Scott Hanselman

OpenDNS

February 22, 2007 Comment on this post [20] Posted in Tools
Sponsored By

Use OpenDNSDNS is one of these things that we just take for granted. You type www.cnn.com and it resolves to an IP Address.

Who've have thought you could take a stodgie old protocol like DNS and hack a business model around it?

UPDATE: One of the founders of OpenDNS, David Ulevitch, has responded with some helpful info in the comments area.

OpenDNS has. Just set you DNS settings to 208.67.222.222 and 208.67.220.220 or click the button in the upper right corner of this post.

Interestingly, that button is a SMART button. If YOU are already using OpenDNS, you'll see one image, while everyone else sees the other.

They not only offer faster DNS lookups, but they'll

They make their money when you completely booger up a domain name, or DNS doesn't resolve, and you'll get a search page with their advertisers on it.

Now, to be clear, the protocol purists will hate this, declaring things like in the comments here:

I also don't like that "spelling correction" or "anti-phishing" feature. That doesn't belong in the cache; it belongs at the resolver. I would agree [snip] — OpenDNS is unsuitable for use as an enterprise DNS cache. It might be a good solution for people who want to run their own personal cache on a local node.

Personally, I'm loving it. I loves me a clever hack and this be one. Take a look at their FAQ. Since there's no software to install, and you can undo it anytime, it seems harmless to me.

If you want to try it with nslookup on Windows, remember to include the trailing . after the domain name.

C:\Users\Scott>nslookup www.craigslist.org.
Server: resolver1.opendns.com
Address: 208.67.222.222:53

Non-authoritative answer:
Name: www.craigslist.org
Address: 66.150.253.241

C:\Users\Scott>nslookup www.craigslist.orr.
Server: resolver1.opendns.com
Address: 208.67.222.222:53

Non-authoritative answer:
Name: www.craigslist.orr
Address: 208.67.219.41

Notice how the misspelled domain points to a 208.67.x.x address? That's OpenDNS. They'll redirect requests to craigslist.orr to the real site, that's how they handle misspellings - they're actually misspelled in the cache.

Take a look at their http://system.opendns.com Status page. They are pretty hard core. I'll be hooking the parents and relatives up with this one, ASAP. If you're a parent or relative of me, go here to the Getting Started Page if you like, and follow the instructions, and call me if you have trouble. When you're done, visit http://welcome.opendns.com and you'll know if it worked or not.

Comcast's (my ISP) DNS tends to suck, and I have been compensating by running DNS Masq here at the house on my Linksys Router.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Hosting By
Hosted in an Azure App Service
February 22, 2007 14:00
I like this idea and went to the site to sign up, however there is no policy statement regarding the type of advertising that they will display to you. Can you imagine if your gran types in a url wrong and gets a particular type of advert ?

I've asked them to present a policy on this or highlight it better if they have one. Waiting for reply.
February 22, 2007 18:43
I like this one from their FAQ:

3. OpenDNS is smarter
We all make speling mistakes.

That's me!

I wonder if it's really faster if used in Canada? What is better; use an average DNS server located 20km away, or the best DNS servers 600km away? I guess the same question could apply for people in Texas, Florida, etc.
February 22, 2007 19:09
Love the OpenDNS. I switched it on my DHCP server to hand out openDNS first, and then fall back to the local ISP (cable & Wireless) as second banana and then an ISP back in vancouver as my third choice, in case the first two are out. We've even swapped in the openDNS as a secondary at a couple locations at work.

I like the spelling correction, the anti-phishing is a nice touch and i really don't care about the ads. Perhaps it's just me, but i seem to have developed a blind eye to ads, maybe I've been Googling too much over the past few years... that won't make me go blind, will it? :)
February 22, 2007 19:20
Sign Up? I don't think I am going to.... However, I will surely be spreading the word about openDNS simply because it has the anti-phishing feature....

Thanks Scott for showing the path :)
February 22, 2007 19:43
Err.. one quick question. Martin's comment lit a bulb. I am in India, which means that I am pretty far from openDNS. I think this would slow down my DNS Lookup for sure. But the Anti-Phising is still a good feature.

Also, for some reason, my Gravatar icon doesn't show. Hmmm...
February 22, 2007 20:48
the one thing i've noticed is that when i used opendns, my vpn's did not work well at all -- my wife and i both used very secure vpns and with opendns it would not connect at all...so we switched back
February 22, 2007 20:50
Vaibhav, this guy says OpenDNS is faster in India:

I tested that claim from my home base in India. After switching to OpenDNS, content-laden Web sites like news.com, cnn.com, bbcworld.com, and myspace.com loaded a lot more quickly, ping times were considerably lower, and query response times (measured with dig -x site ) to news.com, lxer.com, osnews.com, distrowatch.org, and bbcworld.com were lower by 10 to 25% compared to times when I was using my ISP’s DNS.
February 22, 2007 21:09
Scott,

Thanks for the awesome write-up. You definitely did your homework.

@Tim Heuer -- We have seen some issues with some VPN client software that tries to lookup internal resources via the external DNS service (in this case, OpenDNS). That can sometimes cause issues. We're (slowly, not highest priority) putting together a list of VPN software that works well with OpenDNS and the few that don't. If you could contribute the pieces of software you and your wife use that'd be pretty helpful to us. :-)

@Simon -- As for the advertisements we show, our goal is to make them as relevant as possible. We're sometimes good and sometimes bad at doing that. We're focusing a lot of efforts on making that good.

Here's an okay example:
http://search.opendns.com/?url=computer+zen

Here's an example where our ads make no sense:
http://search.opendns.com/?url=hanselman.con

The funny thing is that our system ALREADY knows the typo was for hanselman.com but we don't send the keywords we have for hanselman.com to the ad network. That's a bug we need to fix on our end. :-) Our privacy policy is also pretty clear (and Creative Commons licensed, afaik) on our website but we're always open to improving it. Shoot me or John (first name @ opendns.com) an email if you want to talk about it.

Thanks and I'm happy to answer more questions.
February 22, 2007 21:44
It beats IE's annoying feature where IE changes the url in the address bar if you mistype the url.
February 23, 2007 0:55
Well,, i will surely be testing it out more from India. Glad that people find it faster....

Cheers.
February 23, 2007 11:50
My concern with OpenDNS is whether they will be able to provide the same features for DNSSEC and if they can't, will mass adoption of OpenDNS hold back the deployment of DNSSEC?
February 23, 2007 16:09
I had an email response from OpenDNS about my query very quickly and they are keen to put up a policy as I suggested and check the advertisers filtering mechanisms.

That was great to hear and a very quick response. I wait with baited breath.
February 23, 2007 20:41
Dang Scott you just got me in big trouble here at work.... I liked this post so much I thought I would share it with some of my other team members one of which works in our China branch (I did not even think about this.) Security sent me a "Controlled Countries Notification" message, see they kind-of frowned on my sharing your post with anyone from that region... (Har, har, you gone and done it now... China might block your site for sure....)

BTW - neat post, I am using it on one of my computers at home..
February 24, 2007 0:02
Thanks for pointing out this very useful service, Scott.
Ken
February 24, 2007 5:56
I've been using it for around 6 months and in my experience, specially in office networks, has made the traffic flow much more better than even the local ISP DNS servers.

OpenDNS Rocks.
February 25, 2007 3:56
I gave it a shot but it was taking 2 to 3 seconds longer to resolve the url. I'm not sure if its because my router is not 100% compatible (Linksys with Vonage) or my ISP (Time Warner) is better at resolving the url. So I switch back. I can live without the name correction and the anti-phising features. I'd rather have quicker response times. I would highly recommend everyone do their own tests before switching. It's too bad because I was hoping to use this.
February 25, 2007 5:37
Hey Scott: OpenDNS sounds pretty nice, thanks for blogged about it. I followed the link where the "protocol purists" were discussing it, and had some thoughts on the subject so I blogged it here: http://www.mikeschinkel.com/blog/opendnstoforceimproveddnsstandard/
February 28, 2007 11:08
I am not sure I am crazy about this misspelling correction feature. What about my domain name? YOUSEFUL.com Will it correct it to useful.com? I paid to have that domain. Now It could be taken away from me for those that subscribe to this service? Anybody could do this and route domains names to whoever. a balkanization of the net. I have seen this before to implement family friendly surfing. ie an ISP called mayberry a while back.

As I understand from their FAQ , Ads is only on the the search part and not plastered on a website they direct to.

I am not sure I am happy with this. I spend a great deal of time and money promoting the brand YOUSEFUL with that spelling.
February 28, 2007 11:13
yep

I tried it. -> http://search.opendns.com/?url=youseful.com

it wanted to know if I meant
=========
Did you mean yousexus.com ?
=================

thanks guys thats what I need lol
March 31, 2007 3:31
Joe Mele - it's a DNS service at its core, so if www.YOUSEFUL.com is a valid domain, then that's where any OpenDNS user will be sent when its correctly typed into the address bar. you only get a search page if it's not a valid domain.

Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.