OJ’s rants What would OJ do?

18Aug/089

OpenDNS is Wicked

Use OpenDNSOver the last couple of weeks the DNS timeouts and lags I've been experiencing at home have made the web experience a little dire. My ISP is actually pretty darned good, but for some reason they seem to have glitches with their DNS servers every now and then.

The last time it happened I wasn't able to get any sites to respond. I ended up popping some manual DNS server entries into my router which I had archived in a "welcome" email that I had received when I first signed up for my Internet account. These worked well for a while, but eventually ended up going offline and so I had to look for another option.

Enter OpenDNS. A free DNS service with a stack of features that anyone can use. I'll go over a few of them.

First up is Content filtering. What a fab idea! Offsite content filtering that stops dodgey and unwanted stuff before it even hits your modem. OpenDNS supports content filtering in a couple of ways which makes it really easy to generally filter out particular sites and content.

Content FilteringThe content filtering mechanism is quite extensive. You have the option of choosing a predefined "filtering level", each of which defines a set of site categories which will be filtered out for viewers on your network. The options go from Minimal, which simply blocks known phishing sites, through to High which covers everything from porn and illegal activities to video sharing sites.

Custom Content FilteringThere is also a Custom level which allows you to choose the categories that you want filtered. This is the long-hand version of the predefined levels mentioned above, which is great as it let's you pick and choose if you want finger-grained control.

Site BlockingLastly, as far as filtering goes, you have the option of allowing or blocking sites as a hard rule. This is handy if you know that a particular site is getting caught in your filter but you know for sure that it's safe. This happens surprisingly often, so having a whitelist is very handy. Being able to block a stack of ad sites before they even hit your browser is also a winner, hence the blacklist feature is great too.

OpenDNS ClientThankfully OpenDNS supports IP address auto-update. Over time, you'll no doubt get different IP addresses from your ISP as your DHCP leases expire or when you reconnect your modem to your service. Given that OpenDNS needs to have some way of determining who you are, IP address really is the only way. So to help keep OpenDNS up-to-date with your current IP (and hence, keep applying your filtering rules), there is a client application that you can have running in your system tray which contacts the service periodically and makes sure that it has the latest IP. While this is a great idea it's a bit crap that you have to run a client application. It's a shame that they didn't decide to support the use of another dynamic addressing system such as DynDns.org (lots of modems have built-in support for updating services like DynDns automatically).

CustomisationFor those who like to make their services feel cosey, OpenDNS supports customisation of various bits of functionality. For example, you're able to change the logo picture (this is more of an interest to site admins). You can also modify messages that are displayed when sites are blocked for various reasons. For those of you on home networks, specifying more meaningful messages for those, shall we say, "less technical" family members will no doubt be beneficial in reducing the number of support calls.

ShortcutsNetwork shortcuts are another nifty feature. A network shortcut is essentially a bookmark which works across the entire network. All you have to do is specify a name for your shortcut, and the site that it redirects to, and you're done. Once the shortcut has been saved, all you have to do to get to the site is type in the name of the shortcut. When the DNS request is made, OpenDNS looks for any shortcuts by that name that exist in your list, and if found, it will redirect the user to the appropriate site. Groovey!

At first you don't believe it, but OpenDNS is surprisingly quick. I wouldn't say that I have conducted a huge set of performance tests and benchmarks, but I would say that it by far outperforms my ISP's DNS servers as far as responsivity is concerned. Not just that, but it works. I am yet to see a DNS lookup fail requiring me to retry.

The final redeeming feature of OpenDNS is that it's constantly updated and secure. Flaws in the DNS system, for example, have already been patched. This reduces the chances of you dealing with an insecure DNS server (such as the one sitting at your ISP) and ending up at a site that might be a little unsavoury.

To sum up, I really think OpenDNS is a great service. It's fast, feature-rich and very handy. For anyone with a family/kids or a need/desire to filter out some of the f**ked up content that lives on the web (such as this site ;)), this service is for you. Give it a spin!

Tagged as: , , Leave a comment
  • Oliver, OpenDNS content filtering has a bug too with shared IP, check this post, on shared IP, some sites may get filtered or blocked if someone else is using same IP and has set the settings to be high.
  • How could you bypass its filters? Is there any possible way?
  • OJ
    Therein lies one of the flaws of OpenDNS. In my view, it can be a bit of a show stopper. They have a solution to this, but I don't like it.

    The problem is that when you sign up with OpenDNS and set up networks with filtering rules (such as Proxy/Anonymizer) it applies those filters based on IP addresses. This is an issue when most of the people using the service do not have static IP addresses. They get their addresses via DHCP, resulting in constantly changing IPs.

    I think what's happening in your case is that somebody else out there, who uses the same ISP (and hence the same IP address range) as you is also using OpenDNS. They have an account which is configured to filter out Proxy/Anonymizer sites. If the user isn't diligent in keeping their IP address up to date with the OpenDNS service, the rules "cling" to the last address given.

    So someone's applied the rules to a certain IP and now you're unfortunate enough to have been given that IP address from the same DCHP server and hence you also cop the rules that come with it.

    OpenDNS's solution to this problem is to have a client application on your machine which logs in and updates your current IP address which is bound to your account. This makes sure that whatever rules/filters you have set up get applied to your current connection/address.

    I personally don't like this solution because it requires extra software on the machine and requires you to have an OpenDNS account set up with your own rules. It's not as simple as "change your DNS server and forget about it".

    So if you're keen to use this service, I think you'll have to create an account (if you haven't already) make sure that the filtering is set up properly to allow the sites you want access to, and make sure that OpenDNS knows that your current IP is yours and not somebody else's.

    If you feel like giving that a whirl, let me know the result :) Good luck!
  • Ole Juul
    Hi OJ,
    Thanks for responding! Yes that is the site and it works now. I removed the 208.67.222.222 and 208.67.220.220 from my router and did a dhclient (dhcp reset) on my computer so it works again. Just to check to make sure that I was not doing anything wrong, I put the numbers back in the router and reset my computer - it is blocked again!

    The server message is
    "Site blocked.www.archive.org is not allowed on this network. This site was categorized as: Proxy/anonymizer"

    Just now, after again removing the DNS entries from the router, the site is back. I guess  there is something else going on here that I don't understand. :( To me the OpenDNS site is putting in an unwanted block. I will look into it. Perhaps there is a previous filter set in place for my IP address, although I've had it for a long time now.
  • OJ
    @Ole Juul: This seems to work fine for me? Is that the site you're talking about?
  • Ole Juul
    I had heard so much about OpenDNS that I thought I'd give it a try. The first thing that I noticed is that the Internet Archive is blocked. Perhaps that can be changed, but it startled me so much that I dropped the (open?)DNS from my router right away. It really surprised me that they would do any kind of filtering because I haven't had a problem with rogue sites in years. If I don't like a site I don't go there and someone telling me what I should or should not do is a bit distasteful. Just the thought bothers me. Perhaps I would have felt differently back in the 80s, but we don't need (so called) filtering nowadays. Certainly us old folks don't.
  • OpenDNS is great :) I've used it a year ago, but stopped it after a format, should have a look at it again.

    Luckily my ISPs DNS servers are quite stable, but without the extra features :p
  • OJ
    I have to admit it is quite startling that something like this would be free. Then again they do now have access to the browsing habits of anyone who uses the service and I'm sure that information would be useful in some way.

    Doesn't bother me if people know what I browse :)

    I would agree about the "not knowing it's there" bit. That is really good. Unless of course you are stuck running the IP update client, which is proving to be rather obnoxious.
  • To me the best thing about it has been that I forget it is even there. Its ability to pick up simple typos (like .com to .cmo) without having to splash a logo or ads is outstanding. Personally I'm amazed that it can be a free service. I guess people like to make up Urls and are quite likely to click on ad links they might see when they can't get the web site they are after.
blog comments powered by Disqus
« Sorting Algorithms: The Cocktail Sort Sorting Algorithms: The Bubble Sort »

Me on the Web

Pages

Recent Posts

Recent Comments

Recent Thoughts

Posting tweet...

Powered by Twitter Tools

Categories

Meta