OpenDNS
Since the day that the DNS security flaw was disclosed, and my ISP (Sapo ADSL) applied the patches, I started to notice that DNS resolving got very slow. I checked the support page from Sapo, and no changes were made. Same two DNS servers were being used, and ironically, after pinging the second, I realized that it was “dead”. I also tried to call for support to ask them wtf was going on with their DNS servers, but the operator didn’t seem to be very comfortable with the term DNS, so I just gave up. Time to change.
I’ve heard about OpenDNS, some free worldwide DNS service, fast, reliable and secure. I had to check it out. Just configured my router to use the new DNS IP addresses, rebooted it and voilá. Browsing speed was back, better than ever.
So now, after about 2 months of use, I can only recommend it. You can even register to access some more detailed options, like content filtering and stuff like that. And when you surf to a URL that doesn’t exist, instead of having the normal browser message that website is down, you are redirected to a suggestions page by OpenDNS.
Here’s everything you need, these two IP addresses in your router / internet connection:
Primary server: 208.67.222.222
Alternative server: 208.67.220.220
7. September 2008 at 00:56
“And when you surf to a URL that doesn’t exist, instead of having the normal browser message that website is down, you are redirected to a suggestions page by OpenDNS.”
And you say this is a good thing?
7. September 2008 at 01:14
Although I didn’t explicitly said it was a good thing, I don’t see how bad it can be…
7. September 2008 at 01:20
OpenDNS is a slow service.
I once changed all my external NS configurations so they would look up via opendns and everything stopped working because of problems with their service…
There’s nothing like using your own NS server locally :oP
Hugz,
Luís
7. September 2008 at 01:39
Well, I totally agree with you on the NS local server, but, at least in my experience, OpenDNS is considerably fast.
7. September 2008 at 02:44
Rogério — Thanks for the write-up, and I’m glad we solved your issue.
Luís Miguel — I’m sorry you found us to be slow. Of course a local resolver will be faster for locally cached requests, but it won’t be for wide-spread usage. Many of our users combine the best of both worlds, a local cache which forwards to us.
And finally, Carlos — All of our options are tunable and can be enabled or disabled via your Dashboard at OpenDNS.com. That includes the NXDOMAIN functionality. We find the overwhelming majority of our users (99%+) find it useful and keep it enabled.
7. September 2008 at 12:41
Nameservers should give you a NXDOMAIN when the record doesn’t exist, not making this is against what RFC says.
Bad things could happen for example if that suggestion page have some XSS problem. I talk a little about this here:
http://paradigma.pt/gngs/view.php?pid=756
7. September 2008 at 13:17
David: Thanks for your comment and keep up the good work with openDNS.
Gonçalo: What you say is true. One of the first things I did when I first saw the suggestions page, was testing the url params against XSS, it seemed safe. But as David says you can always turn it off.
My parents also use openDNS on their laptops and find that page to be very useful, since they don’t understand quite well, the error message that the browser displays when a page is not found, and it saves them the effort of having to type again an URL, because the openDNS guide gives them the link they needed.
7. September 2008 at 13:38
I tested OpenDNS for a couple hours some months ago, and i didn’t realize that you could turn on the NXDOMAIN functionality. I’m guessing that a big part of the consumers doesn’t know also. So, shouldn’t the default behavior be what RFC says, and than give the possibility to turn on the suggestion page for the ones who find that useful?
Profits talks louder than standards.