Killer Free Service That You’re Probably Not Using
Wed, Jan 9, 2008
Update: July 2008 - OpenDNS is not vulnerable to a DNS cache poisoning attack that was recently discovered. OpenDNS has written about the multi-vendor vulnerability on the OpenDNS blog. Please read on for the original post about OpenDNS.
We all want to be safe when we surf the web. The problem is that there are lots of malicious, unscrupulous web sites that we can potentially stumble upon. The more tools we install on our computers to protect us, the slower they potentially become. Instead of installing additional SW on your computer, you may think about using the free service available from OpenDNS.
Since our computers uses DNS to find web sites (see my previous posts which explain DNS), we can make a few small adjustments to our network settings to help avoid bad sites, and block others we deem inappropriate for our family.
Let me first stay that OpenDNS is truly free. I am not affiliated with OpenDNS in any way. There is no cost to you to use any of their services and there are no pop-ups, pop-unders or software to install. Simple change your computer’s DNS entries to the following: 208.67.222.222 and 208.67.220.220.
I’m not going to re-invent the wheel here, so I will direct you to their website which has detailed step by step instructions for changing your DNS settings. It only takes a couple of minutes, and if you are really brave, try changing your routers DNS entries too.
That’s it. No other actions are needed. You can stop at this point and enjoy the following benefits:
Faster Web Browsing
Your browsing experience will be faster and more reliable because OpenDNS will automatically route your DNS queries to the closest available server. Also, if that server is down or unavailable for any reason, you will automatically be routed to the next nearest one. This is something your ISP does not do.
Phishing Site Avoidance
By default, OpenDNS detects and blocks you from connecting to hosts known to have phishing scams associated with them. You simply get re-directed to OpenDNS’s Phishing Error page which lets you know why the site is not accessible.
OpenDNS uses a sophisticated system called PhishTank that keeps timely updates of scam and fraudulent sites that integrates into their DNS service to help keep you protected.
These two services alone are compelling enough reasons for me to start using their services (and by the way I have been using for months now). The little time it takes to make the configuration changes, I believe, is well worth the added benefits. However, there is more.
Sign up for a free account and add your network (which OpenDNS automatically detects) to your “Dashboard” and get these added benefits too:
Domain Blocking
Use their easy to navigate web administration page to block certain domains.
Enter a site like “example.com” and anything under that domain will be blocked. For instance, www.example.com, test.example.com, bubba.example.com, ww2.example.com, etc… will be blocked. A customizable OpenDNS page will appear instead.
Adult Site Blocking
OpenDNS can easily bock adult-xxx, or adult-themed sites with the click of a mouse.
Using your account administrator page, you can turn on Adult Site Blocking just by checking a box and applying the new settings. By default, adult-xxx and adult-themed sites are not blocked, so you will have to turn this on if you want it.
Sidenote: Whitelist
Any site which would normally be blocked can be whitelisted. Any whitelisted sites will bypass OpenDNS’s blocking and allow you to visit.
Stats
This is probably one of the coolest features they offer. If you decide to turn on statistics, you can view all the sites the have been visited from your network. If you want to see what the kids were looking at, this is an easy way to do it.
Not only can you view the sites, but you can click a button to immediately begin blocking any sites you deem inappropriate.
You can view the data in different ways, select to download the data as a CSV, all with a few clicks. You can even elect to delete all the collected data and start over, or just simple stop collecting data all together (for those of you that are concerned with privacy).
I highly recommend OpenDNS to anyone who wants to browse safer, faster, and with complete control over the content being viewed.
January 9th, 2008 at 9:26 pm
This looks like a good thing to try. I will check it out. I especially like the idea for the kids computer!
January 9th, 2008 at 9:50 pm
Wow.. this sounds great. I will check it out. I’m a little scared I will screw up my ISP, but will investigate it further. Anything that can speed up my computer or block spam, fishing and pornographic sites is a big win for me.
Thanks.
January 10th, 2008 at 12:34 pm
I’ve been using OpenDNS for ages, and its the best decision Ive ever made. The only problem is my work-system that I use at home sometime picks up the openDNS resolutions, which messes with the VPN settings.
Something to keep note of if you use a corporate system with their own DNS at home!
January 10th, 2008 at 12:50 pm
Gambit32 - Glad to hear you are using OpenDNS. The VPN issue can easily be resolved by adding the internal host name as a typo exception in your account. If you have further questions please feel free to contact us. We are happy to help!
Daniel
OpenDNS.com
January 10th, 2008 at 1:55 pm
I used openDNS for a while but found that for my particular location (The Netherlands) my isp was still quite a bit faster - and my isp never gives me troubles anyways.
They say that they have servers situated strategically at the most well-connected intersections of the Internet, but as long as they don’t have a server located at “the largest Internet Exchange in the world, when measured by number of members, or by traffic. [wikipedia: http://en.wikipedia.org/wiki/Amsterdam_Internet_Exchange”
I’m staying put, although I support the idea in general
January 10th, 2008 at 1:57 pm
The correct link is:
http://en.wikipedia.org/wiki/Amsterdam_Internet_Exchange
And a List of Internet Exchange Points by size:
http://en.wikipedia.org/wiki/List_of_Internet_Exchange_Points_by_size
January 10th, 2008 at 11:13 pm
MyStuff,
My plan is to connect OpenDNS to AMS-IX with a full OpenDNS Amsterdam deployment in 2008.
January 11th, 2008 at 12:29 am
awesome idea…BUT…but, i, myself…love using the built in firefox search…so if i type in “typeo” i get an error…but if i do it in firefox it brings me to the Type O Negative website, and so on.
January 16th, 2008 at 6:39 pm
The main concern with opendns is the search feature. If I type an invalid url I am taken to an opendns search page instead of google as I would have expected, and the opendns search just sucks. Previously it was possible to turn of this feature but it was removed.
February 6th, 2008 at 8:59 am
The things raised by comments 6 and 8 were the deal-breakers for me too - I like Firefox’s feature of finding the website you wanted from URL fragments (and if it can’t, routing you to Google) but using OpenDNS meant I kept landing on a crappy search page.
February 8th, 2008 at 4:00 pm
It’s also been reported that OpenDNS is hijacking google.com. They claim it’s a fix for some Dell computers, but I find it too intrusive to use. I’d still use it in a pinch, like when I need to test DNS related problems on my networks.
April 9th, 2008 at 2:41 pm
The magical Google search that everyone is saying they miss is just the I Feel Lucky search. You can make this a keyword bookmark in Firefox and make it do it all the time, regardless of what the DNS server does.
June 24th, 2008 at 12:39 pm
Both services are great, but I wish AnalogX would spring back to life….they had some awesome tools around there….sure FastCache works on my Vista Home Basic 32bit system, but yea, it still could use an update
I was amazed to see some of the small TTLs that domains are uses….some as low as 4ms? And no, I wasn’t reading the wrong column either…lol.
September 23rd, 2008 at 9:17 am
The only problem is that it resolves domains without any “.com” or “.net” — so say i want to go to ebay and type “ebay” without a .com, I get the ads.
no dice.