Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenDNS As Quick-Fix To DNS Patch Dilemma

Posted by timothy on

CWmike writes "It turns out that problems with the July 8 patch that was rolled out to fix a cache poisoning flaw discovered by researcher Dan Kaminsky are causing headaches for admins. Preston Gralla suggests a 30-second quick-fix, perhaps until everyone is patched up: Use OpenDNS, which has been patched, as your personal DNS. If you run a corporate network and need help getting OpenDNS set up, your best bet is to go to the OpenDNS FAQ page, he writes."

6 of 61 comments (clear)

  1. Re:If you run a corporate network by 77Punker · · Score: 2, Informative

    You don't need it memorized, and you don't need to look at the FAQ. The addresses are on the front page, in the bottom right corner.

  2. Re:Great by michrech · · Score: 3, Informative

    You can actually turn that off when you log in (creating an account is free).

    Just log in, click the "settings" tab, and the settings you are looking for are in there.

    --
    bork bork bork!
  3. Re:Replace a distributed system with a SPOF? by caerwyn · · Score: 2, Informative

    I did because Comcast is the only service provider in my area, and OpenDNS actually provides better DNS reliability than Comcast's DNS servers. The switch was actually driven by a Comcast DNS outage.

    --
    The ringing of the division bell has begun... -PF
  4. Just use patched, NX-replying public DNS servers by Anonymous Coward · · Score: 5, Informative

    No.
    OpenDNS does terrible NX-overriding and other useless, annoying things (logins, etc..)

    Instead, just use public, geo-distributed DNS servers which FOLLOW RFC and are patched. Here are the standard suggestions (Level7):
    4.2.2.1 through 4.2.2.6.

    These have good randomness and are multi-cast addresses for DNS servers all over the country. They are VERY fast in most areas.
     

  5. Re:If you run a corporate network by Spy+der+Mann · · Score: 4, Informative

    208.67.222.222
    208.67.220.220

    There :)

  6. Re:Thank God my parents don't trust me... by socsoc · · Score: 2, Informative

    I switched my corporate lan's proxy to use OpenDNS and I thought a few of the blocking categories looked useful so I selected them. I quickly disabled those after the first day. I don't see how Monster.com qualifies as an Adware site, but it sure pissed off my HR dept when they got a blocked message in their browser. Those categories are so overreaching, it's laughable. The typo correction and shortcuts are useful though.