there are any particular security issues that would be there.
  Of course running later OS is always better.. as the latest security updates are implemented in the most recent OS.. but I am not sure one follows the other as some weaknesses are introduced as well in later OS. Any security updates should certainly be installed.
  The main point is what modem and what router do you have?
  There are a number of these notices being sent to users with apple routers which are hard to believe can be involved. It is more likely the ISP equipment. But we cannot really help you with exact details of your network .. or any more precise details the ISP has given you.
  Ring up and talk to their technical help dept. and ask for their help. Even if they won't help you fix apple router.. put the modem in router mode or buy a new modem with router mode and change the apple router to bridge.. then the issue is not caused by you and the ISP can remotely adjust their own box.

• A Concern About Open DNS

  It is bad for download performance not to use your ISPs local DNS servers.
  When you use foreign DNS servers, many websites will mis-identify your location, and send you to farther away places to download the website, rather than the local, faster location.
  For example, your Software Updates from Apple, which go through Akamai, who will send you to a slower, more distant server for the download.
  In addition, as the switch to IPv6 begins, sites such as Google/YouTube will not enable you for IPv6 because you aren't using your ISPs DNS server, which they use to decide whether to give you an IPv6 website address, or just the IPv4 address.

  Adding DNS codes to your Network Preferences, should give good results in terms of speed-up as well as added security:
  If you are using a single computer: Open System Preferences/Network. Double click on your connection type, or select it in the drop-down menu, and in the box marked 'DNS Servers' add the following two numbers:
  208.67.222.222
  208.67.220.220
  (You can also enter them if you click on Advanced and then DNS)
  Sometimes reversing the order of the DNS numbers can be beneficial in cases where there is a long delay before web pages start to load, and then suddenly load at normal speed:
  http://support.apple.com/kb/TS2296
  If your computer is part of a network: please refer to this page: http://www.opendns.com/start/bestpractices/#yournetwork and follow the advice given.
  (An explanation of why using Open DNS is both safe and a good idea can be read here: http://www.labnol.org/internet/tools/opendsn-what-is-opendns-why-required-2/2587 /
  Open DNS also provides an anti-phishing feature: http://www.opendns.com/solutions/homenetwork/anti-phishing/ )
  Wikipedia also has an interesting article about Open DNS:
  http://en.wikipedia.org/wiki/OpenDNS
  Whilst in System Preferences/Network you should also turn off 'IPv6' in your preference pane, as otherwise you may not get the full speed benefit (the DNS resolver will default to making SRV queries). If you want to know what IPv6 is:
  This is Apple's guidance on iPv6:
  http://docs.info.apple.com/article.html?path=Mac/10.5/en/8708.html
  Click on Apply Now and close the window.
  Restart Safari, and repair permissions.

• Disable an open dns

  I currently have a Netware 6.5 sp8 dns server and an OES11 DNS server. As I am migrating way from Netware (tough to do because it simply works!) I have moved all of my dhcp and dns over to the OES11 box with the Netware box as a backup. I need to shut down this open dns for obvious reasons. But when I turn recursion to off, my workstations loose dns.
  I would like to set my network up to use the OES11 box as a primary dns and the Netware box to secondary. I have a few questions.
  Disable recursion
  what settings do I configure the SLES network card dns to? Do I point them to my isp DNS or does sles need to be pointed to itself?
  when I set recursion to "no" how do I allow my workstations, on multiple vlans use the server for DNS?
  Does there need to be a forwarder?
  Suggestions

  Originally Posted by dholland
  I currently have a Netware 6.5 sp8 dns server and an OES11 DNS server. As I am migrating way from Netware (tough to do because it simply works!) I have moved all of my dhcp and dns over to the OES11 box with the Netware box as a backup. I need to shut down this open dns for obvious reasons. But when I turn recursion to off, my workstations loose dns.
  I would like to set my network up to use the OES11 box as a primary dns and the Netware box to secondary. I have a few questions.
  Disable recursion
  what settings do I configure the SLES network card dns to? Do I point them to my isp DNS or does sles need to be pointed to itself?
  when I set recursion to "no" how do I allow my workstations, on multiple vlans use the server for DNS?
  Does there need to be a forwarder?
  Suggestions
  Disabling recursion on OES is a matter of editing the /etc/named.conf. It isn't done on the network card. See the man page for the specifics.
  Where you point to is a matter of what you want to resolve. I ALWAYS point to my ISP, but if my server is handling specific zones, I also point to it.
  If you are disabling all recursion, then you disable forwarding. They will need to be able to query someone. I would add the my ISP's dns servers.
  You can allow recursion from some clients/subnets if you wish, you don't have to disable it for every one.

• Is Open DNS a good choice

  We are having problems with  very slow download speeds from our server company, and they blame it on Airport. A couple of people online have suggested using Open DNS as an alternative. Does anyone have advice pro or con on this?
  Thanks

  Mike,
  I started using Open Dns in February of this year.  I love it.  The reason why I changed was because my isp was jerking around with installing their own search engine. (to grab extra income from search referals)  I was getting a lot of redirects, especially when I was going to one of my primary financial sights. Since going to Open Dns, all of these redirects ceased to exist.  I also use it for my 10 year old Dell PC which I use as a back up, and believe it or not, it is noticeably faster with the Open Dns. I elected to install it in each of my computers, even though you can actually install it in yor router, if you have one.
  I like their security feature, and have mine set on medium.  The medium setting blocks adware, *****, and even the swinsuit advertisements for Sports Illustrated.  I do find that their logging capability for blocked sites to be a nice feature also, especially if you have kids using your computers. I would say that it is the best thing I've ever gotten for free.  But you are doing the right thing by investigating it before making any decisions about its use. Of course, if you don't like it, you can always go back to using what you have now.
  Carolyn Samit, who posts on this board, is the person who clued me in about O Dns. 

• How do I set up a second home network that bypasses Open DNS?

  I have been having trouble downloading and streaming itunes content because I use Open DNS on my network.
  There have been many posts about disabling Open DNS to solve the problem but if I do that, my internet filter goes away.
  I would rather set up a second network that bypasses Open DNS and use it only for my Apple TV.
  Is this possible and if so, how do I do it?
  I have airport extreme base station with a second airport to extend the range, mac desktop, mac laptop, ATV, several iphones and ipads.
  I'm running OS X 10.7.5.
  Thanks in advance!

  Are you suggesting that I go into my Airport router settings and just blank out the DNS settings and then reboot it?
  Yes, exactly. You can always input those addresses again, if it does not solve the problem.
  OpenDNS may offer some advantages over your whatever your ISP uses for DNS but optimizing download speed is not one of them.
  Maybe I have jumped to the conclusion that Open DNS is the problem when maybe it isn't.
  It is possible. As I understand it, Apple's servers attempt to use a location near you to deliver iTunes content, and OpenDNS may result in pointing it to a less ideal location.
  3 hours may or may not be normal for HD movie. The download speed depends on a number of factors that are difficult to surmise without knowing details about your network and your ISP.

• Open DNS

  My very much up-to-date Safari has been exceptionally neurotic. The day begins at lightning speed, then slows down, then, from time to time, Safari simply knocks out my internet connection.
  I've seen others here suggesting one could add 208.67.222.222 and 208.67.220.220 in their DNS menu. I haven't done it yet, simply when I click "+" to do so, my current numbers disappear. I was hoping the two series of numbers above could be added rather than substituted, so that if there was a problem with the two suggested numbers, I could revert back to the old ones, provided by, I assume, my internet provider Verizon.
  Any thoughts on the above?

  How did you add them?
  If you are using a single computer: Open System Preferences/Network. Double click on your connection type, or select it in the drop-down menu, and in the box marked 'DNS Servers' add the following two numbers:
  208.67.222.222
  208.67.220.220
  (You can also enter them if you click on Advanced and then DNS)
  Sometimes reversing the order of the DNS numbers can be beneficial in cases where there is a long delay before web pages start to load, and then suddenly load at normal speed:
  http://support.apple.com/kb/TS2296
  If your computer is part of a network: please refer to this page: http://www.opendns.com/start/bestpractices/#yournetwork and follow the advice given.
  (An explanation of why using Open DNS is both safe and a good idea can be read here: http://www.labnol.org/internet/tools/opendsn-what-is-opendns-why-required-2/2587 /
  Open DNS also provides an anti-phishing feature: http://www.opendns.com/solutions/homenetwork/anti-phishing/ )
  Wikipedia also has an interesting article about Open DNS:
  http://en.wikipedia.org/wiki/OpenDNS

• Open DNS and internet sharing

  I am seeing strange behavior, and wondering if anyone has a thought about what is going on.
  I am at a hotel with fast internet service over ethernet, but, for whatever reason, DNS seems very slow if I use DHCP to connect (timeouts of 5-10 secs to get to a new site). If I switch to DHCP with fixed DNS, and use the Open DNS servers (208.67.222.222, 208.67.220.220) the latency issues go away.
  The interesting thing is that I am sharing the internet connection over Airport to my wife's computer (she connecting thru DHCP). If I use a fixed DNS for MY computer, then her computer cannot connect thru internet sharing. But if I use the (slow) DHCP connection, then she can connect through mine. I have not tried setting up her computer with a fixed DNS, as she really doesn't like me to change settings on her computer
  Is this a known limitation of internet sharing, or is there something I should know?
  TIA

  In more detail, if my ethernet (the computer that is doing the sharing), is set up with Configure: Using DHCP, and DNS Server: 208.67.222.222, 208.67.220.220 (in Network Panel for Ethernet), then the computer connecting thru Internet Sharing in Sharing Panel is not able to access some or all resources thru http (ie, pages fail to load, or do not fully load).
  However, if I clear the DNS Server part in the Network Panel, thereby using the the DNS Servers supplied by the hotel, then my computer's connection to the internet is slower, with long waits (presumably due to a slow DNS server), but computers accessing the internet via Airport thru my shared connection are able to browse the internet successfully.
  I suspect that when I have a fixed DNS server in my computer, that fact is not broadcast to computers using the shared connection. But I am not an expert in TCP/IP, and may well be confused about how DHCP, DNS, and Apple's Internet Sharing work together.
  Thanks for any ideas you have
  A

• Open DNS & Airport Question

  I have a wireless network (Airport Extreme and Airport Express for range in the back of my house). Have 4 Macs on the network. All have Open DNS set in System Prefs>Network>Airport>Advanced>DNS.
  Should I set one or both of the Airports to Open DNS also? If so, how? I looked at Airport Utility and see no ready way to do it.
  If I should add OPen DNS to Airport, can someone tell me how in an easy to follow fashion?
  Thanks in advance!

  No, sorry.
  All my machines are individually set for Open DNS: System Prefs>Network>Airport>Advanced>DNS: 208.67.222.222; 208.67.220.220.
  The machines have been set this way for a long time.
  My Q: Can/Should I set my Airports (Express and Extreme) somehow for Open DNS?
  My general configuration is:Cable>Modem>Airport>4 Macs.
  The hardware configuration is Cable into Router (Cox), Ethernet into Extreme, broadcast to Express 5 rooms away (to serve 2 of the 4 Macs); Ch 1 all.
  Perfect connection - so don't want to mess with that.
  Just want to know (if I can to speed up download time) --
  Would (if possible) setting the Airport settings to Open DNS help my speed? If so, how in the world would one do that - - > set the actual base station to have Open DNS settings?
  Make sense? Hope so!
  Thanks!
  Message was edited by: pcbjr

• Help setting up Open DNS with new airport extreme

  I cant seem to get Open DNS to work with a new airport extreme. The status says I am not using Open DNS and its not filtering anything. I have followed the exact steps for set up listed on their website, checked the dns settings, cleared both caches and restarted the computer, modem and router with no success. I set the airport up in bridged mode, although I tried the other option under setup, but not sure what I was doing? I picked up this router because I wanted easy set up and the apple store assured me it would work with Open DNS. Oh, and I also downloaded the latest firmware update on the router. Can anyone help me with the settings or what else I need to check?

  Sorry, I am not familiar with this product, so I checked online to pick up some information.  Here I am referring to the information found here:
  http://www.dslreports.com/faq/6096
  I found that your device is mentioned as follows in the intro under Section 1 of this document:
  The BellSouth supplied Westell 2100, 2200 and 6100 models (Models A90-210030-04, B90-220030-04, and B90-610030-06/C90-610030-06, respectively) share many features and functions.
  Next, I am referring to the information under Section 2, under the heading of Standard Default Mode Connection (separate hub or switch present).  Unless you have changed the configuration on the Westell, this is how your device is operating. In this mode, the Westell device is acting both as a modem and router in one unit.
  So, an attached router (AirPort Extreme) must be configured as a switch to work correctly. That is what Bridge Mode is....the AirPort Extreme is operating as a switch when it is in Bridge Mode (which would be the correct setting to use when the Westell is set to its Standard Default Mode).
  Any changes that you want to make regarding DNS settings would need to be made on the Westell device, since it is acting as the main router on your network.
  In Bridge Mode, the AirPort Extreme simply passes that information through to its connected devices. You will not be able to make any DNS related changes on the AirPort Extreme since it receives that info from the Westel device. Some service providers force you to use their DNS servers, so you might want to check with Bell South or AT&T for more information in this regard.
  If you want to be able to configure the AirPort Extreme as the main router on your network, and instruct it to use the DNS information that you want, you will need to refer to the section under the heading of Bridged Ethernet Mode ( separate router present).
  Please note that the first item under this heading specifies that "This is the preferred configuration when using a separate external router..." (which would be the AirPort Extreme in your case)
  So, it appears to me that this would be the way that you must reconfigure the Westell device to allow the AirPort Extreme to function as the "main" router on your network. In this type of setup, you will be able to enter the DNS information that you want to use under the setup for the AirPort Extreme and it will act as you instruct.
  The AirPort Extreme would not be configured in Bridge Mode for this....it would be configured to "Share a public IP address".
  The next item in the article specifies that you "Must use a PPPoE client on the Router." This means that the AirPort Extreme would be configured to Connect Using = PPPoE as follows:
  AirPort Utility - Manual Setup
  Click the Internet icon
  Click the Internet Connection tab
  Connect Using = PPPoE
  You would enter your user name (probably your email address), password, etc in this area. Leave the Service Area box completely blank. Set Connection to Always On, and Disconnect if Idle to Never
  Click Update to save the new settings. Power off the Westell device after this and then restart it so that it will pick up the new information that you have programmed into the AirPort Extreme.
  I want to stress that this is how I would try to configure the Westell and AirPort Extreme. But, as I said, have not used a Westell device, so I cannot say that this will work correctly for you.
  It might be an excellent idea to contact Bell South or AT&T Support to ask for their opinion on this before you decide to change the configuration of the Westel device and the AirPort Extreme.
  This type of thing can be intimidating for users, so you might elect to use the services of someone like the Geek Squad at Best Buy, or a similar service from a local computer firm. Perhaps the Apple store could help as well.
  If it is not critical that you use Open DNS, you might want to simply leave things "as is", with the AirPort Extreme in Bridge Mode.