Tags:
opendns
privacy

OpenDNS - Good or bad?
April 30, 2007 6:27 PM Subscribe

Is there any reason (other than privacy) not to use OpenDNS? I just discovered the service today and while I generally don't think I need protection from phishing sites and the like, this seems like a good solution for the less savvy members of my family and circle of friends.

I've found a couple of posts out there that don't seem to like OpenDNS, but I haven't found any terribly good reasons not to use the service.

http://www.memestreams.net/users/acidus/blogid9121142/
http://www.kanai.net/weblog/archive/2007/04/23/17h20m00s

Most discussion about OpenDNS on AskMF seem to wax poetic about the service, but I want to make sure that I'm not recommending something that has some insidious side to it.

Cheers,
Randy

posted by randy_stewart to computers & internet (12 comments total) 4 users marked this as a favorite

I love it. I haven't looked into their privacy agreements exactly, so they may be tracking stuff I don't want tracked, but it performs so damn well that I'd be upset about switching.
posted by AaRdVarK at 6:41 PM on April 30, 2007

I have used it, but I found it occasionally had problems finding subdomains for sites. For example, while:

http://metafilter.com

Would work,

http://ask.metafilter.com

Wouldn't work. Well, I don't know if I had the exact trouble with Metafilter, but I did on other sides with subdomains. And I occasionally found domain names that for some reason, OpenDNS completely failed on, and tried suggesting I wanted to go elsewhere. This was a problem about 1% of the time, but it was enough of a problem for me to stop using it. I don't know if others have had a similar problem, but it might confuse the hell out of less savvy members of your family if it did occur.
posted by Jimbob at 6:47 PM on April 30, 2007

The way it handles negative results can be a bit dodgy. If you look up a hostname that doesn't exist, it can (optionally? I don't know if there's an opt-out) take you to a search page for what it thought it was looking for instead of returning the proper error.

This sort of thing has been abused on a very wide scale before by Verisign, so network operators are a bit touchy about that behavior even when it's chosen by the user. And sometimes you want negative results to reach you, to know positively "that does not exist". The end result is that OpenDNS is sort of a "website DNS server" instead of an "internet DNS server".
posted by mendel at 7:03 PM on April 30, 2007

Yes, you can turn off the search page thing.
posted by dmd at 7:47 PM on April 30, 2007

Regarding the evil Verisign move, Earthlink started doing that as well but they also offer a DNS server (actually two) that gives proper negative responses. I've been using it for a few months and it seems fine.
posted by intermod at 8:18 PM on April 30, 2007

If you haven't already seen it, NYTimes tech columnist David Pogue's November blog post on OpenDNS may helpful. Not only does he offer his assessment of it, but the comments that follow are often useful as well.

http://pogue.blogs.nytimes.com/2006/11/01/a-faster-web-for-free/
posted by chefscotticus at 9:51 PM on April 30, 2007

I'm the one who is skeptical about OpenDNS. Here's my concern in a nutshell in comment #62 on the NYTimes blog.

I don't trust OpenDNS to do the right thing with my query history.

I use multiple DNS servers during the day- at the office, at home, on wifi networks, etc. If OpenDNS had all of that data, all in one place, they would have a very significant profile of my Internet usage. I'm not comfortable with that. I don't trust them because all of the other ISPs I interact with (at home, at work, etc.) are services that I pay for, not a free service where I am concerned with what they plan to do with the data that their users are generating.
posted by gen at 11:16 PM on April 30, 2007

gen: Do you run your own DNS servers then? Because it seems to me that any ISP has the same ability to log requests as OpenDNS does. The only way around this is to use your own DNS servers.
posted by afx114 at 11:23 PM on April 30, 2007

I too don't see how using OpenDNS is any different than using Rogers DNS servers, or Sympatico's, or any other ISPs. OpenDNS does a far better job, and I use them at home. I too would be disappointed if it turns out they secretly are pure evil, but I don't think they are.
posted by chunking express at 6:46 AM on May 1, 2007

I personally started using OpenDNS after Earthlink started doing shitty ad-redirects for bad DNS queries. OpenDNS has a similar thing, but allows you to disable it. It's also, at least in my experience, faster responding than my ISP's DNS servers. This is likely because my ISP is incompetent.
posted by odinsdream at 9:06 AM on May 1, 2007

Thanks everyone for the answers. It seems like their certainly is a possibility for evil doing, that's possible with any DNS service, including (or especially) your own ISP.
posted by randy_stewart at 9:53 AM on May 1, 2007

Hi. I run OpenDNS...

Gen -- We don't do anything with your query history other than pull some stats from them. Moreover, your ISP has a far far more privacy-invasive privacy policy...

And while it's not intended to satiate the tin-foil'ers, we're currently putting together some new features now that will let you turn off all stats collection for your requests. That means we'll bitbucket all your stats and anything even remotely personally identifiable (and not like AOL-style anonymize it, we'll actually get rid of it).

As for being free, EveryDNS.Net is free too and we've been making money for six years. Go figure. :-)

Happy to answer any other questions...
posted by david_ulevitch at 1:30 PM on May 1, 2007 [1 favorite]

« Older Using Adobe Illustrator 10, ho... | How does one properly heat a K... Newer »

You are not logged in, either login or create an account to post comments

OpenDNS - Good or bad? April 30, 2007 6:27 PM Subscribe

OpenDNS - Good or bad?
April 30, 2007 6:27 PM Subscribe