Topic 'Is it safe to use an open DNS rather than your ISP's DNS?' in forum 'Security' - dslreports.com

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Thu, 20 Dec 2007 21:19:18 EDT

Just Bob posted :

said by Mele20:

That is a weak, vague statement and out of touch also. The FTC evidently believes users don't block ads or cookies. I haven't seen an ad in about seven and one-half years and I never accept cookies except permanent ones needed for login a handful of sites.

Your practices and mine would not be the same as the vast majority of users.

As for " weak" and "vague", hey, I'm an old man and old men are weak and vague. Ask any 18 year old. ;)

Edit - I just realized you were referring to the FTC's statement. Therefore I rescind my comments on being old, weak, and vague. :)

--
I do hereby call for more authoritative links and fewer opinions.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Thu, 20 Dec 2007 21:14:13 EDT

Mele20 posted : That is a weak, vague statement and out of touch also. The FTC evidently believes users don't block ads or cookies. I haven't seen an ad in about seven and one-half years and I never accept cookies except permanent ones needed for login a handful of sites.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Thu, 20 Dec 2007 20:11:10 EDT

Just Bob posted :

said by Derspankster:

Get that tin foil hat on - NOW!

It will always be the case that some are more concerned, or sooner concerned, than others and the naysayers will resort to personal attacks. You may or may not consider it worthy of note that now even the FTC has proposed online behavioral ad guidelines.

»www.informationweek.com/news/sho···05101468
"The FTC wants input on the proposed guidelines. Specifically, the FTC wants to define "sensitive data" and whether its use should be prohibited. The commission's staff also is seeking information about possible secondary uses of information that is initially collected for behavioral advertising -- and whether the secondary uses call for more protection."

This was released today:
»www.ftc.gov/opa/2007/12/principles.shtm

It's unfortunate that the FTC is calling for self-regulation. I think we've already seen how well that works. It's also ironic given that the FTC failed to consider privacy concerns in their approval of the Google/DoubleClick merger.
»www.computerworld.com/action/art···c=kc_top
--
I do hereby call for more authoritative links and fewer opinions.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 21:28:13 EDT

Michail posted : Safe, yes. For everyone, no.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 19:12:45 EDT

NetFixer posted : As a professional paranoid network admin, I prefer using a gold foil hat (and underwear). ;)

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 19:06:34 EDT

Derspankster posted : Get that tin foil hat on - NOW!

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 19:04:46 EDT

Just Bob posted :

said by Just Bob:

As I see it OpenDNS = Overture = Yahoo!

If there are concerns about the Google/DoubleClick merger, why would there not be even greater concerns with OpenDNS as there is the potential for an even greater aggregation of information?

Thanks for the links OZO.

I know it's bad form to reply to oneself, but this just in:
»www.news.com/8301-10784_3-983528···=newsmap

"What Google is claiming, and I'm concerned some commissioners may embrace, is the notion that there are not specific privacy concerns intrinsic to the Google-DoubleClick merger, which frankly is absurd on the face of it, when you're merging the two number ones in search and advertising with vast data for targeting all across the globe," said Jeff Chester, CDD's executive director.
---
If there's a concern in the merging of search and advertising data, why would there not be a concern with the merging of search, advertising, and DNS queries?
--
I do hereby call for more authoritative links and fewer opinions.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 15:14:51 EDT

Just Bob posted :

said by Nightfall:

[...]
If you use some unknown, then these risks apply to you. I know I wouldn't trust my DNS to be hosted by someone or some company I didn't know. It would have to be a trusted solution. My ISP is trusted. OpenDNS is trusted. There are a lot of DNS services out there that are trusted and well reviewed. The OP is asking about a trusted company that is well reviewed.

Now, if he was talking about some DNS servers that none of us have used before, I am sure people here would be cautious to say the least.

If you follow the line of replies all the way back to page one, this sub-thread was in reply to CylonRed who seemed to be addressing the safety of all open DNS servers as you have as well.

said by Nightfall:

As for my statement about Malware which was not addressed before we went down this path, I am sure that you and both agree on that.

I guess that could be a chicken/egg thing, but not necessarily. Malware can result in a DNS hijack. However, there's always the danger of malicious sites that use scripts and default passwords to change the DNS settings on routers.

»www.cbc.ca/technology/story/2007···216.html
--
I do hereby call for more authoritative links and fewer opinions.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 13:07:30 EDT

Just Bob posted :

said by schaps:

Is there a particular reason you tested OpenDNS' fourth nameserver instead of the first or second?
OpenDNS nameserver IP addresses are:
208.67.220.220
208.67.222.222
If a third or fourth nameserver IP address is needed:
208.67.220.222
208.67.222.220

We aim to please:

208. 67.220.220 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
Cached Name | 0.041 | 0.043 | 0.045 | 0.001 | 100.0 |

208. 67.222.220 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
Cached Name | 0.042 | 0.044 | 0.048 | 0.002 | 100.0 |

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 12:25:12 EDT

Nightfall posted :

said by Just Bob:

said by Nightfall:

said by Just Bob:

The existence of a second threat doesn't negate the first threat.

Thats a pretty bad excuse. If your system is comprimised by malware or a virus to corrupt your local DNS records, how is that the fault of the DNS host? You could have 3rd party DNS or your ISP DNS, and the result would be the same if you were infected.

Truth be told, there is no danger on using 3rd party or your own DNS servers. I like openDNS a lot, but at the same time, I use ISP supplied DNS without hesitation as well. :)

It isn't a matter of my opinion versus your opinion. It's the result of a study by researchers at Georgia Tech and Google.

Since you missed the link the first time, here it is again:
»arstechnica.com/news.ars/post/20···ers.html
If you did follow the link, but missed the pertinent information:

"According to a recent report by PCWorld, research teams working out of Google and the Georgia Institute of Technology have discovered a series of open-recursive DNS servers that were classified as behaving "suspiciously." Open-recursive DNS servers are DNS servers that will answer any lookup request, no matter where it originates. So long as the DNS servers return accurate information—and the vast, vast, majority do—everything is kosher. When open DNS servers don't return valid information, however, they open the door to an entire world of problems."

If you read that paragraph, but didn't follow the link to the PCWorld article:
»www.pcworld.com/article/id,14046···cle.html

The Georgia Tech and Google researchers estimate that as many as 0.4 percent, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. They also estimate that another two percent of them provide questionable results. Collectively, these servers are beginning to form a "second secret authority" for DNS that is undermining the trustworthiness of the Internet, the researchers warned.

I read the first article but not the second. My impression of that snipit is to use a known good DNS system. If you use some unknown, then these risks apply to you. I know I wouldn't trust my DNS to be hosted by someone or some company I didn't know. It would have to be a trusted solution. My ISP is trusted. OpenDNS is trusted. There are a lot of DNS services out there that are trusted and well reviewed. The OP is asking about a trusted company that is well reviewed.

Now, if he was talking about some DNS servers that none of us have used before, I am sure people here would be cautious to say the least.

As for my statement about Malware which was not addressed before we went down this path, I am sure that you and both agree on that.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 12:13:55 EDT

Derspankster posted : "Collectively, these servers are beginning to form a "second secret authority" for DNS that is undermining the trustworthiness of the Internet, the researchers warned."

When did the internet become trustworthy?
--
I thought I made a mistake once but I was wrong

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 12:09:49 EDT

Just Bob posted :

said by Nightfall:

said by Just Bob:

The existence of a second threat doesn't negate the first threat.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 11:52:35 EDT

kontos posted :

said by NormanS
GTE is a former ILEC which, along with Bell Atlantic and NYNEX, was merged into a single company..."Verizon".

One of the conditions of that merger was that the ISP business of GTE was spun off to become an independent company, Genuity) See: »en.wikipedia.org/wiki/GTE . For several years after the merger, Verizon bought Internet service from Genuity and used that for DSL customers in former GTE areas. Verizon needed to do this because at the time of the merger they didn't have a nation-wide backbone in place in order to connect the GTE DSL customers. Level3 ended up buying Genuity out of bankruptcy. Long story short, those servers were never operated by Verizon.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 11:34:51 EDT

Just Bob posted :

said by schaps:

said by Just Bob:

127.0.0.1 Treewalk - I have just manually updated root hints. It will get better as the cache builds.
65.32.5.74 RoadRunner
208. 67.222.220 OpenDNS
... etc.

Is there a particular reason you tested OpenDNS' fourth nameserver instead of the first or second?
OpenDNS nameserver IP addresses are:
208.67.220.220
208.67.222.222
If a third or fourth nameserver IP address is needed:
208.67.220.222
208.67.222.220

None whatsoever.

I would invite you to run the test yourself so you can see the results from your location.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 11:22:08 EDT

NormanS posted : No doubt that they are hosted by Level 3; but the 'gtei.net' domain, in particular, shows an interesting ownership:

Registrant:  Verizon Trademark Services LLC (DOM-384172) 1320 North Court House Road Arlington VA 22201 US     Domain Name: gtei.net

GTE is a former ILEC which, along with Bell Atlantic and NYNEX, was merged into a single company..."Verizon".

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 11:21:58 EDT

kontos posted :

said by swhx7:

OpenDNS won't make much difference privacy-wise. They're presumably collecting request patterns and building a profile of what each user looks at - but unless you register, it's all by IP address. To match it up with who you are it would be necessary to ask the ISP who had that IP during those times. If your ISP will give this to Opendns, then the ISP is already selling it to whoever will pay and you're no worse off.

OpenDNS could potentially collaborate with 'website x' to identify you by correlating the sequence of events: "'user y' logged into 'website x' from 'IP address z' 8 seconds after 'IP address z' queried OpenDNS for the address of 'website x.'"

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 11:05:04 EDT

kontos posted :

said by NormanS:

If your ISP won't provide you with barebones DNS service, though, you may be SOL. Even Verizon is moving to the DNS ad model; who knows how long before their 4.2.2.x servers are touched by redirects?

The 4.2.2.x servers belong to Level3 (formerly Genuity...formerly GTE...formerly BBN Planet...which was part of BBN Technologies..which was Bolt Beranek and Newman changed it's name to).

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 11:02:47 EDT

TheWiseGuy posted : Market forces would tend to force opendns to monitor the performance of their DNS servers better than an ISP, since that is their business and if performance suffers they would lose more users than an ISP would lose.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 10:53:42 EDT

kontos posted :

said by Rexter:

They monitor their servers constantly, and and continuously perform maintenance on them. While it's not totally fool proof, I feel much safer not using my Comcast DNS servers.

er, that's at least what the OpenDNS website says. Of course my ISP's website says that their service is reliable as well...who to believe?

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 09:17:28 EDT

Nightfall posted :

said by Just Bob:

The existence of a second threat doesn't negate the first threat.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 04:53:12 EDT

schaps posted :

said by nwrickert:

I might well know the IP address. But I don't normally SSH to an IP address. I use the hostname, and rely on correct DNS resolution.

And if you're a sysadmin, and you don't know how to bypass the opendns servers you set up, you shouldn't be a sysadmin.

I'm the network manager at a high school. I set up a free account with OpenDNS and use it to block bad sites, many ads, and bandwidth-sucking sites, as well as produce reports on which sites are the most used. Non-admins cannot change their workstation or laptop's DNS servers, but I can in literally two seconds on my MacBook Pro - I just defined a location that that has custom DNS servers (Verizon's) and can switch the location in my Apple menu in literally two seconds (could also set up a key combo, but no real need). The custom blocking options and categories in OpenDNS are quite flexible, but you need a free account to set that up. You also obviously need a service like dyndns if you don't have a static IP. It helps us make the most of our T1s in an ever-increasingly streaming world.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 04:33:34 EDT

schaps posted :

said by the tech guy :

You haven't noticed any problems in the last year because Open DNS is pointless. I know VERY few people who have problem resolving with their ISP DNS.

Is that a common topic of conversation with all the people you know? In any case, most people would not know their DNS is slow or not resolving. They just know the the "Googles don't work."

You apparently don't know anyone who had Comcast a year or so ago when they had several major DNS outages over the period of months. Those of us who knew how to change dns servers were lucky.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Tue, 18 Dec 2007 04:25:35 EDT

schaps posted :

said by Just Bob:

127.0.0.1 Treewalk - I have just manually updated root hints. It will get better as the cache builds.
65.32.5.74 RoadRunner
208. 67.222.220 OpenDNS
... etc.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Mon, 17 Dec 2007 23:45:29 EDT

anon posted : You haven't noticed any problems in the last year because Open DNS is pointless. I know VERY few people who have problem resolving with their ISP DNS. Using Open DNS to resolve hostnames for you is the equivalent of using software that deletes temporary internet files for you...its just something extra that is only theoretically better than the norm. in most cases the difference is negligable.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Mon, 17 Dec 2007 18:32:23 EDT

Just Bob posted : Here are some links you may find interesting:

»www.us-cert.gov/reading_room/DNS···1605.pdf

»computerworld.com/securitytopics···,00.html

»mvp.support.microsoft.com/profil···D1950543

»grc.com/miscfiles/dnsru.exe

»87.127.177.127/readmessage?id=%3···offtopic

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Mon, 17 Dec 2007 18:05:24 EDT

NormanS posted : When your ISP's DNS works, there isn't much advantage to using OpenDNS, nearly as I can tell. However, when your ISP's DNS doesn't work, *any* other DNS server which allows your queries will be much better.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Mon, 17 Dec 2007 17:33:25 EDT

anon posted : By what you say you must have never tried openDNS. My ISP(charter) DNS is very slow and unreliable, switching to openDNS it was like getting a faster internet connection for free.
I live in the Midwest and even though openDNS still doesn't have Chicago server it's still faster than my ISP. one would think I would notice more latency getting my DNS from one of OPEN dns servers on the east or west coast, but thats not the case.

Charters not the only one with poor DNS, allot of ISP's DNS is horrible.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Mon, 17 Dec 2007 08:06:45 EDT

Derspankster posted :

said by that tech guy :

I would tough it out the your ISP DNS. your isp's cache can usually resolve faster than another dns server somewhere else by the time it gets there. Open DNS is cool and all but not really practical. Stick with the isp

Why isn't it practical? On what do you base your opinion? Why haven't I noticed any problems in the year that I've used OpenDNS?
--
I thought I made a mistake once but I was wrong

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Mon, 17 Dec 2007 00:26:13 EDT

anon posted : I would tough it out the your ISP DNS. your isp's cache can usually resolve faster than another dns server somewhere else by the time it gets there. Open DNS is cool and all but not really practical. Stick with the isp

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 21:43:55 EDT

Just Bob posted :

said by NOCMan:

said by Just Bob:

said by Kerodo:

Sure, caching is faster than an actual lookup, but every time you go somewhere new, there is an actually lookup which for me took longer with the Treewalk servers. Win caches entries also, just doesn't preserve them on reboot.

Right, and TreeWalk preserves the cache over a reboot.

The key issue is really the response time of the server when busy. The DNS servers from my ISP respond to a ping in half the time or better than 4.2.2.1, 4.2.2.1 (approximately 12-15 msec versus 30 - 36), but the ISP servers struggle under peak loads.

Edit - corrected ping times

Yes but ping is only an indication of network latency. You also have to consider lookup times on a DNS server during peak times. With thousands of people querying it, it could become slow to respond even for cached entries.

127.0.0.1 Treewalk - I have just manually updated root hints. It will get better as the cache builds.
65.32.5.74 RoadRunner
208. 67.222.220 OpenDNS

127. 0. 0. 1 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
Cached Name | 0.000 | 0.000 | 0.001 | 0.000 | 100.0 |
Uncached Name | 0.033 | 0.137 | 2.085 | 0.327 | 83.4 |
DotCom Lookup | 0.040 | 0.066 | 0.154 | 0.029 | 100.0 |
----------------+-------+-------+-------+-------+-------+

65. 32. 5. 74 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
Cached Name | 0.012 | 0.014 | 0.017 | 0.001 | 100.0 |
Uncached Name | 0.033 | 0.064 | 0.143 | 0.022 | 100.0 |
DotCom Lookup | 0.041 | 0.077 | 0.159 | 0.032 | 99.5 |
----------------+-------+-------+-------+-------+-------+

208. 67.222.220 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
Cached Name | 0.042 | 0.044 | 0.048 | 0.002 | 100.0 |
Uncached Name | - | - | - | - | - |
DotCom Lookup | - | - | - | - | - |
----------------+-------+-------+-------+-------+-------+

I don't know what to think of the lack of replies for OpenDNS uncached and DotCom lookups.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 21:29:28 EDT

Just Bob posted :

said by DreamWraith:

said by Just Bob:

said by CylonRed:

There is nothing about other DNS's that make them a security risk...

»arstechnica.com/news.ars/post/20···ers.html

Sure, while malware, et al can utilize local DNS stuff to hijack your computer, that can happen regardless of what dns servers you have yourself set to use.

The existence of a second threat doesn't negate the first threat.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 20:31:25 EDT

heels_fan posted : I have been using Treewalk and OpenDNS for awhile.

Hop on over to the ATT Southeast/Bellsouth forum and see how much trouble people have with their DNS servers.

I have never had any type of security compromise on any of my home network computers.
--
Take your hatred of our Government out of the Technical Forums!

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 20:21:18 EDT

DreamWraith posted :

said by Just Bob:

said by CylonRed:

There is nothing about other DNS's that make them a security risk...

»arstechnica.com/news.ars/post/20···ers.html

Sure, while malware, et al can utilize local DNS stuff to hijack your computer, that can happen regardless of what dns servers you have yourself set to use.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 19:50:48 EDT

NormanS posted : If, by "GTE/Verizon", you mean the 4.2.2.x servers, they ping a close as OpenDNS, or the ATTIS DNS servers I normally use: --
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 17:13:30 EDT

NOCMan posted :

said by Just Bob:

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 16:43:43 EDT

EGeezer posted :

said by DNS :

Is there any security risk to using an open DNS instead of Optimum's DNS? I do online banking and wanted to know if its safe. I have read online about DNS poisioning and other DNS threats but honestly I dont completely understand how they work.

For a little tutorial, see here.

Rereading, I noticed that which is in italics. From a security perspective, I consider alternative DNS services as I do the so-called "anonymizer" proxies. the question is whether I trust them to do what I think they'll do, so you have to make that decision as to what provider to use.

As you've probably read, there are a blue million DNS servers from which to choose. For banking, first ask yourself which ones you'd trust NOT to redirect your banking requests to a malicious site.

Personally, I'd use one of the major ISP, LEVEL3 or other U.S. based commercial servers to do my banking. If anyone comes up with a reliable source that shows these have redirected to phish or malicious sites, I'd be interested to read.

As for the rest of the stuff about tracking etc;

If you're worried about the evil three letter US or international agency intervening, they can already get to about anything you'd use. I'm personally suspicious of the providers who pop up like mushrooms claiming doom and gloom if you don't use their services. If the server is offshore, it's covered by whatever laws, practices and enforcement exist in that country.

If you don't like ads, don't use an ad-supported service.

If you don't like error redirection, don't use that service.

I note that the OP hasn't responded to the topic, so doubt that any further discussion is needed for his part. Hmmmm, who was that masked poster?
--
BBR's Shooting for a Cause!

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 16:40:18 EDT

altermatt posted :

said by Just Bob:

»blogs.zdnet.com/security/?p=231
»blog.opendns.com/2007/05/22/goog···he-page/

As a long-time Open DNS user, I was heartened to read those two articles, showing that the Open DNS chairman was rightly slapping Google's and Dell's wrists for those shenanigans. Ironically, but not surprisingly, I noticed that the page at zdnet tried (and of course failed, due to my settings) to open atdmt ads ;).

Of course any DNS server has to be trustworthy or they can wreak havoc. And don't forget a robust HOSTS file ;).
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 16:24:22 EDT

Jeruvy posted : I've used these GTE/Verizon servers and they seem to be reliable, but crappy if you're not in the New England area.

My pings average about 60-90ms so it's VERY SLOW by comparison to my ISP. I have used OpenDNS but it's slower also but only in the 30ms range so preferable. But I still don't see the advantage if my ISP's DNS servers are working (with 3 I hope to never have another outage). thoughts?

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 16:23:52 EDT

freeze posted : I used to use OpenDNS on and off, but their new service 'DNS-O-Matic' has made me switch for good.

Now my router updates DNS-O-Matic with my IP, which in turn updates DSLReports, No-IP, and OpenDNS.

I also like the new phishing filters.

Nice.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 16:04:46 EDT

nwrickert posted : I might well know the IP address. But I don't normally SSH to an IP address. I use the hostname, and rely on correct DNS resolution.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 16:03:08 EDT

Michail posted :

said by nwrickert:

..., but it only occurs when there is no actual DNS lookup, ...

Sorry, I don't understand that part.

Maybe I am sysadmin for a web server. Somebody has broken into that server, and put up a phish page. So I try to ssh into the server to take down that page. But OpenDNS is "protecting" me from that phishing site by giving a bogus DNS answer, and my attempt to ssh into the OpenDNS advertising site that they substituted of course fails - and it wouldn't have helped me even it it succeeded.

I don't use OpenDNS, so the above won't actually happen to me. But it could affect people who do use OpenDNS.

I am not trying to prevent you or anybody else from using OpenDNS. I was just answering questions about the risks involved.

If you are the sysadmin wouldn't you have the IP address for that case?

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 15:42:57 EDT

sded posted : Two things I don't like about OpenDNS:

"OpenDNS earns a portion of its revenue by sending the user to an OpenDNS search page when a domain name that he has entered is not valid. Advertisements are displayed on this search page to help fund the operations of OpenDNS."
and
"OpenDNS was launched in July 2006 by hacker/entrepreneur David Ulevitch. It received venture capital funding from Minor Ventures, which is led by CNET founder Halsey Minor."

I'd rather trust my own ISP, then Verizon and A&T as backups.

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 15:32:52 EDT

cork1958 posted : Not only safe, but recommended. Especailly if you're on Charter anyway!
--
The Firefox alternative.
»www.mozilla.org/projects/seamonkey/

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 13:32:08 EDT

joako posted : I don't use my ISP anything. They are idiots.

Instead of blocking port 25 they redirect port 25 outbound traffic to their SMTP server. Gee lets help out spam bots.
--
Am Heimcomputer sitz' ich hier, und programmier' die Zukunft mir

Re: Is it safe to use an open DNS rather than your ISP's DNS?

Sun, 16 Dec 2007 13:29:08 EDT

NormanS posted : OpenDNS doesn't redirect on typos if you set up an account with them. When you have an account, you can configure the behavior of the serves.

OTOH, for somebody who detests Google as much as you, that should be a red flag...

If your ISP won't provide you with barebones DNS service, though, you may be SOL. Even Verizon is moving to the DNS ad model; who knows how long before their 4.2.2.x servers are touched by redirects?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Re: OpenDNS

Sun, 16 Dec 2007 13:08:51 EDT

ZZZZZZZ posted :

quote:
said by antdude

I love OpenDNS. I love being able to block bad sites like porn, phishers, etc. I also love the statistics to see.

quote:
I agree totally. I've used OpenDNS for over a year and have been very satisfied.
--

Same here! :)
--
~~Get our troops home...now!!~~

Re: OpenDNS

Sun, 16 Dec 2007 13:02:33 EDT

Derspankster posted :

said by antdude:

I love OpenDNS. I love being able to block bad sites like porn, phishers, etc. I also love the statistics to see.

I agree totally. I've used OpenDNS for over a year and have been very satisfied.
--
I thought I made a mistake once but I was wrong