OpenDNS As Quick-Fix To DNS Patch Dilemma

CWmike writes "It turns out that problems with the July 8 patch that was rolled out to fix a cache poisoning flaw discovered by researcher Dan Kaminsky are causing headaches for admins. Preston Gralla suggests a 30-second quick-fix, perhaps until everyone is patched up: Use OpenDNS, which has been patched, as your personal DNS. If you run a corporate network and need help getting OpenDNS set up, your best bet is to go to the OpenDNS FAQ page, he writes."

Just use patched, NX-replying public DNS servers

No.
OpenDNS does terrible NX-overriding and other useless, annoying things (logins, etc..)

Instead, just use public, geo-distributed DNS servers which FOLLOW RFC and are patched. Here are the standard suggestions (Level7):
4.2.2.1 through 4.2.2.6.

These have good randomness and are multi-cast addresses for DNS servers all over the country. They are VERY fast in most areas.
 

Re:If you run a corporate network

[snoyberg]

Unless someone already hacked your DNS server and are serving you a fake OpenDNS page that points to their own server...