With all the recent talk about DNS vulnerabilities out on the interwebs, I decided it was time to start using OpenDNS. I must say, the service is pretty cool. Basically, you point your DNS requests to their IP address, and all requests go through their DNS servers. They collects stats for your network, and they even can filter your traffic based on your criteria. You can even manage multiple networks with one account, like, say, your main house, and then a vacation house in the Poconos.
While this doesn’t serve any real purpose in Casa de Samuel, it would be extremely useful for a family with kids, or a small to medium sized business. This is especially true because of the filtering. There is no software to install, no hardware to maintain, and no employees to pay.
This leads me to a question for all small to medium-sized business: WHY ARE YOU NOT USING THIS? You don’t have to pay for expensive software or hardware, and you don’t have to hire some half-wit with a “technical” degree. OpenDNS does all the work for you. Sure, they probably charge some fee, but what you get out of it is worth it.
As for you enterprises and government: OpenDNS might just be the perfect solution for you, too. You are the ones obsessed with filtering/monitoring/mindrape. You can do all of those things for much less and much more smoothly. That goes for you, too, NMCI.
Actually, you know who needs OpenDNS the most? Who has the worst IT equipment? Who has the by-God, absolutely, without-a-doubt worst IT employees? Public schools. They, coincidentally, have the greatest filtering needs. No one wants little Timmy bringing up a pr0n site in the school library.
So all you CTOs and CIOs out there, please take a look at OpenDNS and stop the IT insanity.
Sam,
I have been using OpenDNS for probably three years now, but for different reasons that what you cite. I use it in order to speed up DNS queries, and to prevent my ISP from easily collecting my data. ISP’s. I have not tried out their filtering, but I can see how that would be useful for families.
However, as for business using it:
Small business might find use in its filtering, but as it’s a free service with no service-level agreement, if they go down, than you are SOL until they come back online. I imagine most business-grade internet connections do have such an agreement.
Filtering web traffic via DNS requests is fairly easy to bypass, and OpenDNS does not have anyway for admins for monitor traffic and punish users for attempted into load prohibited websites. OpenDNS is not a replacement for traffic proxying and monitoring. Running a proxy server allows for much higher granularity than just filtering simple DNS requests.
Most government organizations, at all levels, will probably have a legal obligation to use something with some transparency and accountability.
They also do some shady stuff with DNS queries involving Google websites. Specifically returning OpenDNS IPs in response to queries for Google websites.
What specific problem do you see the use of OpenDNS solving, aside from the Dan Kaminsky DNS flaw?
Edwin,
I will admit two things:
A. I oversimplified things.
B. I don’t know what I’m talking about.
I assumed that for businesses, there would be a paid-for tier of the service that included an SLA. But I guess there isn’t one. I also assumed that this paid for service would provide some more detailed monitoring tools. Apparently not.
The best problem to solve with OpenDNS is probably public schools. I read a real-life example somewhere about a high school tech who set up OpenDNS for the school to use. The speed of the network was greatly increased, and he had the filtering benefits. This took the burden of any DNS problems off of the school.
So yes, you are correct on all points. Mostly, I was just pissed at NMCI because they have serious DNS issues. So much of them that it slows down most web surfing. I figured, “these guys can do it just find and offer it for free, HOW CAN IT BE THAT HARD???”
You two are feisty!