OpenDNS - an end to ISPs DNS problems or OpenDns privacy concerns?

[silver]

edit - it was too early - I am not going to use the service or recommend it - read further posts below, in my opinion the privacy problems with opendns are enough to make me avoid it see http://www.the-scream.co.uk/forums/t26751.html#4

it's a bit early to know for sure but I am very impressed with http://www.opendns.com/ - a free to use drop in replacement for the (often shoddy) DNS service you get from your ISP

Yesterday bulldogs DNS was playing up and kept dropping out (in their defence it's generally been reliable) so I switched to using OpenDNSs resolving servers

If you know your way round setting up DNS then all you need do is use

208.67.222.222
208.67.220.220

rather than the ISP provided DNS service, if you're less sure the http://www.opendns.com/ has a lot of accessible info on what to do

to me it seems actually a lot quicker than the DNS from bulldog - very snappy and I see no reason currently to switch back to using the ISP provided DNS servers.

OpenDNS can do all kinds of other stuff which I have not invesitgated

Sil

edit - see warnings regarding hidden opendns google redirection issues further down http://www.the-scream.co.uk/forums/t26751.html#4

[silver]

humm - well thinking about it now.. there may or may not be drawbacks.. every site you visit is noted by the opendns server http://www.opendns.com/privacy/ (they say for ppl w/o accounts this is purged within 2 days) but of course if they were doing something else because law enforcement asked them to they couldn't say?

http://paranoia.dubfire.net/2007/06/...s-opendns.html

it is paranoia but interesting...

I'm not quite so eagar abt it now but for most ppl it is a good alternative (depending on paranoia level!)

[Memfis]

If you search the forums for those ip's you'll see it's been mentioned in a few places.
The only issue I have is that they return an 'A' record for domains that don't exist.

[silver]

humm the more you look

http://en.wikipedia.org/wiki/OpenDNS

OpenDNS earns a portion of its revenue by sending the user to an OpenDNS search page when a domain name that the user has entered is not valid. Advertisements are displayed on this search page to help fund the operations of OpenDNS. While this behavior is similar to VeriSign's previous Site Finder, OpenDNS states that it is not the same, as OpenDNS is purely an opt-in service (compared to Site Finder's effect on the entire Internet, as VeriSign is an authoritative registry operator)[3] and that the advertising revenue pays for the customized DNS service[4].

Also, the service resolves the google.com domain name to its own IP addresses, causing all of one's Google traffic to go through OpenDNS servers. Some of the traffic is handled by OpenDNS themselves, the rest is transparently passed through to the intended recipient[10]. Apart from obvious privacy and integrity concerns, this breaks e.g. Google's redirecting searches coming from the United Kingdom to its UK site, and the Firefox location bar search. This has also caused various people getting a Spyware warning when trying to visit Google. [1]

There is no mention of this behaviour on the OpenDNS user control panel, nor is there a way to turn it off. To disable it, people must manually write a complaint to support staff. [2]

oh - this is not good

ping www.google.com
Pinging google.navigation.opendns.com [208.69.34.231] with 32 bytes of data:

I have a real privacy issue with pushing google via opendns servers - that's pretty serious invasion and it's not obvious

most ppl (even the ones who aren't paranoid) I think would see a red flag here..

[Memfis]

hmmm I didn't know about that google thing. thats a final reason for me not to continue using them. (although they're third or fourth on my dns servers list they don't get used much anyway).

[Austin_KW]

Depends who you trust.

opendns.com claim the redirect on google is to circumvent other ulr redirections that are preinstalled on OEM windows PCs. It is supposed to be a fix for http://yro.slashdot.org/article.pl?sid=07/05/24/0342246

I agree that you should be able to turn off this behavior.

If you are worried just add google to your hosts file (but you will not have the load balancing)

[silver]

Depends who you trust.

opendns.com claim the redirect on google is to circumvent other ulr redirections that are preinstalled on OEM windows PCs. It is supposed to be a fix for http://yro.slashdot.org/article.pl?sid=07/05/24/0342246

I agree that you should be able to turn off this behavior.

If you are worried just add google to your hosts file (but you will not have the load balancing)

Originally Posted by Austin_KW

that's just a made up excuse,. I don't have a dell computer and therefore I am not in that position (if I did I would fix the Dell not just move the problem elsewhere)

I didn't read all the comments but this one is close to how I view it

Dell is "monetizing" mistyped URL traffic, like OpenDNS. The customer has a choice which DNS server he uses and which preinstalled software he gets with a new computer (by choosing different vendors). Both do the same, for the same purpose. If I had to choose between the two, I'd choose Dell. At least they don't fly under a false flag, like OpenDNS, which only claims to be Open for marketing purposes.

I probably make ~50 google searches a day - while I can't avoid a DNS provider knowing which sites I visit there is no logical reason they need to know what I am searching for.. the hidden way (I would say underhand) they go about it is just wrong IMO

I didn't investigate exactly how openDNS interferes with google searches the fact I am not going to google when I asked to go to google was enough for me (I wasn't told or asked)

there's plenty of money to be made understanding which websites ppl visit and even more if you know what everyone is searching for to get to those sites

[Austin_KW]

Odd, I am not seeing it today,

Code:

austin@austin-laptop:~$ dig www.google.com

; <<>> DiG 9.4.2 <<>> www.google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43798
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         604709  IN      CNAME   www.l.google.com.
www.l.google.com.       147     IN      A       64.233.183.147
www.l.google.com.       147     IN      A       64.233.183.99
www.l.google.com.       147     IN      A       64.233.183.104

;; Query time: 38 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Mar 14 16:31:31 2008
;; MSG SIZE  rcvd: 100

I know that I have seen the redirect in the past as I often check netstat to see what is connected.

[silver]

jus did a similar check and today it's not doing it - wonder what they might push through their own servers next - just makes it look even more dodgy!

host -v -t SOA google.com 208.67.222.222
Trying "google.com"
Using domain server:
Name: 208.67.222.222
Address: 208.67.222.222#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1990
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN SOA

;; ANSWER SECTION:
google.com. 86400 IN SOA ns1.google.com. dns-admin.google.com. 2008031204 7200 1800 1209600 300

Received 78 bytes from 208.67.222.222#53 in 116 ms

[silver]

but why is the interweb broken in this way

host -v -t A www.google.com 208.67.220.220
Trying "www.google.com"
Using domain server:
Name: 208.67.220.220
Address: 208.67.220.220#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55680
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 30 IN CNAME google.navigation.opendns.com.
google.navigation.opendns.com. 30 IN A 208.69.34.231
google.navigation.opendns.com. 30 IN A 208.69.34.230

Received 104 bytes from 208.67.220.220#53 in 20 ms

I'd be amazed if there was any sound reason to do that