Slashdot Mirror
New(?) Anti-Fraud DNS service
knownsense writes "A new DNS system to foil spammers, abusers, and other ills of the Internet is around the corner, reports Wired. It claims to be more user-friendly than your ISP's DNS. Among its claimed advantages . . . Faster myspace(!?), coordination with spamhaus, and typo-squatter squashing. The actual service is called OpenDNS."
Anti-fraud or not, someone's getting lied to there.
"Currently, web surfers simple(sic) get an error message when they attempt to navigate to an unused domain. OpenDNS users will instead be routed to a company server that will present a list of search engine results and paid advertisements."
No thanks.
Argh.
Since when were DNS lookup failures responded to with HTTP error codes?
It's official. Most of you are morons.
But it has to be better, it has "Open" in its name.
much in the same way that many now block 25. This will be in reaction to bots that start using a shadow/private DNS built into the bot. I don't see how OpenDNS survives this emerging trend.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
The main advantage appears to be that they will prevent you from opening known phising sites. In terms of being faster, I'm not sure how they would be faster than my ISP since my ISP's DNS servers are presumably much closer to my machine than theirs. Any idea how they could make claims like that? Also, though the summary mentions foiling spammers, I saw nothing about that in the article. From the sound of the post, I thought this was something like SPF even though that doesnt seem to be the case at all.
Your ISP probably does the same thing already. These guys claim to have a much bigger cache, so they're more likely to have cache hits than misses.
They also offer ads & search results for non-existent domains, and they claim they will filter out phishing sites.
Not really a big deal though even on a cache miss, a DNS query doesn't take that long.
A broken, non standards compliant DNS isnt a better DNS, it's a crippled DNS. The phishing and scamming is more of a social problem than a technical problem. The last thing i want is for some DNS host to filter my queries. The open part of open_dns is a farce. This is a commercial venture trying to make a profit by skirting around well defined standards. OpenDNS will be plagued with problems like people who run the dns getting nice kick backs from scammers to keep domains from being filtered, etc. There will be false blocks by accident etc. OpenDNS would have the ability to push companies and personal sites around. Who knows what the OpenDNS people are catering to. What if they catered to the Christian right, and started blocking non wholesome content, etc. This is a bad idea people. -koft
These are such lofty claims that I doubt they will be able to live up to them. I like the idea that competitive services will appear, but if that happens I believe that OpenDNS will be a big loser.
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
Ahh, yes - Yet Another Root Domain Name System, like AlterNic.
One that also does redirection in the case of an invalid domain name, thus breaking code (like mail servers) that rely upon being able to detect bogus domains.
One that requires users to change their DNS settings, with all the attendant breakage and difficulties for troubleshooting.
One that will ALSO load down the upstream DNS servers, since the users won't be using their ISP's name servers.
And I am sure their policy of blocking spammy sites' resolution will sit very well with the Slashdot Zeitgeist.
Yes, I am sure this will be a spectacular success, just like AlterNIC is.
www.eFax.com are spammers
If people want to filter out bad sites and auto-correct bad URL's then that sounds like a job for a client-side application, not for DNS servers. DNS does one thing and it does it well: it acts like a phonebook for IP addresses. There is no bias in its resolutions. Keep it simple and let it do its job without red tape.
Service is pretty cool for people who can't run Bind (or something similiar). However for those that can, I am guessing its probably just as effective as running a caching only DNS server and maybe Squid to emulate their phishing blocking (assuming you have access to known phishing sites). As a matter of fact, the local version should be even faster (although the cache will obviously be smaller so there is a tradeoff). Off the top of my head, I am not sure how you could do the spell checking. Does Bind have a similiar option?
Until it's available, I'm going to have an "I'll believe it when I see it" attitude, which, surprisingly, is normally the right thing to do with news like this.
Its one thing to supply facts, but this service is editorializing DNS. I think they are leaving themselves open to attack based on their choices.
Intron: the portion of DNA which expresses nothing useful.
Doesn't Microsoft already do this in IE?
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
So using DNS servers that are 23 hops and 170ms away from me is meant to be faster than using ones 4 hops and 5ms away? Think they need some sort of distributed system with servers in every country, and some good peering.
This is nothing more than another attempt to make some money off of the basic infrastructure of the Internet. DNS is free right now. And to some people, that means that there is a chance to "monetize" that service.
But how to turn a profit from something that's being given away for free right now?
You'd have to offer some additional incentives. Like "phishing blocking" or claiming that a popular website would "load faster".
As far as I know, the DNS resolution has never been the problem for MySpace loading slowly. It's slow because so many other people are hitting their servers and bandwidth. And since Win2K, Microsoft has included a caching DNS app so once you do hit MySpace, you've cached the address on your workstation. You can't get much faster than that.
This POS is neither new nor newsworthy nor useful, at least not for the reasons they try to sell it to you for.
An alternative-root DNS system will never work (since Critical Mass is impossible to attain).
Myspace will not get faster. Whoever made you believe that is selling snake oil, too.
In fact, your DNS will actually slow down by a good bit; at least if you belong to the majority of the world (unlike root DNS servers, which actually deliver geographical and network dispersion). The big cache they are so proud of will create lots of problems if they actually do it differently from regular DNS resolver caches that you have at every major (and minor) ISP -- and those will be a lot closer to you than OpenDNS ever will.
Fixing typos is a double-edged blade. Sure it's nice if slashdo.torg works. How about whitehouse.gom, though ? And who decides that microsaft.com is really typo-squatter ? (They might just make nice juices !)
Their business model is funny, too. They sell advertisement for search pages in case they can't figure out where you want to go. This is hilarious, really. The selling point is that it can send you to the right page when you make a typo, but not figuring out what a typo was supposed to mean makes them more money. Hrrm. The better they become at their game, the less money they get ! Brilliant !
(Not to mention that this is precisely what got Verizon into hot water with their SiteFinder crap).
How on earth will OpenDNS stem the tides of spam ? Even IF it had a chance doing that purely with DNS, if it was relevant at all Spammers would find a way to make it inconsequential.
Last, but not least, their company is small. There is no oversight. I don't know whether I want to trust a group of 20 people to decide who is an abuser and who is not. I'd rather have hundreds of parties involved in the process, providing a stable balance to one another. (Fun scenario : OpenDNS gets bought out by DirectRevenue.com, starts redirecting EVERY DNS request to their own servers, encasing every website with a nice adbar. Oops. (points for doing it after attaining critical mass).
That's not uncommon when doing a search for an actual domain name on google. Try searching on just "oingo".
http://www.google.com/search?q=oingo
Plenty of results...actually the top one is the redirected domain.
I did a quick test:
.org -
.net -
- DNS query -
- dutch hosted
opendns
Query time: 1228 msec - they have to query upstream
Query time: 261 msec
Query time: 192 msec
Query time: 192 msec
Query time: 193 msec
my isp
Query time: 74 msec - they have to query upstream
Query time: 29 msec
Query time: 30 msec
Query time: 29 msec
Query time: 29 msec
- us hosted
opendns
Query time: 380 msec - they have to query upstream
Query time: 192 msec
Query time: 193 msec
Query time: 193 msec
Query time: 193 msec
my isp
Query time: 184 msec - they have to query upstream
Query time: 29 msec
Query time: 30 msec
Query time: 29 msec
Query time: 29 msec
- Ping test -
Ping to open dns: 192ms
Ping to my isp: 29ms
- Conclusion -
The dns repsonse is the same as the ping so they will never get faster then my isp.
200GB/2TB $7.95 Coupon: SAVE90DOLLAR
I get the feeling Monday will be a good day to go to the beach.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
How sinister! The real domain is appliedsemantics.com, for which there is much information.
Try the Google search with "oingo.com" surrounded by doublequotes. You'll see plenty of results.
I can understand why slashdot geeks wouldn't want their DNS servers messed with, I'm among you, however most of the internet users out there aren't nearly as computer literate as we are, and this service I believe would be really good for them. Netcraft has been trying to fight the good fight against phishing and scamming sites for a long time, and here's a group of guys who are really blocking them at the source.
I applaud their efforts, while it may not be for me, I think a lot of people are going to find it very useful.
When i search google for oingo, i get applied semantics first result (formerly known as oingo) and some random shit on oingo boingo and redirects.
when i search yahoo i get a bunch of shit on oingo boingo, and a link to applied semantics.
conspiracy theory successfully foiled.
I did a search for oingo on google and yahoo and got a pretty much identical list.
The home page redirects to "applied semmantics" which prodly boasts of being bought by google.
Whats your beef?
Old COBOL programmers never die. They just code in C.
That would be the new and improved venture capital weenies who are throwing money around again like crackheads. I guess they didn't learn their lesson last time around.
But the extra large cache is going to be a problem. If I'm using DNS to distrbute load its going to screw things up. What if I simply want to change a website to a different server? What if my primary connection goes down so I have point the DNS to a differnt IP?
If you cache stuff too long it makes problems. Anyway, I don't think it takes that long to do a dns lookup anyway, does it?
What we really need is a DNS system that can return multiple IP addresses and a code to indicate how to use them (ie, randomly select one or use the first unless it fails then fallback to the next one). And maybe have some "root" servers which contain only changes, so that servers could check them periodically and know what needs to be updated, and use the cache for everything else. Then we can have load balancing, and DNS servers could safely keep stuff cached for longer periods of time.
Of course, this would require everyone to change their DNS servers and their browsers, so it isn't likely we'll see DNS imrpoved anytime soon.
Hello !! NSA ?? Can you please connect me to Abdul Someassahola ??
OpenDNS has been around for YEARS. The original reason it was made had nothing to do with any of this, it was so that members could vote to add new root domains that would have never been added to the "official" DNS servers. It was an end run around ICANN, basically. There are very few restrictions on OpenDNS on what can be added, and it's all voted on by the members. I actually tried using OpenDNS for awhile, but I had problems with it. There just weren't enough servers, and those that were there went down frequently. They acted as a relay to the "real" DNS as well, so you could resolve .com, .net, .org, etc. But after the 5th DNS outage in a month, I finally set BIND on my server to hit the root servers again instead of OpenDNS. The service just wasn't reliable enough. These goals that are being mentioned in this article have absolutely nothing to do with what OpenDNS was supposed to be about. Either TFA is BS written by a media drone who has no clue what's going on, or OpenDNS has radically changed its goals since I last used it a year ago. I hope for their sake that it's the former.
- They are domain squatters and facilitators of it
- They allow large amount of AdSense ads leading to sites to rip you off (selling single page PDF files for $30+)
- It's hard to report copyrighted material on Google Video
Greed has taken over, slowly but surely.they are located next to where the NSA operates its spyware on top of ATT. Hmmmmm, I wonder ......
With a centralized DNS, this will make for a nice way to control the internet.
Personally, I have one word: Next.
I prefer the "u" in honour as it seems to be missing these days.
Yeah, I thought the exact same thing. But opendns has apparently changed. I'm guessing the old openDNS went out of business and some guys just bought the name since on the site it says they started in 2005, and the old openDNS was older than that I think.
And they'dk *better* not cache *.homeip.net and *.dyndns.com.....
-b.
How can that be. With my provider I connecet with DHCP and I am done. All I need is my login and my password and ut works. I would love to see how they make it more user-friendly.
Don't fight for your country, if your country does not fight for you.
Although I don't know if this was the intention, something about this article gets my Net Neutrality Sense tingling. Couldn't any particular organization take advantage of this with enough money, or couldn't domains just start paying to obtain priority?
...the people who buy this service.
Honestly, I always tell users that DNS is like 411 for computers. Just like people, they don't know someone they've never met before so they need a directory. Hence the raison d'etre for DNS. So if someone handed you the name of a person or business you don't know and says, "call them" but doesn't give you their phone number, what do you do? You either look in your phone book (Caching DNS which COULD be out of date) or... you call 411. Now, how would you like it if some third parties who weren't telcos started selling you "premium 411" service? I didn't think so. That's all this amounts to. You know that when third-parties jump in providing services they have no business providing, both you (the customer) and you (the legitimate DNS provider) are in for trouble. The customers are going to wind up being held hostage by this new premium service should it become lucrative. If the premium DNS service provider decides that it doesn't like the Democratic presidential candidate, they could set up a longer update cycle on those records just in case any last minute DNS changes happen... And the customer, not understanding that their ISP isn't to blame will call the ISP or the IT dept at work and start bitching to them about how "the internet is broken again". I can't really see this taking off anyway. And the concept that this is the way to stop phishers is laughable. I think this story should have been filed under humor. Maybe I'm just getting old at 36...
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Are you sure you're not thinking of OpenNIC? I also tried to use them once but had many problems and didn't really like the seemingly endless supply of pointless top level domains.
FTFA: "Those who click on a link in a phishing e-mail that attempts to take them to a fake site and con them into entering their credit card number won't even make it to the website, if OpenDNS knows about it."
... so when can the user trust that OpenDNS has successfully caught the phishing attempt, and when should they check that it has failed? The answer is simple; they should perform the same checks WITH OpenDNS as without, except now there will be a whole raft of users who don't know that and the phishing will get worse.
...
A false sense of security is worse than no security at all. "if OpenDNS knows about it" indeed
The road to Hell is paved with good intentions
OpenNIC is a totally different organization. They are an alternate root. We're (OpenDNS.com) not anything close.
We're about giving you control over your recursive DNS, something you should want. If you don't want us catching typos for you, that's fine. Just check out our FAQ and learn a bit more.
-david
# Hack the planet, it's important.
You're right...I must've suffered a brain fart. I was thinking of OpenNIC. I think I got confused because OpenNIC did call themselves OpenDNS for a short time many years ago, and I never got accustomed to the new name.
Typos are punished with ads :)
OpenDNS != OpenNIC
I'd much rather someone (take Grandma for example) hit an advert page than be lured into a phishing scam.
I'm sorry. When I think of system I think of daemons. Improvements to the DNS system would be appreciated. Someone to provide me with commercialized redirections and pay per use DNS service doesn't equate to improvement.
Sites providing free email without protecting their URIz with spf protection is what needs to be fixed. This would help to kill spammers pretending to be google, yahoo, aol, et al.
For a real improvement in DNS use spf http://www.openspf.org/ and urge others to use it too.
Having to work for a living is the root of all evil.
Your company advocates a
(*) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
They have a weird section on DMCA in their terms of service. They claim to actively police content and be very willing to block domains that host DMCA-verbotten content. I was excited up until this point.
-- .sig intentionally left blank
This
Dual (and higher) Opteron boxes are coming down in price. You can get a rackmount dual Opteron with 16GB or 32GB, maybe more. Some systems with more processors allow more RAM. Nevermind clusters.
Is there any way to determine, or at least reasonably estimate, how many public DNS entries there are at a point in time? If so, one has an idea how much RAM is requiired.
Wow. A really informative response by *the expert* to a fairly typical knee-jerk post. Good job. I don't currently have any use for the OpenDNS service, but I'm a lot more interested after this response than I was from the article. I hope y'all do well.
A traceroute from Amsterdam:
raceroute to 208.67.222.222 (208.67.222.222), 30 hops max, 38 byte packets
1 router.openswan.xtdnet.nl (193.110.157.158) 256.697 ms 0.638 ms 0.318 ms
2 384.ae0.cr1.3d12.xs4all.net (82.94.242.233) 58.937 ms 22.735 ms 41.513 ms
3 0.so-1-2-0.xr1.3d12.xs4all.net (194.109.5.57) 0.856 ms 0.917 ms 75.493 ms
4 194.151.244.74 (194.151.244.74) 1.123 ms 2.135 ms 0.767 ms
5 195.190.233.248 (195.190.233.248) 1.572 ms 1.916 ms 1.542 ms
6 195.190.233.249 (195.190.233.249) 1.654 ms 2.047 ms 1.504 ms
7 asd2-rou-1021.NL.eurorings.net (134.222.228.14) 1.318 ms 1.820 ms 1.359 ms
8 nyk-s1-rou-1001.US.eurorings.net (134.222.231.230) 86.985 ms 87.364 ms 87.055 ms
9 nyk-s1-rou-1003.US.eurorings.net (134.222.230.98) 87.026 ms 87.584 ms 87.066 ms
10 sl-gw40-nyc-0-0.sprintlink.net (160.81.182.129) 82.005 ms 82.046 ms 81.675 ms
11 sl-bb20-nyc-3-0.sprintlink.net (144.232.13.51) 82.030 ms 82.309 ms 81.963 ms
12 204.255.174.225 (204.255.174.225) 83.129 ms 83.374 ms 82.873 ms
13 0.ge-5-0-0.XL4.NYC4.ALTER.NET (152.63.3.117) 83.387 ms 83.487 ms 83.134 ms
14 0.so-6-0-0.XL2.NYC4.ALTER.NET (152.63.20.214) 83.444 ms 83.459 ms 83.202 ms
15 POS7-0.GW2.NYC4.ALTER.NET (152.63.19.225) 83.602 ms 83.376 ms 83.120 ms
16 splicetelecom-NewYork-gw.customer.alter.net (157.130.14.214) 83.863 ms 83.907 ms 83.902 ms
17 resolver1.opendns.com (208.67.222.222) 86.260 ms 86.110 ms 88.797 ms
It doesnt seem to actually terminate somewhere in Europe at all.
Traceroute from Canada:
1 brick (209.112.44.1) 0.195 ms 0.108 ms 0.107 ms
2 216.191.140.37 (216.191.140.37) 1.169 ms 1.047 ms 0.986 ms
3 syn (216.13.88.149) 667.916 ms 630.618 ms 602.319 ms
4 fe11-0-0.hcap2-tor.bb.allstream.net (216.191.48.1) 648.830 ms 621.588 ms 659.484 ms
5 srp2-0.gwy1-chi.bb.allstream.net (199.212.160.243) 726.753 ms 654.081 ms 599.996 ms
6 POS5-0.GW5.CHI1.ALTER.NET (157.130.115.117) 656.960 ms 769.177 ms 793.922 ms
7 0.so-1-0-0.XL1.CHI1.ALTER.NET (152.63.70.78) 854.671 ms 26.646 ms 121.226 ms
8 0.so-3-1-0.XL1.NYC4.ALTER.NET (152.63.1.50) 35.634 ms 53.774 ms 48.509 ms
9 POS6-0.GW2.NYC4.ALTER.NET (152.63.19.221) 36.545 ms 175.197 ms 141.500 ms
10 splicetelecom-NewYork-gw.customer.alter.net (157.130.14.214) 224.545 ms 651.278 ms 553.703 ms
11 resolver1.opendns.com (208.67.222.222) 613.281 ms 645.959 ms 678.715 ms
Not too good either. And they both end at the same server, wit hthe same ip and similar hops, so it doesn't look like it is anycast at all.
And no mentioning whatsoever on how they blacklist typo/squat/phishing DNS.
I'll put my trust in my ISP now, and in DNSSEC in the near future.
how do they ensure privacy? They would have all my DNS requests on file and can therefore get a pretty good idea of what websites I'm using.
So they want to throw out the redundant recursive DNS solution we have today, and have everyone speak to their central server that breaks all the best-practice rules?
What a crock.
The first bullet is a dubious claim, the second one is clearly bullshit, and the third one makes a mess of bullet one by making it certain people will end up at a site they didn't intend to go to. I hope someone loses a lot of money on this, because they deserve to.
Edith Keeler Must Die
This thing reminds me of a problem I had recently with my sailboat and certain vendors of boat gear. My fresh water pump was running continuously instead of on-demand when a faucet was opened, and after checking all the plumbing I determined there were no leaks or air in the system which would cause the pressure to drop and the sensor on the pump to turn it on. With all other causes but the pump eliminated, I decided to replace the pump. Pull out the old SHURflo pump and went to West Marine. The only SHURflo models they had were washdown pumps or bait pumps (no pressure switch, no on-demand). So I bought a Jabsco variable speed fresh water pump and took it back to the boat. This is where I got really mad.
The Jabsco pump did not have threaded sockets for nipples on the inlet and outlet ports. Instead, machined into the fucking pump body were receptacles for Jabsco's own design for a snap-in o-ring fitting (and a traditional nipple or barb on the other end to attach to your plumbing). I'm thinking WTF! How many times to they expect me to connect and disconnect this fitting! Is the pump that bad, that they expect I'll have to replace it often enough to warrant a quick-connect fitting? WTF is wrong with a nipple and teflon tape, you know, the kind that's been in use almost since the invention of plumbing for pity's sake! The fiting is locked in place by sliding plastic collars that engage a groove round the body. On the pump the collars or tabs are captive. But on the accumulator tank that I also bought they are loose. Keep in mind this stuff is installed under the galley sink on a boat where one usually has to go through some mild contortions in order to dangle oneself upside down in the space. Nice job, dickwads, I hope I don't drop one into the fucking bilge, you idiots!
And if I am cruising in Mexico, I bet I can't find any of these proprietary fittings anywhere, should I need to replace one. I have no idea how sound the connection is, and whether it will hold together in rough seas. Furthermore, they only gave me elbows, no straights, and my existing plumping (inflexible QEFT tubing) was run through to attach to a straight fitting. So to install this pump as provided would have required some replumbing of my galley, which was out of the question foir such a simple job as replacing a pump. If I didn't like how the galley was plumbed I'd have no problem tearing it out and redoing it, but there's nothing wrong. Thoroughly disgusted, I put it back in the box and went to another West Marine store to exchange it for a SHURflo model. I bet you can see the end of this story coming. The new SHURflo models also had quick disconnect fittings on the pump ports - and they were different from and not compatible with the Jabsco fittings. I'm pretty much out of marine pump vendors now - those two are it. I kept the Jabsco after all and installed it. Went back to West Marine to buy some spare fittings. Guess what? They don't stock them. So now I get to figure out who has them. Jabsco doesn't sell direct.
I hope one of Jabsco's product designers (I can't call them engineers now) Googles this post some day while taking a break from dreaming up the next marine plumbing disaster. I mean really - WTF was wrong with nipples? Nothing! They were simple, reliable and easy to get and easy to install. And nothing is wrong with DNS, unless you install this JabscoDNS thing we're talking about.
Edith Keeler Must Die
If OpenDNS can refuse to resolve typosquatters, would it also refuse to resolve other names, like *sucks upon request?
:)
On another note, ICMP replies don't carry advertisement either. Someone taking care of that finally?
Current beta testers, pulled from the EveryDNS.net, are also begging OpenDNS to redirect clear typos, such as "wikepedia.org" (instead of "wikipedia.org"), away from typo-squatters who set up pages with advertising to cash-in on errant keystrokes, something Ulevitch seems game to implement.
So if I want to visit a domain that is close to a big domain, I'm likely to get redirected?
It sounds more like he is breaking DNS, in ways that may make it more helpful for some people.
meh
I get the feeling that if you're technically savvy enough to change your computer's DNS settings, you probably aren't the type to fall for phishers/scammers. My gran's the type who reads all the junk that's sent to her and just doesn't accept that they are ALL fake ("there can't be that many bad people out there" she says!) but there's absolutely no chance of her reconfiguring her DNS settings.
FWIW: EveryDNS is the same guy.
o pendns/
http://blog.opendns.com/2006/06/28/why-i-started-
"To understand why I created OpenDNS requires a little background. I'd moved to San Francisco after graduating from Washington University in St. Louis, and was managing EveryDNS, a popular and reliable DNS management service which I started five years ago."
-- Terry