dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
59783
share rss forum feed

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR

Comodo DNS vs OpenDNS.....

Any reviews/thoughts on the 2? Trying to decide which 1 to go with.



w8sdz

join:2001-05-21
Port Orange, FL

I recommend OpenDNS. Reasons:

»windowssecrets.com/2009/07/09/02···e-tricks
In case you are wondering why OpenDNS is so reliable and provides fast response to DNS queries, The secret is Anycast:
»www.answers.com/topic/anycast
--
73 de w8sdz - sip:271752@us.voxalot.com


ZZZZZZZ
Premium
join:2001-05-27
PARADISE
kudos:1
reply to KoRnGtL15

Why would anyone trust Comodo?



Steve
I know your IP address
Consultant
join:2001-03-10
Yorba Linda, CA
kudos:5

1 recommendation

said by ZZZZZZZ:

Why would anyone trust Comodo?
Why would anybody not trust Comodo?


MarkAW
Barry White
Premium
join:2001-08-27
Canada
kudos:16

said by Steve:

said by ZZZZZZZ:

Why would anyone trust Comodo?
Why would anybody not trust Comodo?
Hmmm lets see the fiasco with the Certificates for one.
--
Sometimes we lose friends for whose loss our regret is greater than our grief, and others for whom our grief is greater than our regret. François de la Rochefoucauld

Sometimes the appropriate response to reality is to go insane


Steve
I know your IP address
Consultant
join:2001-03-10
Yorba Linda, CA
kudos:5

1 recommendation

said by MarkAW:

[Hmmm lets see the fiasco with the Certificates for one.
You mean the one where the bad guys were serving malware from a Comodo-SSL bearing site, and where Comodo revoked the cert within 24 hours?

Or is there something else?


ZZZZZZZ
Premium
join:2001-05-27
PARADISE
kudos:1

»www.wilderssecurity.com/showthre···t=242453
--
~~Get our troops home...now!!~~



Steve
I know your IP address
Consultant
join:2001-03-10
Yorba Linda, CA
kudos:5

I don't get it - lots of companies offer domain validation certs, it's automated (I have tons of DV certs from GoDaddy - they've never checked into me).

I looked at the Wilders thread, and other places as well, and I still don't get what the beef is. You can't tell from a domain name whether it's gonna be bad or not, and the whole purpose of DV certs is that they're cheap and fast.
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site



ZZZZZZZ
Premium
join:2001-05-27
PARADISE
kudos:1

That's fine if you choose to trust them.

After this and the way they treated [lied] to all Boclean users.......I will never install or use 1 of their products ever.
--
~~Get our troops home...now!!~~



Steve
I know your IP address
Consultant
join:2001-03-10
Yorba Linda, CA
kudos:5

1 recommendation

I have no dog in this fight, and I only care about making an accurate assessment of risk. I am seriously open to input (I'm considering a code-signing cert from Comodo).

My suspicion: they offer domain-validated certs cheaper than others, so they get lots of interest... including from the bad guys. I don't have any evidence that they have done anything to encourage the bad guys in particular, other than offering a product that the broad market finds attractive.

I don't know anything about the Boclean matter, and (as a disinterested party) am not sure I'd care all that much.

Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site



Its a Secret
Please speak into the microphone
Premium
join:2008-02-23
Da wet coast
kudos:3
reply to KoRnGtL15

All in all, my vote's for OpenDNS.



danny9
Go Ahead, Make My Day
Premium
join:2002-07-14
Clinton Township, MI
kudos:2
reply to KoRnGtL15

Not much of a choice here but I would go with OpenDNS.
Have used it in the past.
The only problem I had was it would not open some sites I normally went to.
Now I just use the DNS from my ISP.
I have no problems with that.

As far as your alternative, would not even consider it.
--
"In times of universal deceit, telling the truth becomes a revolutionary act.."
George Orwell



omnibus
Pencil.. Yum

join:2002-01-23
New Zealand

1 recommendation

reply to KoRnGtL15

If your ISPs DNS servers work fine, you should stick to it instead.

Griefer groups could easily muck around with 3rd party DNS providers, blocking people from viewing certain websites.

How? By mass-flagging the website as malicious, spyware etc.

As noted here - »bit.ly/4fLFTL



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast
reply to Steve

said by Steve:

I have no dog in this fight, and I only care about making an accurate assessment of risk. I am seriously open to input (I'm considering a code-signing cert from Comodo).
I don't have a code-signing certificate from Comodo, but I (and several clients) do have web server certificates from Comodo, and in each case only a temporary 30 day certificate was initially issued until Comodo checked to verify the validity of the applicant. In my case, I know that they contacted D&B because I got a heads up from them that Comodo had made an inquiry.

I think most of the animosity from some of the regulars here and in other "security" forums is due to dissatisfaction with some of the Comodo PC software. I don't have a dog in that fight either since I have never used any of their PC software.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


ironwalker
World Renowned
Premium,MVM
join:2001-08-31
Keansburg, NJ

1 edit
reply to KoRnGtL15

I don't use OpenDNS anymore ....I use an alternate root server but forgot from withwhome, sorry.
As for comodo, I trust them.


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

reply to Steve

said by Steve:

said by MarkAW:

[Hmmm lets see the fiasco with the Certificates for one.
You mean the one where the bad guys were serving malware from a Comodo-SSL bearing site, and where Comodo revoked the cert within 24 hours?

Or is there something else?
I'm sure you are aware of the Mozilla situation and also the situation regarding Comodo continuing to issue certs to known malware providers. So, what is with the deliberate obtuseness?

I know you have little to no respect for my opinion but I have continued to have respect for your opinions in this forum and sometimes I have agreed with your opinion. I suggest that before you make a very foolish decision regarding acquiring a Comodo code-signing cert that you do some research into the business ethics of the CEO of Comodo.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


hayc59
Im Your Huckleberry
Premium
join:2001-02-26
David R.I.P.
kudos:21

1 recommendation

reply to KoRnGtL15

Totally behind you on this one Mele!!
Comodo's past practices alone should
make a fella stop and stop again and then rethink
and then run away!!....very fast



Steve
I know your IP address
Consultant
join:2001-03-10
Yorba Linda, CA
kudos:5

1 recommendation

reply to Mele20

said by Mele20:

I'm sure you are aware of the Mozilla situation and also the situation regarding Comodo continuing to issue certs to known malware providers.
Comodo revoked the Mozilla.com cert when the problem was pointed out, suspended the registrar (PositiveSSL), and have looked into why this happened. Shenanigans happen with certs all the time - people have managed to perform fake transfers of big domains with other providers too.

As to the selling certs to known-malware, I haven't seen any evidence that this is anything other than bad guys abusing the entire low-assurance cert process.

Is there some procedure or policy that keeps (say) GoDaddy from doing the same thing? Or is it just that Comodo is cheaper?

Steve — really, I'm not being obtuse.
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

reply to KoRnGtL15

said by KoRnGtL15:

Any reviews/thoughts on the 2? Trying to decide which 1 to go with.
I wouldn't touch Comodo's DNS with a hundred foot pole not even if I was handsomely paid to do so.

As for Open DNS, I don't care for the tracking and loss of privacy. I've done tests and Open DNS is not as fast as Level 3's public DNS servers for me. I recommend you use Level 3's servers as there is no tracking. You do not need to register with Level 3 or allow cookies or allow redirection to an advertising page instead of getting a proper error message in your browser if you mistype the address, etc.

I also recommend that you get http://www.grc.com/dns/benchmark.htm free utility from Steve Gibson. It is not quite finished but works just fine. Use it to determine whether or not Open DNS or Level 3 DNS is faster. If you decide to use Level3 DNS servers use DNS BenchMark to tell you which of the Level 3 servers are the fastest in your area. For some people in certain areas none of the Level 3 servers are fast, for others all of them are fast, and for others some are fast and some are slow and, occasionally, which are fast and which are slow, in a given area changes. You can use DNS BenchMark to track, and note, any of these conditions or changes and change your Level3 servers accordingly.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Santa Fe
Man is an animal that wants to exist.
Premium,Mod
join:2000-08-22
Freight Yard
kudos:3
Reviews:
·Mediacom
reply to KoRnGtL15

I've tried both (seem to be in the Minority here ) and of the two, I have to give OpenDNS the edge at least speed wise.

Learned something new though, never knew you could change security options, and Knowledge is HALF the battle!
--
I'm Forever Folding For Team Helix
Autism Speaks, Please Listen!


KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
reply to Mele20

What are the Level 3 dns numbers? Some kind of list any where?



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

said by KoRnGtL15:

What are the Level 3 dns numbers? Some kind of list any where?
Mele20 is probably referring to the 4.2.2.1 - 4.2.2.6 range of IP addresses:

4.2.2.1 = vnsc-pri.sys.gtei.net
4.2.2.2 = vnsc-bak.sys.gtei.net
4.2.2.3 = vnsc-lc.sys.gtei.net
4.2.2.4 = vnsc-pri-dsl.genuity.net
4.2.2.5 = vnsc-bak-dsl.genuity.net
4.2.2.6 = vnsc-lc-dsl.genuity.net

Despite the domain names in the rDNS results, these servers are operated by Level 3 Communications. At this time they are open to public use, but I have heard rumors that Level 3 may be thinking about limiting their use to Level3 customers. On the day that happens the tech support departments of many ISPs and corporations will probably be swamped with calls because so many people just assume that those DNS servers are and will continue to be public property.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 recommendation

reply to Mele20

said by Mele20:

You do not need to register with Level 3 or allow cookies or allow redirection to an advertising page instead of getting a proper error message in your browser if you mistype the address, etc.

Wrong.

I don't get cookies with OpenDNS, you don't "have" to register unless you want to take advantage of all the great features, and being redirected to a different page that tells you that you made a typing error is enabled or disabled by the user.

I don't know how you always get such incorrect information.

To the OP, have used OpenDNS for a couple of years and it works great. Have no issues with it whatsoever.
--
You can chain my body to the earth, but still my spirit flies!

Thanks to Clinton, Osama lived to give us 9/11

13,939 DEADLY TERROR ATTACKS SINCE 9/11


tempnexus
Premium
join:1999-08-11
Boston, MA
reply to KoRnGtL15

OPENDNS ALL THE WAY.

I would never ever trust COMODO and the reasons are my own.

If STEVE or whoever else likes COMODO be my guest. I for one personally will NEVER trust their system.


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to KoRnGtL15

Click for full size
NetFixer is correct as to what I am referring to as Level 3 DNS servers. If you get DNS Benchmark (it is a tiny little program beautifully written in assembly language and will not conflict with any other programs, etc) you would see the list of all public DNS servers nationwide before you run a test for your area.

gtei.net was General Telephone's transit network spun off of GTE when the merger of three regional phone companies created Verizon. GTE became Genuity and it went under and Level 3 bought it. Verizon owns the domain still and although Level 3 has owned Gtei.net and Genuity for some time they probably pay Verizon to keep the domain on its servers. My first ISP was GTE.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to La Luna

Why do you persist in bringing up erroneous and misleading information every time I tell the truth about Open DNS? It gets tiresome. You have to register (which in case you didn't know means accepting a cookie PERMANENTLY) if you don't want to have Internet protocol DELIBERATELY BROKEN by Open DNS taking you to their advertising page if you mistype the address.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



ff1324
Everybody Goes Home
Premium
join:2002-08-24
On Four Day

said by Mele20:

Why do you persist in bringing up erroneous and misleading information every time I tell the truth about Open DNS? It gets tiresome. You have to register (which in case you didn't know means accepting a cookie PERMANENTLY) if you don't want to have Internet protocol DELIBERATELY BROKEN by Open DNS taking you to their advertising page if you mistype the address.
Funny...I'm not registered and I don't see any ads...
--
Remember the 2008 firefighters and police LODD's in St. Louis:
PO Ballman, Sgt. Biggs, FF Hummert, Sgt. King, FF Riggins... all murdered...RIP brothers.


Mashiki
Balking The Enemy's Plans

join:2002-02-04
Woodstock, ON
kudos:1
Reviews:
·TekSavvy Cable
·Rogers Hi-Speed
·Bright House
reply to NetFixer

said by NetFixer:

At this time they are open to public use, but I have heard rumors that Level 3 may be thinking about limiting their use to Level3 customers.
Funny that, I've been hearing that for 5 or 6 years. It's almost like that "internet maintenance day" chainmail that existed about 15-18 years ago. Where the internet was going to go dark so they could clean AOL...I mean...all the crap out of it...


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 recommendation

reply to Mele20

And once again, I have NO cookie store "permanently" or non permanently from OpenDNS, and I don't get any "advertising page" (and I never saw it before I registered either). As I previously said, that is optional.

Please don't tell tell me what I see or don't see or what I have or don't have on my computer.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

1 edit

1 recommendation

reply to Mele20

said by Mele20:

Why do you persist in bringing up erroneous and misleading information every time I tell the truth about Open DNS? It gets tiresome. You have to register (which in case you didn't know means accepting a cookie PERMANENTLY) if you don't want to have Internet protocol DELIBERATELY BROKEN by Open DNS taking you to their advertising page if you mistype the address.
I only use OPenDNS as a backup, and I did register both of the IP addresses that would use that service. There are no cookies involved, permanent or otherwise. There is no http or cookies involved in resolving a DNS query period. Setting or retrieving cookies is simply not part of the DNS protocol.

DNS queries come from more than just web browsers and computers. Have you heard of game consoles that connect to the internet? Have you heard of VoIP routers?

I have absolutely no cookies from OpenDNS for any browser on any PC on my network, but if I put an OpenDNS IP address in my DNS server search path, OpenDNS resolves it with no problems (and since I registered with them, I get real unaltered DNS responses, no redirections to search sites, no funny business at all). The primary reason that I don't use them as a primary forwarding DNS service is that for me the AT&T AnyCast DNS servers are measurably and noticeably faster (although from my network, OpenDNS is also measurably and noticeably faster than the 4.2.2.x Level 3 DNS servers).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.