Thursday, March 11, 2010

You are here: Home / Blog / Opinion / Open DNS (opendns.com) — Ready for the Enterprise ?

Open DNS (opendns.com) — Ready for the Enterprise ?

March 3, 2008 by Greg Ferro · 2 Comments 

Today I was work­ing at a cus­tomer site and using their guest wire­less net­work and was hav­ing DNS prob­lems, and not for the first time this week. It could be the router, it could be the pro­vider. I thought about it for a bit and went search­ing other DNS serv­ers and found OpenDNS.

OpenDNS seems like a bril­liant idea, provid­ing free and open pub­lic access DNS ser­vices, the ques­tion I am won­der­ing — is it ready for the enterprise ?

The Risks

I was read­ing this art­icle about how huge num­bers of DNS server are open to attack, and we are soon to expect a massive fraud that will cause problems.

DNS Inventor Warns of Next Big Threat

So the secur­ity risk is that your ISP /​ Service Provider is not up to speed with secur­ing their DNS serv­ers. Given that

  • many Service Providers run on tight profit margins
  • and out­ages cause bad press, hap­pens reas­on­ably often
  • DNS is not a profit gen­er­ator but more of a cost or an overhead
  • DNS skills are not that com­mon (and I mean good DNS skills)

then DNS is prob­ably not high on Service Provider pro­grams. This might be a reas­on­able assump­tion. (Note: not all pro­viders are are prob­lem, but how can you tell which ISP’s are doing a proper job on their DNS ? Feel feel to comment!)

The Possibilties

Improved Performance

Because the OpenDNS sys­tem has more people using it, the DNS cache will be sub­stan­tially lar­ger, thus it should take less time for com­monly used sites to get a name resolution.

I am always sur­prised by how much faster a good DNS can make a net­work. Microsoft have demon­strated this with their DNS server which is much improved in per­form­ance and cach­ing since it became a key part of the Active Directory strategy. I sus­pect the engin­eers real­ised the per­form­ance of the DNS would be vital to AD suc­cess and spent quite a bit of time ensur­ing that MS DNS was a worthy product.

I often read about the heavy load on the DNS root serv­ers. If the root server nearest you is strug­gling, OpenDNS offers an altern­at­ive. Also, OpenDNS seem to hon­our cach­ing inter­vals so I am happy that they will respond to GLB changes.

Better Security

Because OpenDNS is focussed on this single activ­ity, I can feel more con­fid­ent that they are tak­ing the cor­rect actions to keep their DNS ser­vice secure. Their web site cer­tainly sug­gests that they are care­ful in terms of ser­vice avail­ab­il­ity and security.

Web and Content Filtering

I like the web and con­tent fil­ter­ing fea­ture. I can see that espe­cially for small busi­ness this is a great idea. Simply con­fig­ure your Internet router to use the OpenDNS server, register your IP address or con­fig­ure a DynDNS account and you have a quite good con­tent fil­ter­ing solu­tion. DNS requests from the IP address that you register will then have the con­tent fil­ter­ing applied.

It isn’t per­fect, but you can cer­tainly make it harder to access NSFW con­tent. It will cer­tainly stop the acci­dental surf­ing. Also, many people are sub­mit­ting Spam /​ Phishing URL’s and these are also being blocked. If enough home users were on this, then we could be tak­ing steps to reduce these types of problems.

How do they make money ?

In short they are ad sup­por­ted. They take mistyped URls and then offer you pages of ads. However this is done in a ‘not evil’ way as they clearly show you that they are redir­ect­ing. Check this screen­shot for a mistyped URL:

opendns10.png

Other people review OpenDNS

I am not the only per­son to pick on the ser­vice although most reviews are from more than a year ago when the ser­vice was first announced.

OpenDNS: It’s Not SiteFinder for Obvious Reasons

Matt Mullenweg of Wordpress fame
PCMag review
Point of View on OpenDNS

Conclusions

I believe that OpenDNS is good option for medium enter­prises to use instead of root serv­ers. It will reduce load on the under­ly­ing Internet infra­struc­ture and offers an improved ser­vice. For enter­prises that want to improve their secur­ity and provide some con­tent fil­ter­ing, you should sign up and register your IP addresses.

Please rate this post:

  Why Rate Posts?
1 Star - It\\\'s Crud2 Stars - It\\\'s Tosh3 Stars - Something\\\'s missing4 Stars - Needs works5 Stars - Good Enough6 Stars - Good7 Stars - Excellent8 Stars - Brilliant9 Stars - Astonishing10 Stars - Awesomely Godlike? (No Ratings Yet)
Loading ... Loading ...

Filed under Opinion · Tagged with

Probably Related Posts on the Same Topic

Comments

2 Responses to “Open DNS (opendns.com) — Ready for the Enterprise ?”
  1. Zach says:
    3 March 2008 at 20:39

    I actu­ally trans­par­ently deployed opendns for users on my net­work. It allows me to add a thin layer of secur­ity for my users as well as a cus­tom page with our com­pany logo in the cases that a page is not found. The ad sup­port may go to them, but at lease it has my com­pany logo on it ;) I can also look and see if I have 20,000 requests to a .ru site (which would indic­ate a pos­sible infec­ted com­puter). Or just see gen­eral DNS usage stats of my users. Cool stuff.

    Reply
  2. Greg Ferro says:
    3 March 2008 at 21:40

    Thanks, I didn’t know about the stats fea­ture. Knowing that other people are using OpenDNS makes me even more con­fid­ent to use it in the future.

    Reply

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

A Random Selection of Other Fine Posts (or Not)