Comments on: OpenDNS: A Followup

By: John

John — Wed, 09 Sep 2009 16:33:39 +0000

It is also worth nothing that you can opt out of the statics program now. Doing so will halt all logging of traffic that passes over your account, and adds that much needed layer of privacy.

I am a very private person, and I use OpenDNS on my home networks. When combined with a properly configured Windows security policy (to disable DNS/IP editing), it works very well to keep the kids off 4Chan and the like.

Just some more food for thought. Good articles though.

By: Joe Sniderman

Joe Sniderman — Tue, 30 Jun 2009 07:24:41 +0000

Hi.
The real reason using the root nameservers won’t work is that they are not set up to handle recursive queries. When you send one of the root servers a domain, it responds by telling you where to look next, ie, who is authoritative for that tld, you then look there, and so on, down the line, till you get the nameserver(s) for the specific domain you are looking to resolve. Therefore you cannot just send them a domain name and have them resolve it for you. This is not a security feature per se, it is just how DNS itself works.

Nothing stopping you from having your own nameserver pull info from the root servers however. Run BIND or whatever on a spare box, make sure it has info for *all* of the root servers ( otherwise it will fail ) and let it do the work for you. That way you’re not dependent on OpenDNS, your ISP, or Verizon to do your lookups for you.

By: Bypassing OpenDNS at Sector 930

Bypassing OpenDNS at Sector 930 — Thu, 28 May 2009 17:37:16 +0000

[...] refer to a followup post: http://www.sector930.com/blog/2009/05/13/opendns-a-followup/ « Fun Times with Religion Sector930 Is Now Global! [...]

By: Lenowe

Lenowe — Wed, 13 May 2009 17:29:02 +0000

I think they’re quite malicious. Just sayin.