Open DNS

[AdmnPower]

Hi, I was wondering if anyone here has ever used Open DNS. We're looking to impliment it at the company where I work for the phishing and web filtering it offers. I'm just trying to find out how they make their money. I know they show you adds on pages that would have been blocked which means when you request the host name of a site that is blocked then their service actually lies to you and sends you to a different page that is not the actual one that you requested. What is to keep them from doing this more often or using their service for collecting information about where you do most of your browsing. I'm concerned with the security aspects of allowing someone other than your ISP do DNS for you. Any opinions or experiences?

 

[brian]

We use it at my school. It works very well and I don't worry too much about the security, they're used by many thousands of people, if there was a issue, people would have posted about it by now.

 

[AdmnPower]

hmmmm, well I must point out that they do do a few suspicious things. For example www.google.com is at a 64.something.something.something address but if you hit it using openDNS you get a 208.something.something.something address which points to google.navigation.opendns.com. Bit suspicious eh? They blame dell for having to do this for some complicated and not so believeable reasons.

 

[bilbus]

just use any dns server you feel like. I dont get what the obsesion with open dns is.

I use 198.6.1.2

 

[AdmnPower]

Well this is a business, we can't just use any dns server we please. We have to consider all the ramifications of doing things and don't have the luxury of just trying things to see what will happen.

 

[Shady]

I've been using open DNS for a while and I like it... I'd recommend it actually!

 

[Encryptor]

Looking at packets sent/received via opendns, it seem they are doing "deep packet inspection", they are also adding flags to the end of some packet which if the website you are visiting requests the original dns client, it's already been adding to your packets, making it easier to track someone. You may also be interested to know that all traffic via opendns is logged by them (see there T&C).

I'd keep away from them if I was you.

Encryptor
Linux rocks the planet...

 

[cohen]

My school uses it as well as Web Marshell V3.

It blocks websites that Web Marshell doesn't. Like, sites with p0rn, it blocks.

Otherwise, it hasn't block anything else.

Cohen

 

[Vipernitrox]

just use any dns server you feel like. I dont get what the obsesion with open dns is.

I use 198.6.1.2

that's just your internal routers adress...


anyway can't you just use your providers dns server?

 

[AdmnPower]

We're interested in using openDNS for it's content filtering features. We keep our network pretty open but we want to start blocking inappropriate content. Some things just shouldn't be viewed on a work network.

 

[tlarkin]

Is this server going to be public? If not, just make your own private DNS server. Keep it up to date, and make sure you run all security patches. What is the higher goal of using Open DNS?

 

[cohen]

What is the higher goal of using Open DNS?

To stop people viewing not approved school websites.

My school uses web marchell, and if it doesn't block it, Open DNS might, depend on the site.

Cohen

 

[Vipernitrox]

might as well install and configure a dns server with isa server or something similar.
that way you'll get to decide what is to be seen and not.

 

[tlarkin]

might as well install and configure a dns server with isa server or something similar.
that way you'll get to decide what is to be seen and not.

ISA = waste of money. I would just get a web filter service, an enterprise one.

Alternatively, if you use a proxy server for all internet usage you can filter internet usage that way.