What is OpenDNS?

[doubledee]

In another thread of mine, someone recommended using "OpenDNS" as a way to be more secure.

First of all, what exactly is OpenDNS?? (I checked out their website, and it is not very clear what their true "business proposition" is, or why I should care?!)


And after doing some searching on Google, it appears some people feel OpenDNS may be *insecure*...

How To Disable And Remove OpenDNS

Is OpenDNS Logging Info Forever?


Anyways, please enlighten me!!!

Sincerely,


Debbie

 

[MacForScience]

OpenDNS is a private DNS server, rather than a public one like your ISP provides. (DNS translates a domain name into an IP address that your computer can understand.) OpenDNS is not an application it is an IP address that you add to your network configuration under the DNS tab.

OpenDNS blocks numerous malicious websites. It is a private DNS service, and it has better security, and thus is somewhat less susceptible to DNS poisoning attacks etc.

OpenDNS is safe.

What you have to remember about the internet is:
- Your ISP knows every website that you visit. And depending on the provider they may be able to trace it back to you specifically.

- Google has a tremendous record of everything you do, thanks to their persistent cookie ID.

- OpenDNS also keeps records as well.

Bottom Line
The internet isn't private. As long as you aren't doing things that are illegal you should be fine. No company or service is perfectly secure.

If you don't feel comfortable with OpenDNS you can always use Google DNS.

Cheers

 

[Nermal]

Bear in mind that using a third-party DNS service can make certain sites slower, for example YouTube uses your DNS configuration to direct you to the nearest server. When you're using "external" DNS you could be directed to a YouTube server on the other side of the world.

 

[doubledee]

OpenDNS is a private DNS server, rather than a public one like your ISP provides. (DNS translates a domain name into an IP address that your computer can understand.) OpenDNS is not an application it is an IP address that you add to your network configuration under the DNS tab.

The question is, "Can it be trusted?"

OpenDNS blocks numerous malicious websites.

So the main, public DNS doesn't blocks numerous malicious websites?

And what makes OpenDNS "the authoritative source" for which website are "safe" and "malicious"? (From what I have read, I think OpenDNS is being very presumptuous...)

It is a private DNS service, and it has better security, and thus is somewhat less susceptible to DNS poisoning attacks etc.

Have there been any *independent* studies showing...

a.) That Public DNS is so insecure

b.) That OpenNDS is so much more secure?

OpenDNS is safe.

But it strikes me as a scam to monitor people's online activities and SELL THAT INFO to advertisers...

What you have to remember about the internet is:

- Your ISP knows every website that you visit. And depending on the provider they may be able to trace it back to you specifically.

I use WiTopia, so that isn't true.

All my ISP knows about me is that I am connecting to WiTopia - and that is the way it should be!!

- Google has a tremendous record of everything you do, thanks to their persistent cookie ID.

What is a "Persistent Cookie"??

And I don't believe that is true, if you are not logged in to Google...

- OpenDNS also keeps records as well.

My exact concern!!! (And they keep info on users to make $$$...)

Bottom Line

The interent isn't private. As long as you aren't doing things that are illegal you should be fine. No company or service is perfectly secure.

I think it is much more private using a "Personal VPN" like I do...

If you don't feel comfortable with OpenDNS you can always use Google DNS.

Cheers

I have to check, but I'm pretty sure that I am using WiTopia's DNS servers, and those are way more secure and private than anything from my ISP or Google or OpenDNS...

Sincerely,


Debbie

 

[maflynn]

If you don't trust OpenDNS, or you think its a scam, then by all means, don't use them. No one is twisting your arm.

I think your perspective of the purpose or intent of OpenDNS is a bit off, but that's fine, everyone is entitled to an opinion.

I like OpenDNS because it allows me to add parental controls, I block sites considered adult, or other areas that I do not want my children to access (eithr by accident or on purpose).

btw, they offer other products that they charge (mostly to businesses) but offer a free version to consumers. Its up to you if wish to use them, by default you're not.

 

[doubledee]

If you don't trust OpenDNS, or you think its a scam, then by all means, don't use them. No one is twisting your arm.

I think your perspective of the purpose or intent of OpenDNS is a bit off, but that's fine, everyone is entitled to an opinion.

I'm just going off what others have said online. Well, and what I have read and understand.

It seems deceptive to offer a product called OpenDNS, when in reality it isn't much different than when a Domain Service splashes up a "Lookup Page" for parked domain names to make advertising $$$...

"Open" still implies "Open-Source", and I don't like it when capitalistic corporations manipulate such a term for their own benefit...

I like OpenDNS because it allows me to add parental controls, I block sites considered adult, or other areas that I do not want my children to access (eithr by accident or on purpose).

There are other options to do the same thing, no?

btw, they offer other products that they charge (mostly to businesses) but offer a free version to consumers. Its up to you if wish to use them, by default you're not.

I believe one big beef people have with "open"DNS is that is no longer true...

From what I recall, if you don't want advertising and their not-so-benevolent "Search Page", then you have to pay for the service...

(Like I said, I believe I get secure and private DNS with WiTopia, but I'll have to check on that next week.)

Sincerely,


Debbie

 

[benwiggy]

"Open" still implies "Open-Source", and I don't like it when capitalistic corporations manipulate such a term for their own benefit...

There's nothing in the open-source philosophy that says you can't make money.

(Like I said, I believe I get secure and private DNS with WiTopia, but I'll have to check on that next week.)

I've heard they are a capitalistic corporation How do you know they aren't recording everything?

I see no reason not to trust OpenDNS, but you've already shown on previous posts that you're quite "particular" in your security requirements.

OpenDNS do provide a useful service. You can use their DNS servers free without any configuration; or you can have an account to allow you to configure the DNS environment.

You need to understand that even if a company is storing info about what you do, it's mostly anonymised. A cookie that represents you might be on a list of "internet users who like cats", so that you can be served adverts about cats.
But no one can sit down at a computer and query a system: "Tell me everything we know about Debbie".

You, as an individual, are not that interesting to a company. Some fact about you, as part of a data set of millions of others, might be.

 

[maflynn]

I use WiTopia, so that isn't true.

All my ISP knows about me is that I am connecting to WiTopia - and that is the way it should be!!


Debbie

I think you're mixing apples and oranges. OpenDNS is a series of servers that translates the http:// addresses that all know and love, i.e., Macrumors.com to the IP address.

WiTopia is just a VPN, so you're still using the DNS servers that your ISP has.

 

[doubledee]

There's nothing in the open-source philosophy that says you can't make money.

Really??

This is what the dictionary says about "open-source", and it is the way I've always used it...

o·pen-source
[oh-puhn-sawrs, -sohrs] Show IPA
adjective
1. Computers. pertaining to or denoting software whose source code is available free of charge to the public to use, copy, modify, sublicense, or distribute.
2. pertaining to or denoting a product or system whose origins, formula, design, etc., are freely accessible to the public.

I've heard they are a capitalistic corporation

They sure are. And I am paying them for the service of anonymizing my Internet activities.

And I chose WiTopia because they seem upfront and honest. They don't dilly-dally around marketing crap. They have a very simple - for-profit - business proposition, and it seemed like a good deal to me, so I bought their service.

How do you know they aren't recording everything?

Ultimately, I will never know for certain, but if it was ever discovered that they were deviating from what they promise they do, they'd be out of business the next day.

Based on what I've seen others say, and my own research, I feel they are as trustworthy as anyone else out there. (And probably more trustworthy than someone like HideMyAss...)

I see no reason not to trust OpenDNS, but you've already shown on previous posts that you're quite "particular" in your security requirements.

My problem is they falsely market themselves, and that is a red flag.

I hate duplicitous people and companies.

I'd rather deal with someone that is upfront and says, "We are a capitalist company out to make a profit (via offering the world's best widgets)..." than someone that plays marketing games.

OpenDNS is probably okay, but I think the way they market themselves is cheesy at best, and I think it's b.s. to have "open" in your name when you are FOR PROFIT.

Christ, just say that up front?! (It's no sin to make $$$, just don't profess to be the Salvation Army when you're not!!!)

You need to understand that even if a company is storing info about what you do, it's mostly anonymised. A cookie that represents you might be on a list of "internet users who like cats", so that you can be served adverts about cats.

Probably true, but you need to stay ahead of the "Privacy Curve"...

But no one can sit down at a computer and query a system: "Tell me everything we know about Debbie".

Google can!!!! (Google knows EVERYTHING!!!)

You, as an individual, are not that interesting to a company. Some fact about you, as part of a data set of millions of others, might be.

Tell that to victims of all of the data breaches out there...

And tell that to millions of people that will find out some day hen it is already too late, just how much their ISP and Cable Company knows about them...

Fortunately, I gave up porn and funny cat videos years ago...

But for everyone else, I'd pay more attention to WHO knows WHAT about your activities on and offline!!

Sincerely,


Debbie

 

[GGJstudios]

The question is, "Can it be trusted?"

Yes, it can be trusted, as much as any other reputable service on the web. While it's prudent to be concerned about privacy on the internet, there is a point where concern can become paranoia. The fact is, some level of trust must be exercised in order to be productive on the web. If you're not able to trust any company or service, it may be a better choice to simply not use the internet at all.

 

[benwiggy]

Really??

This is what the dictionary says about "open-source", and it is the way I've always used it...

That's what A dictionary says. The Free Software Foundation, along with the GPL, have always maintained that open source is "free as in free speech; not free as in free beer". You CAN charge to provide the source.

There are plenty of businesses that make their living through open-source software, e.g. Red Hat, Canonical, etc.
http://en.wikipedia.org/wiki/Business_models_for_open-source_software

But for everyone else, I'd pay more attention to WHO knows WHAT about your activities on and offline!!

I think I would be exaggerating my own importance if I thought anyone was interested in the details of my life.
Credit card data? Sure, go for that. The bank insures against fraud; I'm not liable for fraudulent transactions.
Scary shadowy government figures and evil corporations don't want to know the particulars of my life. They want DATA. And there's a difference.

 

[GGJstudios]

That's what A dictionary says. The Free Software Foundation, along with the GPL, have always maintained that open source is "free as in free speech; not free as in free beer".

So which DNS service has the free beer?

 

[jtara]

There are numerous references here to "the public DNS". There is no such such thing.

There are a set of DNS "root servers". This is the closest thing there is to a "public DNS infrastucture". The root servers make it possible to find the DNS server that serves info for a specific domain. The root servers don't provide a complete answser to find a particular site, though, and so cannot be used by end-users to resolve DNS queries. They only tell you what server(s) will provide an answer.

All other DNS servers are private. These servers can be recursive servers or not recursive servers.

Every domain has a DNS server(s) that they either run or is run on their behalf. So, for example, Microsoft runs DNS servers that are used to look-up various Microsoft sites. When a request is made to a root server to find some Microsoft site, the root server says "here, there's the Microsoft DNS server, go ask them." These are private, Microsoft, servers.

These are typically non-recursive servers.

Your ISP runs recursive servers for your convenience. You can ask these servers for the IP address for a domain, and the recursive server will first ask the root servers (if necessary) and then go ask the right server(s) for the answer. It handles all the messy details is efficient becuase it caches results so that most of the time it doesn't have to ask another server at all.

These are private servers, too. They are run by your ISP.

Recursive servers run by ISPs typically do *not* do any kind of filtering for malware/etc. sites. While some ISPs do offer this as a (sometimes optional, sometimes not) service, it is not that common. And I think there is some thought both in the industry and the public that your ISP's DNS servers should not presume to filter for you, at least not without your permission.

You always have the option of using third-party recursive servers. Many people like to use Google's DNS servers, for example. Google provides this free service for the public. (This is distinct from Google's DNS servers that locate their own sites.)

OpenDNS is another, alternative, DNS service, and theire are a number of others. Third-party servers might be faster or offer features not offered by your ISP's servers. Or, they might be slower. Your Mileage May Vary.

Other than the root servers, there is no public DNS infrastructure. It is *all* private, and it is up to you to choose which private DNS server you will use.

BTW, which DNS server you use will NOT affect closest-node routing. When that is done, it is done by the destination-site's DNS server (it has to set a short caching period for this to work) and is done based on your IP address. It's your IP address that tells it where you are, not what DNS server made the request.

OP seems angry about something. Don't be. You have the right to not use OpenDNS. Really.

 

[ChrisA]

Really??

This is what the dictionary says about "open-source", and it is the way I've always used it...

One example of a company making money with OpenSource is Apple. They use both BSD UNIX and CUM'sMach inside Mac OS X.

Microsoftis one more. They use the TCP/IP stack out of BSD UNix in Winndows

Google is one more Andriod uses the Open Source Linux OS.

There are more but those are the biggest names I could think of in a few seconds

I think Red Hat makes mont too and all they do is Open Sorce.

 

[scuba156]

Really??

This is what the dictionary says about "open-source", and it is the way I've always used it...


Sincerely,


Debbie

You missed the part in your dictionary quote where it said source code. This means that the source code is available freely for other developers. It does not mean that the user software is free and there are specific licences to accommodate this. Also note that not all of the source code is required to be available, depending on the licence.

However, Open does have many meanings and does not always imply open source. A typical average user would not really know what open source is either. There is such a thing as a closed DNS. It's the difference between public and private.

The name OpenDNS refers to the DNS concept of being open, where queries from any source are accepted. It is not related to open source software; the service is based on closed-source software.

 

[ChrisA]

In another thread of mine, someone recommended using "OpenDNS" as a way to be more secure....

OpenDNS is a DNS server that That let's users optionally apple various "blacklists" to the DNS service. If a domain name is on a black list the DNS server will refuse to look up its IP address and return instead failure.

They allow you to select from a range of black lists.

The service would be good if you ran a company and had a bunch of computers and wanted to (say) block access to porn sites from company computers and you did not have the technical resources to do the blocking yourself.

Of course you could implement the same exact thing at home. It is not hard to set up a DNS server. Having a local DNS makes lookups faster and lets you add your own computers so you ca reference your own devices by DNS name .

But while a DNS server is easy to set up, maintaining the "black lists" is a full time job for a small staff. It requires a LOT of research. So people almost always out-source blacklist maintenance. OpenDNS does all of this for you for free. They make their money selling a premium service to business users.

MANY people think OpenDNS and others like them who publish blacklists a "evil" Mostly these are people who's site is on the blacklist. One does not have to have a scam or porn site to get on a list. For example I block EVERY advertisement. Some blacklist block social networking like Facebook. User can choose the lists they want.

 

[jtara]

There is such a thing as a closed DNS. It's the difference between public and private.

ISPs typically run closed DNS servers. That is, if you are, say, a Cox customer, you can use the Cox DNS. If you are a Pacific Bell customer, you can't use Cox's DNS.

To be precise, we have to use the term "open recursive server". Becuase non-recursive servers (those run by/for the destination sites for the purpose of ultimate resolution of their addresses) *have* to be open. They wouldn't work otherwise.

Google and OpenDNS operate open, recursive servers.

The terminimology can be confusing, and some people use some of the terms to mean opposites.

Again, other than the small handful of root servers, *all* DNS servers are private, in the sense that they are owned and controlled by a private entity. There is no public DNS infrastructure run by governments or anybody else for direct use by the public to provide complete DNS answers. "The public DNS" is a meaningless concept. There isn't one.

 

[doubledee]

I think you're mixing apples and oranges. OpenDNS is a series of servers that translates the http:// addresses that all know and love, i.e., Macrumors.com to the IP address.

WiTopia is just a VPN, so you're still using the DNS servers that your ISP has.

Not true.

My Mac is pointing to different global DNS servers - not my ISP's.

I did this so my ISP can't find out where I surf to!!!


Debbie

 

[doubledee]

Yes, it can be trusted, as much as any other reputable service on the web. While it's prudent to be concerned about privacy on the internet, there is a point where concern can become paranoia. The fact is, some level of trust must be exercised in order to be productive on the web. If you're not able to trust any company or service, it may be a better choice to simply not use the internet at all.

If I didn't "trust" I wouldn't have bought a data plan from AT&T or a personal VPN from WiTopia, and I wouldn't be here talking with you guys...

I am, however, a skeptic of anything dealing with Corporate America. And I am extremely suspicious of people/companies dealing with my information.

As far as OpenDNS, I read some good opinions about it, but I also read some things saying that it is just a big ad machine.

Personally, it doesn't "excite" me enough to go run out and try it.

My lifestyle doesn't necessitate the need to be protected from naughty or devious website. (I'm careful where I surf.) And I know how to type!

So why add yet another layer between me and where I am going?

Sincerely,


Debbie

 

[GGJstudios]

As far as OpenDNS, I read some good opinions about it, but I also read some things saying that it is just a big ad machine

I've been using it for years on multiple devices and I've never seen a single ad as a result of using it. Don't believe everything you read on the web.

So why add yet another layer between me and where I am going?

You're not adding a layer. That's not how DNS servers work.

You certainly don't have to use any particular DNS servers, and I don't see anyone suggesting otherwise, but OpenDNS is safe and trustworthy, for anyone that chooses to use them.

 

[doubledee]

There are numerous references here to "the public DNS". There is no such such thing....

Thanks for the *detailed* explanation!!

OP seems angry about something. Don't be. You have the right to not use OpenDNS. Really.

Not angry. I guess I just got off to a bad start with what others said about OpenDNS.

It probably does serve some purpose, but it just doesn't strike me as a high priority of things I'd like to implement.

Maybe I overreacted... Who knows?!

Sincerely,


Debbie

 

[HiDEF]

Is there any way of removing it? It's bypassing the 'I'm Feeling Lucky' search bar on Firefox and taking me straight to their search page.