Slashdot Mirror
Cisco To Acquire OpenDNS
New submitter Tokolosh writes: Both Cisco and OpenDNS announced today that the former is to acquire the latter. From the Cisco announcement: "To build on Cisco's advanced threat protection capabilities, we plan to continue to innovate a cloud delivered Security platform integrating OpenDNS' key capabilities to accelerate that work. Over time, we will look to unite our cloud-delivered solutions, enhancing Cisco's advanced threat protection capabilities across the full attack continuum—before, during and after an attack." With Cisco well-embedded with the US security apparatus (NSA, CIA, FBI, etc.) is it time to seek out alternatives to OpenDNS?
outside of a very sophmoric attempt at content filtering, im not sure this service did much? (aside from molest dyndns' API for a user fee.) They basically poison NXDOMAIN for profit...under the auspices of attack prevention and puritanical righteousness.
Good people go to bed earlier.
Or be a better netizen by running your own and forwarding to your ISP's.
The whole reason OpenDNS even exists is because ISP's proved they cannot be trusted to run an honest DNS. And let's not pretend that DNSSEC is universally deployed.
Most people here can setup up a 99 cent VPS with an openvpn endpoint running a recursive resolver, limited to the openvpn net. That fits in the smallest slice of RAM available in 2015 and will work fine.
Most other people cannot, though. Google's DNS is honest, if you don't care about tracking - but most people care more about free stuff than privacy.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
The same Cisco that has default SSH keys on their security devices that allow hackers to run wild?
please elaborate on the tracking. where did you get that from? that's an honest question; i use google's servers as last resort backup dns.
Someone may correct me if there's more to it, but I think it's just that some people are uncomfortable with Google having so much access to information about us. Any DNS server you access will have the potential to keep records of which IP addresses made which queries, which potentially gives Google even more tracking data. As far as I know, there's no real sign that they're using that data, but to some extent, they're a company that makes money from collecting data about their users, so...
They have their own internal DNS and DHCP, but the latter is needed to operate the former, sadly. I'd like to see an up to date instruction sheet to set up and place into production both services sometime. The current set is vague and wooly.
First rule of holes; When in one, stop digging.
Most people here...
Most other people...
most people care...
A self-appointed spokesperson for "most people"?
Or broken DNS is so pervasive that it is interfering with their ability to offer other services. If you're interested in the privacy policy around Google DNS it's available here. The quick TLDR is:
What information does Google log when I use the Google Public DNS service?
Google Public DNS complies with Google's main privacy policy, which you can view at our Privacy Center. With Google Public DNS, we collect IP address (only temporarily) and ISP and location information (in permanent logs) for the purpose of making our service faster, better and more secure. Specifically, we use this data to conduct debugging and to analyze abuse phenomena. After 24 hours, we erase any IP information. For more information, read the Google Public DNS privacy page.
Is any of the information collected stored with my Google account?
No.
Does Google share the information it collects from the Google Public DNS service with anyone outside Google?
No, except in the limited circumstances described in Google's privacy policy, such as legal processes and enforceable governmental requests. (See also Google's Transparency Report on user data requests.)
Does Google correlate or combine information from temporary or permanent logs with any personal information that I have provided Google for other services?
No.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
So any DNS you use could do this.
So isn't it logical to use one that is being run by a massive competent company that is already making huge profits and has the whole world watching them vs some small org that is just trying to make ends meet that no one is paying attention to.
Frankly if I was the CIA I would be intercepting traffic to the small oddball servers more than Google.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
You tool of the megacorps how dare you bring up facts that distort that crusader for freedom's self identified truth.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Who here trust Cisco?
Your bank.
There are no loopholes. It's either legal or it's not.
It could have been Oracle buying it. I have yet to see them acquire anything and not turn it to shit.
Distributed, hierarchical servers are the way DNS was designed and intended, so it actually is DNS. Trusting the hierarchy is another matter altogether.
So your point still stands. Do it yourself; it's educational and fun.
I'm also not too worried about DNS privacy, but I don't see the problem with Slashdot being the sort of place where nerds talk about network security.
I pay my ISP to give me a pipe to the internet. I use that pipe to contact numerous different public servers using numerous different protocols. If some of those servers are DNS servers, and I use DNS protocol to contact them, it is none of their mother fucking business. And indeed, my ISP clearly couldn't care less if I am doing it. If they tried to stop me, I would just ssh tunnel forward through a VPS and fuck em.
I never heard of anybody ever being "cut off" for doing this.
I use an alternative DNS server, becausde the ISPs in my country are orderd to block certain (torrent) sites. As I already give enough info to Google, I use servers I found on http://wiki.opennicproject.org...
With http://wiki.opennicproject.org... you can find witch one are closest,
I used to run my own, but after a re-install I did not yet bother.
What I think is strange is that nobody has made an easy local DNS server (for Windows) e.g. just a program that listens on port 53and only fromlocalhost and is just a DNS server. So no additional (local) zones. No additional things. Just a stripped down caching DNS server.
Just point to 127.0.0.1 as DNS server and done. No other changes should be needed. No kill of domains.No nothing should be needed.
Don't fight for your country, if your country does not fight for you.
Their entire business is based on monitoring your internet usage and using that to learn about you so advertisers can make more money from you. Of course they're monitoring your Internet usage.
A much better question would be, what possible motive could they have for offering a "free" service that doesn't monitor you?
I think the phrase "tin foil hat" is used far too often, and most commonly by people who know next to nothing about network security. For example, OpenDNS created the DNSCrypt project, which encrypts the DNS lookups. Sounds like diamond-coated tin foil hat stuff, no? Well, incidentally, it also protects from MITM attacks that have been used on DNS lookups, which have nothing to do with nation-state protection and everything to do with protection from criminals.
Please stop using that phrase.
Frankly, at this point, if the CIA cannot access and intercept data from Google they are utterly incompetent in doing their job. For the cost of (at most) giving an employee a suitcase full of money, you get an incredible bonanza of data. Which secret service wouldn't do it?
My first program:
Hell Segmentation fault
Pretty sure Windows comes with a simple DNS server service since the NT days. You may need to check an additional option to turn on the feature, or it may be hidden somewhere under the IIS settings.
Unless they removed it. I admit, I haven't touched Windows for anything server related in years.
A former colleague of mine left to a startup which some years later was absorbed by Google. The work she does at Google involves access to multiple Google databases (to detect fraudulent access patterns), which is apparently unusual. I asked her about the DNS database; she said that is the one database to which she (and most other projects at Google) doesn't have access. I took from this that Google does track DNS access.
I'd like you to at least give us a chance. I am still running the ship here.
# Hack the planet, it's important.
Services like DNS really belongs at the network level, not the local PC level. If only for the possibility that there are 2+ people on the local network who query the same thing and the DNS server can cache / return the results. Or, since the network server is likely to be left on 24x7, it can cache answers across reboots of your local PC/laptop.
Something like pfSense on the firewall to the outside world with "unbound" running does just fine for this. You can configure it to talk to your ISP's DNS servers, Google's servers, or set it up to start at the root DNS servers and do its own heavy lifting.
Wolde you bothe eate your cake, and have your cake?
If it is a free app, service, etc, you're not the consumer - you're the product.
Get up!