DNS
@optonline.net
| Is it safe to use an open DNS rather than your ISP's DNS?
I currently use Optimum Online and their DNS has been very slow lately. I was advised to use Open DNS instead (208.67.222.222 and 208.67.220.220).
Is there any security risk to using an open DNS instead of Optimum's DNS? I do online banking and wanted to know if its safe. I have read online about DNS poisioning and other DNS threats but honestly I dont completely understand how they work. |
|
wxboss
This is like Deja vu all over again.
Premium
join:2005-01-30
Jacksonville, FL
clubs: | Back in March or maybe April of last year, myself and a lot of other Comcast users had to use a different DNS (I used a Level 3 one) just to be able to surf the net.
As far as security is concerned, I experienced 0 issues. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
1 edit | reply to DNS
See »Verizon Online DSL FAQ »What are the DNS servers? for a list of DNS servers of major providers now controlled by Verizon.
--
BBR's Shooting for a Cause! |
|
sded
Premium
join:2002-11-04
San Diego, CA
 ·DSL EXTREME
| reply to DNS
I use the GTE/Verizon DNS servers 4.2.2.1, 4.2.2.2, 4.2.2.3 along with those of my ISP because they are easy to remember.. Another good choice would be the AT&T DNS servers, 68.94.156.1 Primary 68.94.157.1 Secondary. Wouldn't know whether to trust OpenDNS, but figure Verizon and AT&T will probably keep things working. |
|
Just Bob
Premium
join:2000-08-13
Spring Hill, FL
| reply to DNS
I use TreeWalk along with 4.2.2.2 and 4.2.2.1.
TWDNS is a modified Bind 9 that runs on your own PC. It's a faster and safer solution that requires no expertise on the part of the user.
»treewalkdns.com/index.htm |
|
CylonRed
Premium,MVM
join:2000-07-06
Bloom County | reply to DNS
There is nothing about other DNS's that make them a security risk... |
|
Just Bob
Premium
join:2000-08-13
Spring Hill, FL
| said by CylonRed  :There is nothing about other DNS's that make them a security risk... »arstechnica.com/news.ars/post/20···ers.html |
|
Kerodo
join:2004-05-08
Rancho Palos Verdes, CA
| reply to Just Bob
said by Just Bob :I use TreeWalk along with 4.2.2.2 and 4.2.2.1. TWDNS is a modified Bind 9 that runs on your own PC. It's a faster and safer solution that requires no expertise on the part of the user. » treewalkdns.com/index.htm Treewalk is nice, but it's not necessarily faster. Depends on how fast (or not) your ISP's DNS servers are. Mine are very fast, so I notice no improvement with Treewalk, however, at one time when I was having problems with my ISP's DNS servers, Treewalk saved the day. |
|
Just Bob
Premium
join:2000-08-13
Spring Hill, FL
| said by Kerodo :said by Just Bob :I use TreeWalk along with 4.2.2.2 and 4.2.2.1. TWDNS is a modified Bind 9 that runs on your own PC. It's a faster and safer solution that requires no expertise on the part of the user. » treewalkdns.com/index.htm Treewalk is nice, but it's not necessarily faster. It's hard to believe any server could be faster than 127.0.0.1.
 |
|
Kerodo
join:2004-05-08
Rancho Palos Verdes, CA
| said by Just Bob :said by Kerodo :said by Just Bob :I use TreeWalk along with 4.2.2.2 and 4.2.2.1. TWDNS is a modified Bind 9 that runs on your own PC. It's a faster and safer solution that requires no expertise on the part of the user. » treewalkdns.com/index.htm Treewalk is nice, but it's not necessarily faster. It's hard to believe any server could be faster than 127.0.0.1. Sure, caching is faster than an actual lookup, but every time you go somewhere new, there is an actually lookup which for me took longer with the Treewalk servers. Win caches entries also, just doesn't preserve them on reboot. |
|
Just Bob
Premium
join:2000-08-13
Spring Hill, FL
1 edit | said by Kerodo :Sure, caching is faster than an actual lookup, but every time you go somewhere new, there is an actually lookup which for me took longer with the Treewalk servers. Win caches entries also, just doesn't preserve them on reboot. Right, and TreeWalk preserves the cache over a reboot.
The key issue is really the response time of the server when busy. The DNS servers from my ISP respond to a ping in half the time or better than 4.2.2.1, 4.2.2.1 (approximately 12-15 msec versus 30 - 36), but the ISP servers struggle under peak loads.
Edit - corrected ping times |
|
CylonRed
Premium,MVM
join:2000-07-06
Bloom County
| reply to Just Bob
Redirection can happen anytime - not just from a DNS. Do you REALLY think OpenDNS is going to allow redirection that they implement to malware..? Seriously doubt it and if you not trust any DNS (after all ANY DNS could redirect at any time) then surfing won't be a lot of fun.
With the proper precautions - redirection of any kind is not any more dangerous than surfing the web. |
|
Just Bob
Premium
join:2000-08-13
Spring Hill, FL
| said by CylonRed :Redirection can happen anytime - not just from a DNS. Do you REALLY think OpenDNS is going to allow redirection that they implement to malware..? Seriously doubt it and if you not trust any DNS (after all ANY DNS could redirect at any time) then surfing won't be a lot of fun. With the proper precautions - redirection of any kind is not any more dangerous than surfing the web. »blogs.zdnet.com/security/?p=231
»blog.opendns.com/2007/05/22/goog···he-page/
I have faith that Level3 (4.2.2.2) hasn't resorted to such tactics as yet. |
|
jerry666
Premium
join:2002-12-12
Sainte-Anne-Des-Lacs, QC
clubs: | reply to DNS
treewalk for the last 10 years |
|
dlayphoto
join:2005-01-05
Des Moines, IA | reply to DNS
I've been using OpenDNS for over a year now and I love it. DNS requests are super fast (they use Anycast), and they have built-in phishing site protection (via PhishTank). Plus, their stats are kinda cool... |
|
TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
Yonkers, NY
| reply to Just Bob
said by Just Bob :I have faith that Level3 (4.2.2.2) hasn't resorted to such tactics as yet. Just curious, how is this a security risk? The articles you cite seem to indicate that Google and Dell are the one redirecting to a listing with a lot of ads.
Opendns does do a couple of extra things with DNS but are they really a security risk? Is correcting typos a security risk. I am curious, what is the actual security risk that opendns introduces. I recommended (I assume that is what the poster is talking about) Treewalk, opendns and other OOL servers. If there really is a security problem with opendns I wish someone would spell it out and in the future I will not recommend it.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
·AT&T Midwest
| Opendns does do a couple of extra things with DNS but are they really a security risk? If they redirect you to a site other than what you requested, then yes that is a potential security risk.
Is correcting typos a security risk. It is a typo if you intended to type one thing, but typed another. If OpenDNS really has implanted something in your brain to determine your intentions, then you should be very worried.
The chances are that they are not doing anything seriously nefarious. It is up to you to decide whether you trust them. My preference is to run my own DNS server.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.8 |
|
Just Bob
Premium
join:2000-08-13
Spring Hill, FL
| reply to TheWiseGuy
TWG,
In the normal course of events we would expect that our ISP has the opportunity to track our every move.
We know that NSA may also have that opportunity.
If we use third party DNS servers that's another opportunity for tracking.
If our DNS requests are then exposed to the wonderfully wide open world of advertising companies that's yet another tracking opportunity and another potential exposure to malicious ads.
If AOL, MSN, ABC, NeoPets, and many other sites can be found serving malicious ads, why would we assume that OpenDNS would not be subject to the same problems?
So after all that, yes, to some extent it is both a privacy and security issue. |
|
TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
Yonkers, NY
| reply to nwrickert
said by nwrickert :It is a typo if you intended to type one thing, but typed another. If OpenDNS really has implanted something in your brain to determine your intentions, then you should be very worried. Certainly, but correct me if I am wrong, they only correct where there is no DNS results for what you have typed and it is a common error in spelling. So while they of course could in a few cases misread where you wanted to go, I would guess they could be pretty accurate.
said by nwrickert :Opendns does do a couple of extra things with DNS but are they really a security risk? If they redirect you to a site other than what you requested, then yes that is a potential security risk. I am not sure what you are referring to here, if you are talking about where there is an error in spelling for a site or the google situation or something else. I would be happy to discuss either.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore. |
|
TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
Yonkers, NY
1 edit | reply to Just Bob
said by Just Bob :TWG, In the normal course of events we would expect that our ISP has the opportunity to track our every move. We know that NSA may also have that opportunity. If we use third party DNS servers that's another opportunity for tracking. JB
In the blog it is stated they are not tracking. So given someone wants to use an outside DNS server, which was the actual question, is there a reason to think opendns is less secure then any third party DNS server?
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore. |
|
