Slashdot Mirror

← Back to Stories (view on slashdot.org)

New(?) Anti-Fraud DNS service

Posted by ryuzaki0 on from the does-it-actually-work dept.

knownsense writes "A new DNS system to foil spammers, abusers, and other ills of the Internet is around the corner, reports Wired. It claims to be more user-friendly than your ISP's DNS. Among its claimed advantages . . . Faster myspace(!?), coordination with spamhaus, and typo-squatter squashing. The actual service is called OpenDNS."

4 of 186 comments (clear)

  1. faster? by mtenhagen · · Score: 5, Informative

    I did a quick test:

    - DNS query -

    - dutch hosted .org -

    opendns
      Query time: 1228 msec - they have to query upstream
      Query time: 261 msec
      Query time: 192 msec
      Query time: 192 msec
      Query time: 193 msec

    my isp
      Query time: 74 msec - they have to query upstream
      Query time: 29 msec
      Query time: 30 msec
      Query time: 29 msec
      Query time: 29 msec

    - us hosted .net -

    opendns
      Query time: 380 msec - they have to query upstream
      Query time: 192 msec
      Query time: 193 msec
      Query time: 193 msec
      Query time: 193 msec

    my isp
      Query time: 184 msec - they have to query upstream
      Query time: 29 msec
      Query time: 30 msec
      Query time: 29 msec
      Query time: 29 msec

    - Ping test -
    Ping to open dns: 192ms
    Ping to my isp: 29ms

    - Conclusion -
    The dns repsonse is the same as the ping so they will never get faster then my isp.

    --
    200GB/2TB $7.95 Coupon: SAVE90DOLLAR
  2. Re:Didn't RTFA... by Akaihiryuu · · Score: 4, Informative

    OpenDNS has been around for YEARS. The original reason it was made had nothing to do with any of this, it was so that members could vote to add new root domains that would have never been added to the "official" DNS servers. It was an end run around ICANN, basically. There are very few restrictions on OpenDNS on what can be added, and it's all voted on by the members. I actually tried using OpenDNS for awhile, but I had problems with it. There just weren't enough servers, and those that were there went down frequently. They acted as a relay to the "real" DNS as well, so you could resolve .com, .net, .org, etc. But after the 5th DNS outage in a month, I finally set BIND on my server to hit the root servers again instead of OpenDNS. The service just wasn't reliable enough. These goals that are being mentioned in this article have absolutely nothing to do with what OpenDNS was supposed to be about. Either TFA is BS written by a media drone who has no clue what's going on, or OpenDNS has radically changed its goals since I last used it a year ago. I hope for their sake that it's the former.

  3. Re:So much negativity! by 99BottlesOfBeerInMyF · · Score: 4, Informative

    I can understand why slashdot geeks wouldn't want their DNS servers messed with, I'm among you, however most of the internet users out there aren't nearly as computer literate as we are, and this service I believe would be really good for them.

    Most internet users don't know or care what a DNS server is. For this to succeed you need to capture the hearts and minds of the ISPs. Luckily for them, ISPs are very concerned about DNS right now as it is critical, somewhat vulnerable, and they are lacking visibility into it. Unluckily for them, the entrenched players have all started jumping on this and providing real solutions. Why block all requests to a DNS name when legitimate researchers and security people might need to get there? What about when a cracked server that still hosts legitimate content as well? what about when the FQD is a forum with 99% legitimate traffic and 1% worms and phishing?

    This solution is a shotgun where a scalpel is needed. Block worm traffic as detected by the DNS request, not all traffic to that domain. Also, contrary to what people seem to be thinking here, the main DNS issue is not worms or phishing (ISPs don't care that much) but they do care about large chunks of their traffic to the DNS servers coming from misconfigured servers repeatedly querying them. Since, in many cases, these servers are their own, blocking them with a fancy, broken DNS server is not the best plan. Redirecting other ISPs' server to an ad a million times a day will not yield any long-term profit (since no person sees them) Rather, fixing their own servers and notifying others/filtering at the peering edge is the way to go. Since ISPs are now able to do that, I foresee a large yawn when operators see OpenDNS (what a misleading name, kind of like OpenXML).

  4. Re:Adverts? by bigpat · · Score: 4, Informative

    Plus trying to get the entire internet to change one of its key components is a rather ambitious attempt.

    This is not to replace the "entire internet" with a new DNS system. From my read of their website, it is a individual choice to set up your computer using their DNS servers. And they are being very clear about how their servers will behave and what they will do with incorrectly typed addresses. This is from the same guys who have been running one of the most reliable free DNS services, everydns.