| Author |
Topic: OpenDNS - good stuff! |
Bill Leff
From:
Santa Cruz, CA, USA
|
Posted 19 Jun 2009 7:07 am |
|
I recently updated my router's settings to connect to OpenDNS instead of my DSL provider (SBC) and highly recommend it to others for the following reasons:
1. OpenDNS is a well-known and respected DNS service (DNS takes the name of the website you put in your browser and resolves it to that website's IP address) that keeps up to the minute information on phishing sites and blocks those sites from your computer. By using OpenDNS you are protecting yourself from going to "bad" sites that may take over your computer without knowing it. You can also set it up to block different types of content (ie porn sites) if you wish.
2. It is actually faster. I am connecting to websites noticeably faster than I was by using SBC's DNS servers.
The setup is extremely easy. All you do is go into your router's setup screen and change the DNS IP addresses from what you had to the ones that OpenDNS provides. A one-time deal and that's it. After you do that, all the computers connected to your router (wireless or not) will be using OpenDNS for their IP lookups.
I think I forgot to mention - it's free! No spam or anything either.
http://www.opendns.com/
I do not work for OpenDNS or have any vested interest in promoting its use other than to help my fellow citizens.
-Bill |
|
|
|
John Cipriano
From:
San Francisco
|
Posted 20 Jun 2009 10:30 pm
|
|
Hi Bill. A lot of people like and use OpenDNS. Just be aware that OpenDNS redirects Google searches.
http://forums.opendns.com/comments.php?DiscussionID=226
I think it's mostly transparent but it can mess up certain browser features and extensions. I believe there's a way to shut it off if you set up an account with them. But frankly DNS is not supposed to be complicated (on the user's end anyway). Your ISP will always provide it, and you can trust them because you're paying for it.
If it feels faster, then it may very well be. But keep these things in mind when testing:
1. DNS also works better when the server is as close to you geographically as possible. Without actually testing I'd guess your ISP is faster, since if they set it up properly it should take less router hops to send the query and get your answer back. But who knows, maybe they're just not as efficient at it.
2. Your computer is caching DNS entries for sites you go to regularly. I believe it's usually 24 hours. The best way to test is to go to a site you've never visited.
3. The really accurate way to test is just to ping the ISP's DNS servers vs. OpenDNS's and see how long each takes. You could do a tracert as well and count the hops as well. Just open a command prompt and do <i>ping address</i> or <i>tracert address</i>
Unfortunately there's no such thing as a free lunch  I'd at least figure out how to disable the google redirection. I forget where but somewhere on their site there's a section with preferences.
There are other free public DNS servers out there as well. At work I have 4.2.2.2 and 4.2.2.3 as a backup to my ISPs. I believe those belong to Verizon. But I hear they're going to be turning them off soon, if not already.
Anyway OpenDNS may actually be better than your ISP, they're better than a lot of people's ISPs. But it's not always a given that they're faster and there are some caveats. No free lunches and all that.
My ISP (Charter) does something stupid with their DNS, which is that when a lookup fails they redirect you to a search page. You can't win...you can set up a caching DNS server at home but I find DNS to be pretty arcane |
|
|
|
Bill Leff
From:
Santa Cruz, CA, USA
|
Posted 21 Jun 2009 8:17 am
|
|
| Great info John. Thanks for providing it. I will look into this. |
|
|
|
Bill Leff
From:
Santa Cruz, CA, USA
|
Posted 21 Jun 2009 8:41 am
|
|
Here's some good info from Wikipedia (which also explains how OpenDNS makes there money, among other things). It offers a solution to the www.google.com redirect:
Privacy issues, conflicts and covert redirection
While the OpenDNS name resolution service is free, people have complained about how the service handles failed requests. If a domain cannot be found, the service redirects you to a search page with search results and advertising provided by Yahoo. A DNS user can switch this off via the OpenDNS Control Panel. This behavior is similar to that of many large ISP's who also redirect failed requests to their own servers containing advertising.
In 2007, David Ulevitch explained that in response to Dell installing "Browser Address Error Redirector" software on their PCs, OpenDNS started resolving requests to Google.com. Some of the traffic is handled by OpenDNS typo-correcting service which corrects mistyped addresses and redirects keyword addresses to OpenDNS's search page; while the rest is transparently passed through to the intended recipient.[12]
Also, a user's search request from the address bar of a browser that is configured to use the Google search engine (with a certain parameter configured) may be covertly redirected to a server owned by OpenDNS without the user's consent (but within the OpenDNS Terms of Service).[13] Users can disable this behavior by logging in to their OpenDNS account and unchecking "OpenDNS proxy" option.[14] Additionally, Mozilla users can fix this problem by installing an extension[15] or by simply changing or removing the navclient sourceid from their keyword search URLs.
This redirection breaks some non-web applications which rely on getting an NXDOMAIN for non-existent domains, such as e-mail spam filtering, or VPN access where the private network's nameservers are consulted only when the public ones fail to resolve.
And here's a link to the Firefox extension to stop redirects:
https://addons.mozilla.org/en-US/firefox/addon/11787 |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 21 Jun 2009 10:55 am
|
|
Thanks for the tip about disabling the OpenDns proxy. It has been driving me crazy since I signed up with the service. As noted, one has to retype the redirected URL, or paste, or click the link again, until the desired page responds, or one always arrives at the OpenDns proxy page.
Once you tame this beast it can be useful as a security measure against man in the middle attacks and stealth redirects from DNS poisoning of vulnerable unsecured routers.
OpenDns really became well known to general users after the Dan Kaminsky DNS hijacking revelations.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
