[AccessD] It just goes to show ya

Hans-Christian Andersen hans.andersen at phulse.com
Sat Dec 17 15:31:12 CST 2011


OpenDNS basically just does the same thing your ISP does, in terms of telling your computer what public IP address (in other words, which public server(s)) are responsible for a given domain name. Your ISP normally provides this service and when you configure your router, it generally gives you those settings automatically, but there is no reason you can't use another provider (if you are a web developer/sys ops person such as myself, it is very useful to query different DNS servers around the world to see if there are problems with your configuration and how it is propagating around). It's just a matter of changing the IP address for DNS in your router or even just specific individual computers/networked devices.

What makes OpenDNS stand out is that they add additional features beyond just DNS resolution that you don't get from your ISP at all. Domain filtering, statistics, malware monitoring and phishing/malware filtering (on a DNS level) and so forth. The only thing they ask for in exchange is that you allow them to display their search page with their advertising instead of an error page when you type in a bad domain in your browser address bar.

Its a cheap way of providing basic filtering and protection for home, school or business, so, as long as you don't mind a third party company knowing what domains you visit, it's well worth it. They also spend a lot of effort speeding up DNS  lookups, so it will be a slight boost to your Internet usage. Also, for those who are security minded and know the technical merits of it, OpenDNS uses DNSCurve (an alternative to DNSSEC), to avoid DNS cache poisoning and so forth, something many ISPs have yet to adopt.

Like John said, however, it's trivial for anyone who knows basic networking, so it's not foolproof. But there you go. You get what you pay for (or not).

Best regards,
Hans-Christian Andersen


On 17 Dec 2011, at 06:12, "Dan Waters" <df.waters at comcast.net> wrote:

> I use different email addresses, and also log into 4 different customers
> with 4 different VPN methods.  Would OpenDNS cause an issue with any of
> this?  I'm also using Comcast as an ISP - is that OK?
> 
> I looked at the OpenDNS site, but I didn't see a good explanation of what it
> was actually doing, or even a general description of how it worked.
> 
> I don't have my own 'network' - is it helpful without that?
> 
> Dan
> 
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Hans-Christian
> Andersen
> Sent: Saturday, December 17, 2011 4:09 AM
> To: Access Developers discussion and problem solving
> Subject: Re: [AccessD] It just goes to show ya
> 
> One of the nicest features of opendns is that it will tell you if there are
> any dns queries coming from malware on your network.
> 
> Best regards,
> Hans-Christian Andersen
> 
> 
> On 16 Dec 2011, at 13:33, "Rusty Hammond" <rusty.hammond at cpiqpc.com> wrote:
> 
>> Another thing I've done is setup an opendns account for my home.  It's 
>> free and does a nice job of content filtering.  No need to install 
>> filtering software on the computers, but I do run the opendns ip 
>> address update client on my desktop that's on all the time.
>> 
>> www.opendns.com
>> 
>> 
>> Rusty
>> 
>> 
>> -----Original Message-----
>> From: accessd-bounces at databaseadvisors.com
>> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
>> Sent: Thursday, December 15, 2011 6:47 AM
>> To: Access Developers discussion and problem solving
>> Subject: [AccessD] It just goes to show ya
>> 
>> I got an email this morning - XYZ wants to be your friend on facebook.
>> I don't know xyz, but I often go look to see if maybe I do know them 
>> out in a circle somehow.
>> 
>> I clicked on the link...  It *looked* just like those things from 
>> Facebook...
>> 
>> You guessed it, it was a social engineering attempt to get me to a 
>> page to do something bad to my computer.
>> 
>> I run firefox in DropMyRights sandbox AND I have a widget to prevent 
>> running scripts in firefox which just saved my bacon.
>> 
>> It just goes to show though.  I *know* about this stuff, I am very 
>> careful and I still got suckered.
>> Only my safeguards saved me.
>> 
>> --
>> John W. Colby
>> Colby Consulting
>> 
>> Reality is what refuses to go away
>> when you do not believe in it
>> 
>> --
>> AccessD mailing list
>> AccessD at databaseadvisors.com
>> http://databaseadvisors.com/mailman/listinfo/accessd
>> Website: http://www.databaseadvisors.com
>> **********************************************************************
>> WARNING: All e-mail sent to and from this address will be received, 
>> scanned or otherwise recorded by the CPI Qualified Plan Consultants, Inc.
>> corporate e-mail system and is subject to archival, monitoring or 
>> review by, and/or disclosure to, someone other than the recipient.
>> **********************************************************************
>> 
>> --
>> AccessD mailing list
>> AccessD at databaseadvisors.com
>> http://databaseadvisors.com/mailman/listinfo/accessd
>> Website: http://www.databaseadvisors.com
> 
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> 
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com




More information about the AccessD mailing list