OpenDNS wants to watch the web for you

Trackbacks/Pings (Trackback URL)

1. Matt
   

   July 18th, 2006 at 6:27 pm

   I’ve been using OpenDNS for a couple of weeks now, and I’m extremely happy. For whatever reason, the default DNS servers provided by my cable company were extremely spotty, which led me to change to some other random servers I found listed a message board after poking around on Google. I was never completely comfortable with that, so when I heard about OpenDNS, I gave it a shot.

   It should be mentioned that you only see advertisements when you really, really mangle a URL — as they say on their site, typing something like craigslist.og will automatically take you to craigslist.org. From my (relatively short) experience using the service, the only time I’ve seen a page telling me they couldn’t find a page has been when I’ve actively tested it by typing in a bunch of nonsense — and so far that page hasn’t featured any advertising on it.

   I like the concept of multiple servers stashed around the country, but I’m guessing the only people that will actually notice a difference will be people like me who have already consistently experienced slow servers. That’s enough for me, and the phishing and typo corrections are gravy.

2. Kenny
   

   July 18th, 2006 at 6:35 pm

   The only problem is that it resolves domains without any “.com” or “.net” — so say i want to go to ebay and type “ebay” without a .com, I get the ads.

   no dice.

3. Sal
   

   July 18th, 2006 at 6:49 pm

   “Matt” sounds like a OpenDNS “pusher”. Gotta be careful who to believe these days.

4. Peter
   

   July 18th, 2006 at 7:26 pm

   what do u know! TechCrunch is safe lol http://www.siteadvisor.com/sites/techcrunch.com

5. James J.
   

   July 18th, 2006 at 8:21 pm

   I don’t think OpenDNS is targeting the right people with their current message and site design. Geeks and techies are not the ones that are going to use this service. The people who would use it are the ones who don’t know what a DNS server is. They should reband under a different name and play down the tech and play up the features.

6. Brad Root
   

   July 18th, 2006 at 8:25 pm

   I gotta invalidate Kenny’s comment.

   I’ve been using OpenDNS and while I can’t say I’m “extremely happy”, because I’m not sure how you can be “extremely happy” with the service it provides. I’ve noticed practically no difference between it and Charter’s DNS servers.

   But, when I type “ebay” into Firefox, I get to ebay. Maybe that’s Firefox functionality because it seems to run a Google search. (Doing an “ebay” enter in IExplore takes me to MSN’s search, so I don’t know.)

   I have encountered the invalid/unfound DNS entry page a few times. I can’t really say it’s helpful, usually in the times you need to encounter that page, what you can’t find is so obscure a simple search wont find a replacement for it.

   Also I don’t seem to ever use the spellchecking capability, maybe because it’s so seamless or because I don’t type domains very often.

   All in all the idea of OpenDNS is pretty cool, but whether or not it’s actually useful for me is a question I can’t really answer, because I notice no difference between using it and not using it.

7. chris
   

   July 18th, 2006 at 8:41 pm

   Sounds like another “neat” little feature with little revenue model….the problem of web 2.0. Google was a one in a million “neat” idea, that by a one in a billion chance fell into a revenue stream. Why is everybody else trying to play those odds. I am not a fan, a user, or a believer in opendns

8. Matt
   

   July 18th, 2006 at 8:46 pm

   Kenny — I just tried typing “ebay” without the .com and it resolved to ebay.com, not a page with ads.

   I’m just some guy with no connection to the company — try it or don’t, I was just offering up my experience.

9. BlogReader
   

   July 18th, 2006 at 9:06 pm

   This is different from alternic how? And why would I want to use it?

   If it is anti-phishing that sells it that could as easily be a plugin in Firefox that just queries another DNS server. But really if you can’t look at a URL and decide that “chaseLOLLERSKATES.ru” isn’t really Chase bank you’re too stupid to be on teh internets.

   I’m surprised that verisign hasn’t come up with a similiar service.

10. Search Engines WEB
    

    July 18th, 2006 at 9:33 pm

    It also seems to me that if a web user is capable of changing their DNS settings then they ought to be capable enough to avoid phishing attempts.….

    We must remember that a computer can be accessed by the entire family or the entire office - the admin or geek may be aware of phishing tactics - but many casual users on that PC may not be as savy - yet

    ——————————–

    It is entirely forgivable to allow them SOME revenue for this free and potentially valuable service, like eveything else new & innovative, it has to be tweaked and perfected—but the idea is still valid.

    Perhaps they could offer an optional subsciption model for those who are suspicous of their revenue strategy.

11. John Roberts
    

    July 18th, 2006 at 9:34 pm

    John Roberts from OpenDNS here. Thanks for taking a look.

    OpenDNS _is_ safer, faster and smarter… and more reliable than the alternative, too. What do you know about your current DNS provider?

    We’re asking Internet users to make a choice about DNS, something only a few of us have done before, and we’re going to show (and tell) you why making the choice to use OpenDNS is a smart one.

    The preferences you mention live at http://www.opendns.com/prefs and are simply the first step in our efforts to give people the ability to manage what is usually a black box.

    I agree that the TechCrunch audience is one of the least likely groups to need phishing protection. We wouldn’t make the claim that any single protection is the right answer. (Anyone who does is should make you raise an eyebrow.) But I’ll bet that additional protection would be something worth providing to the friends and family members each of us answers tech questions for.

    I’d invite you to call/email/IM with our CEO, David Ulevitch, about why DNS _is_ a great place to go after the Internet’s bad actors. Or read his blog post about why he started OpenDNS. He has years of experience at this.

    The speed benefits are noticeable. Ask Chris Pirillo. We’re working on ways to quantify the improvement: I know vagueness sucks. So far, all I can do is point to the many blog posts which are more interested in our speed than anything else (I hope the del.icio.us link below comes through your comment form). As we bring additional locations online (London is next, in about a week) and continue tuning our network, the experience will improve further — and we’ll demonstrate that.

    The typo correction is simply the first instance of being “smarter” at the DNS level. It’s simple, and useful…not revolutionary. We will continue to offer preferences and choices on top of the core: an ultra-reliable, speedy DNS.

    As to scale: our service is built (and funded) with the ability to be dependable and fast at much, much higher levels of activity… the growth we’ve seen in the first eight days (http://www.opendns.com/who/stats.php) barely registered. We know going down is not an option, and you can look forward to further transparency about our uptime and status in the coming week.

    A disappointment with your post would be general references, without links. For example: “The service has already come under heavy criticism from bloggers…” and “Some have also warned”

    I encourage any interested parties to read the most recent 20 references, or check the 113 (and rising) references tagged “opendnsmention” at http://del.icio.us/pencoyd/opendnsmention. I’ve made an effort to include every reference that’s more than just a link. TechCrunch is in there. The vast majority are interested, curious and/or positive. We welcome our critics, too, and we work to learn from them: read the comments on some of them… like here.

    Marshall, Mike and others: welcome your continued attention.

    John Roberts
    OpenDNS
    first name at opendns.com

12. Keith L. Dick
    

    July 18th, 2006 at 9:45 pm

    No Thanks I had a “Mommy” then she passed away years ago…

13. ecplecticos
    

    July 18th, 2006 at 10:30 pm

    Hmm, what’s the second search result for a query on Ulevitch’s name? Hmm, EveryDNS — and it is run by Ulevitch himself. If he has the technical skill to run a hugely popular free DNS service that has been reliable enough to please even ME, what makes Mr. Kirkpatrick think Ulevitch can’t maintain the availability and performance of a commercial service?

    “”"
    OpenDNS also says that it is “smarter” because it will understand misspelled URLs, something I know that I rarely experience and am perfectly capable of taking care of myself. The fact that serving ads when misspellings occur is the company’s business model seems insane to me relative to the infrastructure investments they must have made.
    “”"

    Has the author never heard of Sedo or, oh, the entire domain parking or ads-for-error-pages industry? Is he familiar with one of Google’s products, AdSense for Domains? Another few Google searches might reveal that domain parking, DNS error pages full of ads, and typo-squatting are cash cows, and Ulevitch has positioned himself to take over that traffic.

    On cost: DNS queries are cheap. You can squeeze multiple DNS requests and responses into less space than a single HTTP request. The servers are well written and efficient, and the amount of bandwidth these transactions consume is negligable. The cost of providing DNS service is simply not an issue.

    Knowledge is king. DNS is involved in every web site you visit, and almost every link you click on, every time you load an IM client, every time your desktop apps “phone home”, and even your bittorrent client may sometimes look stuff up in DNS. The logs of your DNS server reveal how you spend your time on the internet and analysis of this data may yield better analytics than Netcraft surveys, self-selected Comscore metrics, or Alexa toolbar data.

    The most interesting future, though, is when they get enough users to be able to track the spread of malware simply by looking at the logs. This, of course, will perpetuate the technological arms race by encouraging malware authors to not use the host system’s resolver libraries. Regardless, OpenDNS will get to differentiate themselves from the anti-spyware companies for a while, Microsoft will do some other kind of DNS-related security, they’ll get some interesting press, leverage their geek appeal, and the whole cycle of TechCrunch-style journalism will repeat itself.

    Here’s some context, in the form of Google queries:

    “verisign wildcard dns”
    “dns spyware”
    “dns trojan”

    Enjoy!

14. james kent
    

    July 19th, 2006 at 12:05 am

    I think the DNS system works great as it is. People have tried to set up alternative DNS systems which don’t work, e.g. allowing people to register .xxx domains that would only work on their service.

    The privacy concerns over who has access to what websites I use (via DNS lookups) are also big - i’m not sure who i’d trust with that.

    If you have flaky DNS, point to other regular DNS servers!

    And, of course, the normal system it’s not reliant on any one provider to make function.

    Is it really faster, given that the servers are almost certainly further away in hops from your own ISP’s? And if it is fast, due to limited users, will it not just get slower as time goes along?

    Do we really need this?

    james

15. Steve
    

    July 19th, 2006 at 12:28 am

    I have been using OpenDNS here for quite a while and I must say I am happy. The overall happyness comes from the fact that OpenDNS - for us here - lives up to its claims to be faster.

    As a linux and network administrator with some knoweldge of how typical ISPs handle their DNS, I can tell this story: especially smaller, more regional ISPs tend to have not quite the fastest DNS servers really. In many cases DNS (or rather Bind) runs alongside other services on a machine or cluster of machines, but not just on its own. Here, OpenDNS has an entire large array of fast machines ONLY dedicated to DNS handling, also they use a DNS caching a lot, with a cache that nontheless gets updated fairly quickly. As we are domain name registrant as well I can tell for sure that new DNS entries get propagated to the OpenDNS system very very fast - although there is the DNS cache in between “me and the DNS server”! So this tells me they know a lot about DNS and a lot about server clusters and how to optimize both for superior DNS service.

    The result is a faster rendering of web sites in a browser. Certainly, the speed is limited by your own bandwidth. However, the bandwidth you got is only the data flowing to you. Before, however, anything can flow (like text and graphics, animations, videos, music, etc.) a query needs to be done to convert http://techcrunch.com to its IP address. This IP address is sent back to the browser and THEN it really just starts pulling the data from the Net.

    Now, if your ISPs DNS service is not the very fastest around (which unfortunately is true for 95% of all ISPs, and its not their fault really, they must concentrate on the essential part of being ISP in order to be competitive) using OpenDNS HAS the great advantage that the name-IP-resolution gets done extremely fast and the browser thus is able to actually start loading the page much quicker then using your regular DNS.

    Of course, I completely agree that it can be rather dangerous too if DNS gets “centralizes”. But then: we should start blaming Google, too, for centralizing the internet, don’t you agree. I mean, it always depends on the company and its responsibility.

    And just like Google, or OpenDNS, or the bad TV program of last night: noone FORCES you to use these services or watch that bad movie: you got a choice, if you don’t like it, switch to something else. So THIS alone should be enough power by the user himself to decide if or if not he or she is gonna use something or not. It is not that OpenDNS forces anybody to use their service!

16. Roy
    

    July 19th, 2006 at 3:01 am

    The essential problem with *any* wildcard DNS system is simply that it breaks DNS. Under this scheme, it’s impossible to determine that a given domain name does not exist, because all queries resolve. Remember that not every DNS query comes from a web browser with an interactive user behind it.

17. Jason Hansen
    

    July 19th, 2006 at 5:54 am

    Kenny (comment # 2) mentioned earlier:

    “The only problem is that it resolves domains without any “.com” or “.net” — so say i want to go to ebay and type “ebay” without a .com, I get the ads.

    no dice.”

    When I type ebay in Firefox without the http://www. or .com & just hit enter. It takes me to eBay’s website. I’ve been using OpenDNS for about 2 weeks and found no faults. Can’t even notice that I am using a third party DNS.

18. Eric the Red
    

    July 19th, 2006 at 5:56 am

    Honestly, if a couple of hundred of milliseconds of DNS lookups bother you be a real man and type the raw IP address. There: no more pesky DNS lookup.

    Although really, compared to the amount of data most web pages send to your machine these days (what with that fancy AJAX and multimedia and whatnot) it should not really matter.

19. Xepo
    

    July 19th, 2006 at 6:13 am

    >>Honestly, if a couple of hundred of milliseconds of DNS lookups bother you be a real man and type the raw IP address. There: no more pesky DNS lookup.

    It’s not a couple hundred milliseconds for me. My ISP’s DNS takes about 5-10 seconds to resolve *anything*. OpenDNS usually takes about 50 milliseconds. It’s a *huge* speed-up.

20. Cary Fields
    

    July 19th, 2006 at 6:17 am

    I’ve been using OpenDNS at home. I think its a great idea. Over the past 5 years I’ve noticed a lot of problems with SBC/ATT&T DNS servers in the L.A. area and welcome a DNS service provider, esp. one that’s free. I’ve noticed a speed improvment, but haven’t seen the auto correct or antiphishing.

    One thing people need to realize is that you have a choice now, where before you didn’t, well, didn’t really. If you choose not to use their service for whatever reason, good for you. Dont.

21. generix
    

    July 19th, 2006 at 6:51 am

    I’ve been on Comcast for years now and watched their DNS go from bad to unusable. There was a period of an entire week where their DNS servers were not working, leading to basically zero use of Internet services during that time along with multiple half-day and hours long spots where nothing would resolve.

    I’ve been using OpenDNS for a while now and have noticed very good speed and great reliability and as far as the spell correction and anti-phishing stuff, I have that turned off so I’m still “handling that all on my own.” I’m a pretty technical person and I’d much rather use this than any of the much slower DNS servers I attempted to use to get away from my ISP-provided ones. Now I have really fast DNS and I forgot I was using 3rd party until I saw this article.

22. Cardiakke
    

    July 19th, 2006 at 6:57 am

    I’ve been using it.
    I am happy with it.
    It is MUCH, MUCH faster than the DNS servers of my ISP.
    I do not give a damn about the “business model”.
    If it stops responding one day, I’ll just switch back to my ISP’s DNS servers.
    In the meantime if some venture capitalist wants to throw away his money so that I can get VERY FAST DNS responses, I like it!

    #2 Kenny: I do not get that behavior.
    #19 Xepo: same speedup for me.

23. paddler
    

    July 19th, 2006 at 7:11 am

    I switched from my ISp’s (Adelphia) DNS server to a much faster one a almost as soon as I got cable internet installed a few years ago and it has made a huge difference. OpenDNS is just as fast as the one I have been using … but not (noticeably) faster. Google on free DNS servers.

    I am in charge of a small few hundred IP DNS server at work and being a techy person I prefer not having things done for me in the background. I like my DNS pure. For your average user this added protection could be valuable. Nothing wrong with making a living providing it either as long as it doesn’t break anything.

24. David Ulevitch
    

    July 19th, 2006 at 7:15 am

    All,

    Mike called me at like 1am last night to talk about this post. He knows this article was pretty fucked up. Mike discusses it briefly here: http://www.crunchnotes.com/?p=238 I encourage people to read the crunchNotes post. I wish it were linked to the bottom of this post along with the rest of the positive reviews.

    I think it goes without saying that we all would like Mike to go back to writing the majority of the posts. Even a negative review from Mike would be well researched and accurate and welcomed by me. This wasn’t that though, I was never contacted and real DNS experts (Mike, you don’t count) were never consulted. I’m confident next time they will be.

    As always, I welcome the feedback though, just not sure where it is in this article.

    David

25. Archimedes Trajano
    

    July 19th, 2006 at 7:16 am

    I liked OpenDNS except for one small problem, the VPN. I have trouble accessing intranet addresses when I have OpenDNS set up.

26. Jon
    

    July 19th, 2006 at 7:56 am

    Is it just me or does it seem like theres a bunch of astro-turfing going on in this thread.

    So many commenters claiming to have ‘used it for weeks’ and ‘omg it so fast’.

27. David Redekop
    

    July 19th, 2006 at 8:22 am

    Unfortunately most of the negative comments are from folks that don’t really understand the true value of OpenDNS.com. We cannot think about just us, the dns-knowledgeable folks and how it may benefit us. Those of us that provide IT services to clients or at our employment need to think in terms of the benefits for the masses of users you are working to protect. That is an IT person’s humble work, isn’t it?

    In countries were bandwidth is very expensive (Africa, for example, has a cost 90 times higher than the North American cost) ISPs tend to _all_ use transparent proxies. In that case using OpenDNS on client machines or even local DNS servers does not work as all http requests (and their DNS lookups) are being handled by the ISP’s transparent proxy server, not your own server.

    The only solution I can think of in that case is for the ISP’s transparent proxy to use OpenDNS. I would love to see some testimonials from ISPs that use OpenDNS on their transparent proxy servers.

28. Iain
    

    July 19th, 2006 at 8:31 am

    “it will understand misspelled URLs, something I know that I rarely experience and am perfectly capable of taking care of myself”

    That may be true, but upon attempting to reach the Microsoft Vista website one might try http://vista.microsoft.com, a perfectly reasonable guess. OpenDNS recognises this site doesn’t exist and provides a list of alternatives.

    The top alternative is the correct one: http://www.microsoft.com/windowsvista/

    For this sort of functionality alone it is worth it, and more than allowable for them to make some sort of advertising revenue.

29. Riley Dutton
    

    July 19th, 2006 at 8:40 am

    I gotta say that I have been using OpenDNS for about a week now, and thus far I’m pretty pleased with it. As stated earlier, I don’t know where this claim that the ad-supported stuff comes up all the time originated. I myself have only seen this page one time, and to be honest it’s fine with me. Chances are if I misspelled a URL before I was going to get some advertising site with tons of pop-ups and possibly malware — at least this way it’s revenue going to a company that’s actually providing a beneficial service for me.

    It’s also hard to qualify, but I believe that my page surfing speed has increased, especially regarding pages that I visit frequently - such as Google and GMail. The speed increase isn’t huge by any means (I already have a fairly fast connection), but anything that gets me to my email faster for free, and does it as unobtrusively as OpenDNS, deserves a nod in my book.

    Thanks!

    Riley

30. derf
    

    July 19th, 2006 at 8:45 am

    The business plan likely includes logging DNS queries with requestor IP addresses, then selling the aggregate data.

31. saurab
    

    July 19th, 2006 at 8:50 am

    This appears to me to be a more well-behaved “tongue-in-cheek” version of Verisign’s SiteFinder, a program that was heavily opposed by ICANN and was eventually taken down. Of course, there are some major differences (but it smells the same on a smaller scale):

    1. Verisign being the traffic router for every single web address ending with .com or .net, was in a position to exploit ***ALL*** traffic to non-registered domains (often a result of mispelling popular ones) via pay-per-click. There was no way to opt out, as long as the service was online. With OpenDNS, there is an opt-in system in place. Big difference.

    2. According to Comment #1:
    “It should be mentioned that you only see advertisements when you really, really mangle a URL — as they say on their site, typing something like craigslist.og will automatically take you to craigslist.org”

    This was not the case with SiteFinder. Every single hit to a non-registered domain was redirected to Verisign’s PPC-infested pages, even if the mispelling was on account of one incorrect character. OpenDNS is obviously proceeding more cautiously (as well they might).

    3. SiteFinder disrupted the working of Whois programs, because every availability request for an unregistered domain actually resolved (to verisign’s servers), so whois clients found it difficult to figure out whether the domain in question was actually registered, or was available for registration. I guess this wont be a problem with OpenDNS, because they’re not operating the registry, only probably adding a proxy layer in between.

    In any case, I think the business model of pay-per-click can net in big $$$
    especially if ISPs make use of their services. Imagine a 6 year old kid typing in gogle.com and being taken to OpenDNS’s PPC pages. Of course as comment #1 notes, this isnt happening now, but who knows what’s going to happen after an year or so….

32. Observer
    

    July 19th, 2006 at 9:40 am

    Two things:

    1) Since my ISP’s DNS crashes ALL OF THE TIME, it’s nice to have another address that I can use why they try to figure out WTF. (Charter ay my home and BellSouth at my office.)

    2) I don’t really see a big performance improvement and have noticed that the ping times for the OpenDNS servers are actually longer than my local ISPs. (I have not researched lookup times.) OTOH, it’s isn’t any worse.

    So, if it weren’t for item #1, I wouldn’t bother. Having a backup choice for DNS lookup is nice.

    Could somebody do some REAL benchmarks with different ISPs to see if there is an actual improvement?

33. Andrew
    

    July 19th, 2006 at 9:56 am

    In reply to BlogReader’s comment #9 re: alternic. Alternic is defunct. It’s main guy got picked up for wire fraud in 97.

34. Bill
    

    July 19th, 2006 at 10:12 am

    OpenDNS might be something (as suggested) for say, my Mom, but probably not for me. If you want to impress the tech crowd and get mass signups, figure out a way to give me shorter routes to gaming servers and things of that nature.

    While I don’t care if it takes .01s or .005s to lookup a name, it would be awesome to cut my # of hops down from 15 to 7 between me and a server I’m gaming on!

    Just my 2 cents.

35. Justin
    

    July 19th, 2006 at 10:21 am

    I’m an OpenDNS user, and for me personally it’s worked fine. I’m still a bit leery just because anything this nice has to have a catch. In any case, if I was back in the states I probably wouldn’t notice the increase in speed I have here. Before switching, I used to get continuous DNS error pages on about 30% of the pages I would try to surf to. I mean, these were the usual pages.. Yahoo, Google, Ebay, would almost half of the time give me a PLEX page error. Even if I didn’t get an error, it would take at least 10 seconds for the browser to display the page. I’ve tried a few of the other DNS servers, but none of them have the speed increase (for me personally) that this one does.

    Unless they do something monumentally stupid (Sorry David, but it’s almost expected in today’s business model) I’ll continue to use OpenDNS. Thanks for creating this, and I wish you continued success in it.

36. Mark
    

    July 19th, 2006 at 1:06 pm

    OpenDNS messed with my home LAN.

    I’ve got a MAC and two PC’s on my home LAN. On the MAC (my main machine) I have set up aliases for the other two machines and the router (similar to the way XP’s hosts file works). This means for example I can type ‘router’ into the Firefox address bar instead of ‘192.168.2.1′ to get to the router configuration. I can also remote desktop to the other machines by specifying their aliases instead of IP addresses.

    With OpenDNS set up in my router this no longer works. My suspicion is that OS/X queries the DNS service before looking in its own table or machine aliases. So, because OpenDNS returns a result for ‘router’, I get the OpenDNS page of adverts instead of my 192.168.2.1 router.

    I wonder if WinXP hosts file works the same way but I don’t have time to test it. Too bad.

37. Björn
    

    July 19th, 2006 at 7:40 pm

    WinXP works the other way around. If this wasn’t the case, all “adblocker” HOSTS files on the web wouldn’t work anymore.

    Personally, I don’t need to use a third party DNS since my ISP provided me with 2 rock solid and fast ones.

38. Jaydee0007
    

    July 26th, 2006 at 7:41 am

    All,

    This service is all fine and all that but… all queries are paassing thru this server, that means that this business (it is after all here to make money and give a return to investors) is in a great position to find out EVERYTHING you do on the net: where you go, what you like, when you surf, what you are looking for, etc… a perfect model to, in turn, collect demagraphics and then target adverts… or to target anything they want. I’m not very omfortable with that.

39. Rav
    

    August 22nd, 2006 at 1:58 pm

    I am using this service past 20 Days as far as iam satisfied. My ISP Dns is really dropping client requests - I called them so many times - they weresaying problem at remote sites - sites like market kings yahoo!,MSN … etc ..hummm..Non sense Now my problem solved. Becoz i tested with 2 systems - First box with configured With My ISP DNS and 2 BOX with OpenDNS…
    The difference is clearly visible.

    I may not say this service is suitable for all …. But Home users works !!!

40. mohammado
    

    January 26th, 2007 at 5:00 pm

    I need URL to my
    IP:http://212.38.140.54/