I just finished listening to what turned out to be quite an engrossing Technometria podcast; an interview with David Ulevitch from OpenDNS. OpenDNS is an
improved DNS system, with both performance and functionality enhancements compared to the classic, boring old Domain Name System. Ulevitch makes a good case for his service; ISPs (the traditional provider) don’t usually consider DNS a core competency, and often lack the resources to properly scale their DNS service as traffic and users expand. (Anyone who’s had DNS troubles with their cable or DSL provider will be familiar with this). OpenDNS devotes dedicated resources, development support, and infrastructure to optimizing their system. Makes sense.
In addition, they offer capabilities that are simply above and beyond what normal DNS provides. First out of the box is phishing protection; you can get this by just using their DNS resolvers (220.127.116.11, 18.104.22.168) without even setting up an account! OpenDNS runs the PhishTank anti-phishing site, and uses this data to detect and block DNS requests to known phishing sites (say, from accidentally opening a phishmail purporting to be from your bank). Great service; especially for less Net-savvy types. If you set up an account, they can go far beyond the defaults, allowing site blocking by domain name or by type (
gambling, etc.), URL shortcuts (help –> http://helpdesk.yourdomain.com, stock FOO –> Yahoo stock info for FOO), etc. Stats are available and allow deep analysis of your DNS use, and account management is flexible enough to handle either a single machine/NAT, or a large network.
Really quite fascinating. Like Phil and Scott on the podcast, I think I’m sold. It’s easy to try out…just change your DNS settings to the addresses noted above (OpenDNS gives very straightforward directions for just about any configuration). I went the next step and created an account, mainly for purposes of stats analysis. I’m not interested in domain blacklisting (other than phishers), but your milage may vary.
And with all that, OpenDNS not only stays free, but even has a business model! They offer ads on selected “domain not found” pages, monetizing some misspellings and typos (though they also fix the common ones transparently and without the ads). Pretty low impact, and apparently, they are profitable.
(Note: be aware that DNS-based internet filtering is just as imperfect as any other type is. There are multiple ways around it, and it shouldn’t be considered a panacea. Used with awareness of the strengths and weaknesses, though, it’s pretty useful, and certainly easy to manage.)