Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenDNS As Quick-Fix To DNS Patch Dilemma

Posted by timothy on

CWmike writes "It turns out that problems with the July 8 patch that was rolled out to fix a cache poisoning flaw discovered by researcher Dan Kaminsky are causing headaches for admins. Preston Gralla suggests a 30-second quick-fix, perhaps until everyone is patched up: Use OpenDNS, which has been patched, as your personal DNS. If you run a corporate network and need help getting OpenDNS set up, your best bet is to go to the OpenDNS FAQ page, he writes."

7 of 61 comments (clear)

  1. Biggest boom for Open DNS's busineess by mehemiah · · Score: 2, Insightful

    but how does this stop us from being exploided by upstream dns servers?

  2. Re:If you run a corporate network by CastrTroy · · Score: 1, Insightful

    You sure you want to take on that much extra workload. There's probably tons of people running corporate networks who have no idea how to set up OpenDNS. They are probably using the MS DNS server and have never touched or even heard of OpenDNS.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  3. Great by Anonymous Coward · · Score: 2, Insightful

    So we can replace possible random DNS hijacking with guaranteed DNS hijacking that's passed off as a feature.

    Didn't we get extremely upset at Verizon when they served up adverts and returned bogus DNS responses on domains that don't exist?

  4. Does Slashdot really need Computer World ads? by duplicate-nickname · · Score: 3, Insightful

    Seriously, this solution has been posted in response to every DNS article on Slashdot this past month and has been mentioned by just about every article talking about the issue.

    Does Slashdot really need to post links to Computer World that rehash was has been discussed 100 times already?

    --

    ÕÕ

    1. Re:Does Slashdot really need Computer World ads? by Anonymous Coward · · Score: 1, Insightful

      Sell the nails and hammer the people.

  5. Privacy? Effectiveness? by shogarth · · Score: 2, Insightful

    Given the near fanatical privacy concerns on Slashdot, I'm surprised nobody is screaming over this "recommendation." Imagine how valuable it would be to know every web site visited by "millions of people a day." Does anyone think the for-profit company isn't mining then reselling the lookup->client-ip information?

    On a technical issue, how effective is their service? I've had hotel/hot-spot links that were proxying DNS queries regardless of my settings. It seems to me that unless you know that your ISP's DNS is way broken and that they aren't intercepting DNS queries, this is of questionable use.

  6. Re:If you run a corporate network by lazlo · · Score: 3, Insightful

    Unless someone already hacked your DNS server and are serving you a fake OpenDNS page that points to their own server...

    Good point. Try this: https://www.opendns.com/. If your browser doesn't complain about a mis-matched certificate, then either you're going to the OpenDNS servers, or whoever's hacked your upstream DNS server has either hacked your list of trusted root CA certificates, or has hacked Thawte's private key. If either of those latter is true, you're pretty much screwed, DNS flaw or not.

    --
    Pound! Bang! Bin! Bash! is this a shell script or a Batman comic?