OpenDNS - Good or bad?
April 30, 2007 6:27 PM Subscribe
Is there any reason (other than privacy) not to use OpenDNS? I just discovered the service today and while I generally don't think I need protection from phishing sites and the like, this seems like a good solution for the less savvy members of my family and circle of friends.
I've found a couple of posts out there that don't seem to like OpenDNS, but I haven't found any terribly good reasons not to use the service.
http://www.memestreams.net/users/acidus/blogid9121142/
http://www.kanai.net/weblog/archive/2007/04/23/17h20m00s
Most discussion about OpenDNS on AskMF seem to wax poetic about the service, but I want to make sure that I'm not recommending something that has some insidious side to it.
Cheers,
Randy
I've found a couple of posts out there that don't seem to like OpenDNS, but I haven't found any terribly good reasons not to use the service.
http://www.memestreams.net/users/acidus/blogid9121142/
http://www.kanai.net/weblog/archive/2007/04/23/17h20m00s
Most discussion about OpenDNS on AskMF seem to wax poetic about the service, but I want to make sure that I'm not recommending something that has some insidious side to it.
Cheers,
Randy
I have used it, but I found it occasionally had problems finding subdomains for sites. For example, while:
http://metafilter.com
Would work,
http://ask.metafilter.com
Wouldn't work. Well, I don't know if I had the exact trouble with Metafilter, but I did on other sides with subdomains. And I occasionally found domain names that for some reason, OpenDNS completely failed on, and tried suggesting I wanted to go elsewhere. This was a problem about 1% of the time, but it was enough of a problem for me to stop using it. I don't know if others have had a similar problem, but it might confuse the hell out of less savvy members of your family if it did occur.
posted by Jimbob at 6:47 PM on April 30, 2007
http://metafilter.com
Would work,
http://ask.metafilter.com
Wouldn't work. Well, I don't know if I had the exact trouble with Metafilter, but I did on other sides with subdomains. And I occasionally found domain names that for some reason, OpenDNS completely failed on, and tried suggesting I wanted to go elsewhere. This was a problem about 1% of the time, but it was enough of a problem for me to stop using it. I don't know if others have had a similar problem, but it might confuse the hell out of less savvy members of your family if it did occur.
posted by Jimbob at 6:47 PM on April 30, 2007
Best answer: The way it handles negative results can be a bit dodgy. If you look up a hostname that doesn't exist, it can (optionally? I don't know if there's an opt-out) take you to a search page for what it thought it was looking for instead of returning the proper error.
This sort of thing has been abused on a very wide scale before by Verisign, so network operators are a bit touchy about that behavior even when it's chosen by the user. And sometimes you want negative results to reach you, to know positively "that does not exist". The end result is that OpenDNS is sort of a "website DNS server" instead of an "internet DNS server".
posted by mendel at 7:03 PM on April 30, 2007
This sort of thing has been abused on a very wide scale before by Verisign, so network operators are a bit touchy about that behavior even when it's chosen by the user. And sometimes you want negative results to reach you, to know positively "that does not exist". The end result is that OpenDNS is sort of a "website DNS server" instead of an "internet DNS server".
posted by mendel at 7:03 PM on April 30, 2007
Regarding the evil Verisign move, Earthlink started doing that as well but they also offer a DNS server (actually two) that gives proper negative responses. I've been using it for a few months and it seems fine.
posted by intermod at 8:18 PM on April 30, 2007
posted by intermod at 8:18 PM on April 30, 2007
If you haven't already seen it, NYTimes tech columnist David Pogue's November blog post on OpenDNS may helpful. Not only does he offer his assessment of it, but the comments that follow are often useful as well.
http://pogue.blogs.nytimes.com/2006/11/01/a-faster-web-for-free/
posted by chefscotticus at 9:51 PM on April 30, 2007
http://pogue.blogs.nytimes.com/2006/11/01/a-faster-web-for-free/
posted by chefscotticus at 9:51 PM on April 30, 2007
Best answer: I'm the one who is skeptical about OpenDNS. Here's my concern in a nutshell in comment #62 on the NYTimes blog.
I don't trust OpenDNS to do the right thing with my query history.
I use multiple DNS servers during the day- at the office, at home, on wifi networks, etc. If OpenDNS had all of that data, all in one place, they would have a very significant profile of my Internet usage. I'm not comfortable with that. I don't trust them because all of the other ISPs I interact with (at home, at work, etc.) are services that I pay for, not a free service where I am concerned with what they plan to do with the data that their users are generating.
posted by gen at 11:16 PM on April 30, 2007
I don't trust OpenDNS to do the right thing with my query history.
I use multiple DNS servers during the day- at the office, at home, on wifi networks, etc. If OpenDNS had all of that data, all in one place, they would have a very significant profile of my Internet usage. I'm not comfortable with that. I don't trust them because all of the other ISPs I interact with (at home, at work, etc.) are services that I pay for, not a free service where I am concerned with what they plan to do with the data that their users are generating.
posted by gen at 11:16 PM on April 30, 2007
gen: Do you run your own DNS servers then? Because it seems to me that any ISP has the same ability to log requests as OpenDNS does. The only way around this is to use your own DNS servers.
posted by afx114 at 11:23 PM on April 30, 2007
posted by afx114 at 11:23 PM on April 30, 2007
I too don't see how using OpenDNS is any different than using Rogers DNS servers, or Sympatico's, or any other ISPs. OpenDNS does a far better job, and I use them at home. I too would be disappointed if it turns out they secretly are pure evil, but I don't think they are.
posted by chunking express at 6:46 AM on May 1, 2007
posted by chunking express at 6:46 AM on May 1, 2007
Response by poster: Thanks everyone for the answers. It seems like their certainly is a possibility for evil doing, that's possible with any DNS service, including (or especially) your own ISP.
posted by randy_stewart at 9:53 AM on May 1, 2007
posted by randy_stewart at 9:53 AM on May 1, 2007
Hi. I run OpenDNS...
Gen -- We don't do anything with your query history other than pull some stats from them. Moreover, your ISP has a far far more privacy-invasive privacy policy...
And while it's not intended to satiate the tin-foil'ers, we're currently putting together some new features now that will let you turn off all stats collection for your requests. That means we'll bitbucket all your stats and anything even remotely personally identifiable (and not like AOL-style anonymize it, we'll actually get rid of it).
As for being free, EveryDNS.Net is free too and we've been making money for six years. Go figure. :-)
Happy to answer any other questions...
posted by david_ulevitch at 1:30 PM on May 1, 2007 [4 favorites]
Gen -- We don't do anything with your query history other than pull some stats from them. Moreover, your ISP has a far far more privacy-invasive privacy policy...
And while it's not intended to satiate the tin-foil'ers, we're currently putting together some new features now that will let you turn off all stats collection for your requests. That means we'll bitbucket all your stats and anything even remotely personally identifiable (and not like AOL-style anonymize it, we'll actually get rid of it).
As for being free, EveryDNS.Net is free too and we've been making money for six years. Go figure. :-)
Happy to answer any other questions...
posted by david_ulevitch at 1:30 PM on May 1, 2007 [4 favorites]
This thread is closed to new comments.
posted by AaRdVarK at 6:41 PM on April 30, 2007