Contest.ps1 is a small PowerShell script which can be used to ensure that the network connectivity requirements for the OpenDNS_Connector service and the Virtual Appliance (VA) have been fully met before installation.
This ensures a smooth initial roll-out, or in a post-rollout scenario, helps to troubleshoot connectivity. Unfortunately, nothing in a network ever stays the same for long with IT systems and updates to IPS/IDS patterns or proxy rules can be frustrating—that's where this script comes in!
What does it test?
For the connector service requirements, the following connectivity tests are conducted:
- 443 TCP to api.opendns.com to register and sync, also upload AD group data
- 80 TCP/UDP to crl.comodoca.com and ocsp.comodoca.com (required by MS during install)
- 443 TCP/UDP to (220.127.116.11/24,18.104.22.168, crl3.digicert.com, crl4.digicert.com)
- 80 TCP to (22.214.171.124/24, 126.96.36.199, crl3.digicert.com, crl4.digicert.com)
For the VA connectivity requirements, the following connectivity tests are conducted:
- 53 TCP/UDP to 188.8.131.52, 184.108.40.206, 220.127.116.11 and 18.104.22.168
- 443 TCP to 22.214.171.124, ocsp.digicert.com, crl.digicert.com
- 443 TCP to 126.96.36.199/24
- 80 TCP to 188.8.131.52/24
- 2222 TCP to 184.108.40.206/24
- 443 TCP to disthost.umbrella.com
- 123 UDP to 220.127.116.11 and 18.104.22.168 (for Canonical's NTP servers)
How do I run it?
The script is very straightforward:
- Download the zip file at the bottom of this article and extract it to a folder of your choice. The zip file contains the powershell script, but also other files borrowed from Ncat (Created by Nmap) that allow for proper port connectivity testing as opposed to a superficial 'is it open' test.
- Start a PowerShell as administrator (open an elevated PowerShell prompt and in the taskbar search type powershell, then right-click it and select Run as Administrator.)
- Navigate to the folder the zip was extracted to.
- Execute the script by typing .\contest.ps1 and follow the on-screen prompts.
It will ask which tests you want to run. You can run VA requirement tests only, Connector service tests only, or both tests at the same time. Just enter Y or N accordingly.
What does the output look like?
The script also creates a text file in C:\%hostname%.txt which, in addition to the same output as above, also contains some more detailed host information such as Network config, ethernet port number, MAC address which could provide useful information when testing many hosts.