OpenDNS-Faster Internet!

  • Thread starter Deleted member 143938
  • Start date
D

Deleted member 143938

Guest
Hi all. I just found this website: www.opendns.com, when you use it (not a program or anything), it uses a different DNS server, and now my internet loads faster and my internet speed is about 200kb higher than before!
Give this a try :cool:
 
Tylerdurdened said:
my internet speed is about 200kb higher than before!
Click to expand...

are you serious?
is this a joke?


I am interested to know if their DNS is indeed, any faster.
not that it really matters though.... also always good to have some public DNS if needed
 
sdy284 said:
how difficult is this to setup?
Click to expand...
4 seconds on their website reveals

Preferred DNS server address for Open DNS is:

* 208.67.222.222

Alternate DNS server address for Open DNS is:

* 208.67.220.220
 
it is fairly easy to setup, but can actually screw up resolution of some sites, as it has wild card matches which means if you type in a url to the likes of blah.com and there is no record it will direct you to a search page, rather then allowing your browser to attempt www.blah.com first, which may resolve properly. I didn't notice much performance gain though, as resolution of domain names doesn't take that long and the name ends up cached locally for a while any ways.
 
You are at least partially wrong.

Thanks for playing,
-Reality

ps: If your ISP's DNS are that slow, you will see faster DNS resolution times = faster initial responses for non-cached hosts, if you see faster sustained bandwidth its because of something else.
 
Tylerdurdened said:
it uses a different DNS server, and now my internet loads faster and my internet speed is about 200kb higher than before!
Give this a try :cool:
Click to expand...
Grade A bullshit. Tylerdurdened, you may think you've found the holy grail, but you'll have to trust me on this: It's a load of shit. You barely touch DNS through the course of your normal surfing. You query your DNS server for an IP, which it will typically feed back to you within milliseconds. Your computer then caches this result for x amount of time, so when you need it next it's near enough to an instant response time as to not make any difference. In order for this service to increase your percieved bandwidth, it would have to be smart enough to

A) Know when you are downloading a file
B) Know of a faster mirror
C) Redirect you.

None of which it's doing. Now, let me tell you what is happening:

A) Viral marketing, trolling for suckers who what MOAR SPEED ( note that I am not saying anybody in this thread works for a viral marketing firm. It's heavily implied, sure, but I would never say it )
B) Sitefinder. Yes yes, it has a nice little spiel about why it isn't like site finder. Call a horse a horse.
C) Sell DNS stats to "interested third parties". I read their privacy policy. It has enough holes to make swiss cheese blush.

Stay far away from this service.
 
ooo....another 'Yay! OpenDNS!' thread... for me to tear apart :cool: .

Firstly, all OpenDNS is a caching Internet Nameserver (DNS Server) that provides free DNS Services to people who may experience timeouts or lag on their ISP's DNS Servers. It also incorporates some other features like URL correction and an IP based OpenDNS 'account', where you can select a few different settings for your Internet connection when it's using OpenDNS's DNS Servers.

While this all sounds too good to be true, there is a catch that the OpenDNS website DOESN'T talk about. The founder of the project used to be heavily involved in the on-line advertisments industry, with links to Spyware\Adware\Malware coupled with it. Where is OpenDNS's gaureentee that a person with that kind of history is a loving, kind soul who doesn't get:

  • Personal Information
  • Credit Card numbers
  • Browsing History
  • etc.

when you're using their service? No where. Terms and Conditions mean very little to someone who can rip people off for millions and get away with it.

Personally, my advice is to stear clear of it all.

The claims that 'Tylerdurdened' mentioned about getting a 200Kbit increase in speed is very unlikely. Unless mere KB of data in the form of DNS requests were clogging up your whole connection, I find that hard to belive.

Despite all this, I know many who are pleased with OpenDNS and don't have any problems with it. OpenDNS is quite easy to setup as well (Just enter the Primary and Secondary OpenDNS DNS Servers into your Modem\Router's DNS Settings or in XP's DNS Settings and you're good to go).

This is all just my OPINION however - I'm just giving some advice, which may be a little off the mark in some places. If so, please correct me - I'm a lifelong learning type of guy :D .

Hope this helps - again, just my 2c.
 
I don't see how they could be jacking your information unless they are redirecting you to a fake site, which would constitute fraud and end them in big trouble. Unless you are using them for some sort of proxy service... but I don't think they are offering that? They are no doubt selling as already stated the DNS stats, but beyond that they shouldn't be able to do a whole lot without getting into some serious trouble.

Also note that you should never, ever send personal information or send a password in cleartext, always use some form of public encryption (SSL/HTTPS) even if its just e-mail. Otherwise they would have to break the cerficates key which is highly unlikely (and also illegal), and perform fraud. If you arn't using encryption a simple redirect could scam you.
 
hokatichenci said:
I don't see how they could be jacking your information unless they are redirecting you to a fake site, which would constitute fraud and end them in big trouble. Unless you are using them for some sort of proxy service... but I don't think they are offering that? They are no doubt selling as already stated the DNS stats, but beyond that they shouldn't be able to do a whole lot without getting into some serious trouble.
Click to expand...
Sure they can, and without getting into trouble. Every bit of data you enter into any form is suspect from the moment you enter those addresses into your TCP settings. Is all your form data encrypted ?
Also note that you should never, ever send personal information or send a password in cleartext, always use some form of public encryption (SSL/HTTPS) even if its just e-mail.
Click to expand...
People that understand the why of this are the very same ones who should know the kind of damage a service like this can do.
Otherwise they would have to break the cerficates key which is highly unlikely (and also illegal), and perform fraud. If you arn't using encryption a simple redirect could scam you.
Click to expand...
In the world of security, you attack the weakest link, not the strongest. And the weakest link here is the user. Why would I try break an SSL cert when I could comprimise the machine earlier and install my very own spyware on it?

You'll forgive me if I'm openly suspicious about a solution in search of a problem. There is no need for this kind of service; DNS isn't a problem like it was in the early days of dial up internet ( 93-96 era ). Add on top of that the somewhat "colorful" marketing and that DNS is such a critical service. Too big a risk for no benefit.
 
You're missing the point, if all they are offering is a DNS service, it doesn't matter where you get the DNS from, as long as they are truthfully honoring DNS->IP resolutions they can't inject any code. They are not routing packets towards them, they are simply handling the DNS resolution, remember how this all works:

Code: 
Client wants to access www.bringbacktheporn.com

Client->DNS Server requesting www.bringbacktheporn.com
DNS Server->Client www.bringbacktheporn.com is 256.240.212.2
Client->256.240.212.2 HTTP 1.1 HOST www.bringbacktheporn GET /
256.240.212.2->Client HTTP RESPONSE...

The only opportunity to sleight of hand some spyware in would be in redirecting the DNS to something that you requested, however any research would likely discover this relatively quickly. You are not using them for a proxy, you are using them for DNS. There is a difference. I strongly advise people to use their ISP's default DNS servers as chances are there is a less likely chance for something wrong to occur. If you are that paranoid, run your own on a high security system (SELinux G-H/OpenBSD etc).

Just for entertainment, I'll expose how a redirecting MITM attack would look:

Code: 
Client wants to access www.bringbacktheporn.com

Client->DNS Server requesting www.bringbacktheporn.com
DNS Server->Client www.bringbacktheporn.com is 1.240.212.2
Client->1.240.212.2 HTTP 1.1 HOST www.bringbacktheporn GET /
1.240.212.2->256.240.212.2 HTTP 1.1 HOST www.bringbacktheporn GET /
256.240.212.2->1.240.212.2 HTTP RESPONSE
1.240.212.2 mangles HTML to include spyware/malware exploit
1.240.212.2->Client HTTP MANGLED RESPONSE

MITM attacks are costly and expensive - and you can't MITM a bank if the person notes that it is no longer secured or does not have the proper image ID or whatever other security measures are normally there(yes I know some systems are currently broken, they'll fix it soon enough). They could redirect you to a misspelled version, but once again, misspellings are likely to be noticed and a misspelled domain name trying to attain a valid certificate is unlikely to receive it. Is it impossible to insert malware and the like? No. Is it easy for anybody to run a research bot to make sure that they arn't cheating the system? Yes.
 
hokatichenci said:
You're missing the point, if all they are offering is a DNS service, it doesn't matter where you get the DNS from, as long as they are truthfully honoring DNS->IP resolutions they can't inject any code.
Click to expand...
Therein lies the problem. Do we trust opendns? I don't. From the word go, they give me reasons not to. Are they running a legitimate operation, looking out for my personal info? Possibly. Maybe even likely. But do I trust them? No. So why would anybody take that risk when there are more reputable DNS servers out there?

A cracked DNS server can be used for all sorts of fun, cache poisoning is a good example of this. This isn't implying that opendns would be operating at the same level as a cracker with a dns toolbox, but merely to illustrate a point.
 
XOR != OR said:
Sure they can, and without getting into trouble. Every bit of data you enter into any form is suspect from the moment you enter those addresses into your TCP settings.
Click to expand...

You're missing the point of the previous guy's post. The only data sent to a DNS server is a request to look up the IP of a domain (not the data you intend to send to that domain), then it sends back that IP (or a not found, and in this case redirects to a clearly labelled page). The only way they can collect the data you're going to be sending (ie CC#, passwords, etc) is to redirect you to a fake site, which is detectable by any reasonably competent/aware person (and defeated by SSL etc).

I use OpenDNS, and I think it's great. I can say that it definitely doesn't redirect to any false sites, and even has phishing warnings available if you want. It's something that shouldn't really be needed, but often is - in my experience with 3 of the big ISPs around here, the most common cause of net problems isn't the actual connection going down, it's the DNS servers going down (or being extremely slow).
 
We're on the same side here in the end I think, but I just don't think it is as big of a gaping security hole as it is made out to be.
 
Umm. Well what I said in my first message was how I think it works, I certainly don't have any facts. But it DID increase my speed by 200kb, on testmy.net and speedtest.com I was getting 2.2MB dl, after using this DNS change I'm getting 2.4-2.5 constant, and websites MOST DEF load much faster. Use it or not, up to you, but I'm using this on every setup from now on.
And for the record, I'm using AT&T DSL, I doubt they would use crappy DNS servers or whatnot, but I bet they're mostly filled up and/or overloaded, which is why I'm seeing a speed increase on my end.


Oh, and this was mentioned as one of the top 101 websites on CNET, and I'm willing to bet CNET knows more than most of you do. So again, on my end, it's thumbs up, if you think it's spyware, don't point the finger on me, that's your problem, I'm simply pointing this website out that I found to be great for myself.
 
A DSN server CAN NOT increase your speed. It resolves names. That's it. That's what DNS stands for. It doesn't magically up your bandwidth.
You type "google" and it translates the name to an IP address. That's it!
 
Tylerdurdened said:
Umm. Well what I said in my first message was how I think it works, I certainly don't have any facts. But it DID increase my speed by 200kb, on testmy.net and speedtest.com I was getting 2.2MB dl, after using this DNS change I'm getting 2.4-2.5 constant, and websites MOST DEF load much faster.
Click to expand...
By all means, use what makes you happy. Just understand that a simple DNS server can not, in any way, increase your bandwidth. Latency, maybe ( not by much ), but bandwidth more certainly not.
Oh, and this was mentioned as one of the top 101 websites on CNET, and I'm willing to bet CNET knows more than most of you do.
Click to expand...
That's a losing bet then. Most of us know more than CNET's hacks.

As I said, use what makes you happy. I would prefer you educate yourself a bit, but if you'd just rather use it and be happy, by all means.
 
Tylerdurdened said:
I certainly don't have any facts. But it DID increase my speed by 200kb, on testmy.net and speedtest.com I was getting 2.2MB dl, after using this DNS change I'm getting 2.4-2.5 constant, and websites MOST DEF load much faster.
Click to expand...

Hello contradictory thought process. If you think you saw an increase, it is not because of the DNS switch, if it was because of the DNS switch the software is faulty in some way and you are not getting a "real" increased throughput. I am not going to bet that you arn't seeing an improved response, that is exactly what I'd expect if I moved from a slow DNS server to a fast DNS server. Throughput is not necessarily related to latency. (Burn a DVD, bring it a machine next to it and copy it: this is a high latency, high throughput transfer, whereas transferring it over 10mbit would be a low latency, low throughput transfer).

Oh, and this was mentioned as one of the top 101 websites on CNET, and I'm willing to bet CNET knows more than most of you do.
Click to expand...

Personally, I'll stick to what I know. As I'm nearly finished with my degree in Computer Science with a focus in Networking/Distributed Systems, plus having taken a course in applied cryptography as well as being involved in distributed systems security research for about a year, I'm content with my knowledge domain regarding this specific topic. If you have any questions I'd be happy to fill in any answers.
 
The Hunter said:
You're missing the point of the previous guy's post. The only data sent to a DNS server is a request to look up the IP of a domain (not the data you intend to send to that domain), then it sends back that IP (or a not found, and in this case redirects to a clearly labelled page). The only way they can collect the data you're going to be sending (ie CC#, passwords, etc) is to redirect you to a fake site, which is detectable by any reasonably competent/aware person (and defeated by SSL etc).

I use OpenDNS, and I think it's great. I can say that it definitely doesn't redirect to any false sites, and even has phishing warnings available if you want. It's something that shouldn't really be needed, but often is - in my experience with 3 of the big ISPs around here, the most common cause of net problems isn't the actual connection going down, it's the DNS servers going down (or being extremely slow).
Click to expand...

Those site phishing warnings are based more then likely only based on domain, not IP address. Also if you haven't noticed how many people ever actually check that they are using a secure site besides those smart enough NOT to use this service?

Tylerdurdened said:
Umm. Well what I said in my first message was how I think it works, I certainly don't have any facts. But it DID increase my speed by 200kb, on testmy.net and speedtest.com I was getting 2.2MB dl, after using this DNS change I'm getting 2.4-2.5 constant, and websites MOST DEF load much faster. Use it or not, up to you, but I'm using this on every setup from now on.
Click to expand...

Most likely the increase was simply due to a change in time, less congestion on the network or just a matter of luck of the draw. Do those test on the hour for 24 hours, then do the same again with out using OpenDNS, you might be surprised how much just a change in time will effect your performance. Also make sure to use multiple locations for the tests. Now it might be possible that OpenDNS did help with resolve times, I don't doubt that if your ISPs caching name servers are over worked or just plain crap, but you could get the same effect by using some other caching name server or even setting up your own.
 
I've tried it, friends have tried it....all of us found it noticably slower. Unless your ISPs DNS servers are in HORRIBLE shape and perform glacially slow...these servers will be slower.
 
Xipher said:
Those site phishing warnings are based more then likely only based on domain, not IP address. Also if you haven't noticed how many people ever actually check that they are using a secure site besides those smart enough NOT to use this service?
Click to expand...

Alright, if you type in a URL and end up getting redirected to an IP address, wouldn't you think it fishy to begin with?

True, some Phishing filters only work by domain. There are some out there that don't, however.
Like IE7 or not, it's Phishing filter actually works. It isn't entirely domain-name based.

I think you are just way to freaking paranoid. For someone that should know better, why are you so scared you'll get caught up in a phishing website?
When I want to use PayPal, I go to www.paypal.com. I'm not stupid enough to click on someone else's link to go to it (and if I ever do, IE7 would catch that if not legit).
If I want to use Ebay, I go to www.ebay.com.

All OpenDNS could do is send you to a fake website. Considering this has NEVER happened (so me one case where someone typed in a known valid website, and got sent to a phishing website by OpenDNS), they have tons of people using it, which means tons of eyes are on it, there is nothing to worry about.

I personally like OpenDNS. It fixes a few typos. Even has a moderate search engine if you mispell a domain name. It blocks known phishing websites.
I really didn't see an increase nor decrease in speed (I'm actually running at 100% bandwidth that Suddenlink gives me). The little extra features made me go for it, and I like it.
 
As an eBay Associate, HardForum may earn from qualifying purchases.
Alright, I've been here for a while. I feel I generated a least a halfway decent reputation. I consider myself pretty thorough on security. With that being said:

OP: Not to be harsh, but you have no clue what you are talking about. Other have explained why what you say couldn't possibly be true, and they are completely correct.


Security is a balance. On on end of the scale you have accessibility, and on the other end you have security. The more accessible something is, the less secure it will be. The more secure something is, the less accessible it will be. The goal is to find the right balance of these two opposites. Some times we have to make sacrifices in accessibility in the name of security, and some times we have to make sacrifices in security in the name of accessibility.

On to DNS. The potential for DNS poisoning exists on every DNS server. No system can ever be 100% secure. Hackers could find a new vulnerability on any DNS system and exploit it. (Link) With that in mind, there is no real difference between OpenDNS and any other DNS servers when it comes to this point.

One difference that could be stated between OpenDNS and other servers is not security vulnerabilities, but the willful attacks made by the administrators of the server. That's the real risk you take when you use OpenDNS.

But you have to ask your self, how much of a risk is this? A common security practice is to not trust any system you don't control. But if we adhered to this 100%, the internet would not exist. No matter what servers you use for DNS, you are inherently trusting the administrators to accurately deliver name resolution for you.

Back to my question. How much of a security risk is this? No one but the administrators of their systems can fully answer that. The beauty of the internet is the information it provides. If OpenDNS was attempting any type of malicious redirection, this would probably be mentioned somewhere on the internet. I have yet to find any such information.

My personal opinion: I have been using OpenDNS at home since the day the started providing service. It has been far more reliable than my ISP DNS servers. I don't like how they redirect you to a search page when the domain is unknown. But, as we learn in economics, there is no such that as a free lunch. I haven't seen the anti-phising mechanisms work because I never go a phising site. Several of my clients use it as well. I do use the service when I configure system and have yet to encounter any problem with doing so.

I think I'm done typing for now... :)
 
zacdl said:
Alright, if you type in a URL and end up getting redirected to an IP address, wouldn't you think it fishy to begin with?
Click to expand...

Are you a downright fool? You wouldn't be redirected, they could simply change the freaking answer on you. You ask for a fqdn, they give you an IP, that IP could be directed at some one elses server. Have you never heard of DNS cache poisoning before?

MorfiusX said:
Back to my question. How much of a security risk is this? No one but the administrators of their systems can fully answer that. The beauty of the internet is the information it provides. If OpenDNS was attempting any type of malicious redirection, this would probably be mentioned somewhere on the internet. I have yet to find any such information.
Click to expand...

I haven't seen any reports myself, and I don't think they would do this either
 
XOR, Xipher:

Give it up. You're wasting your time arguing with idiots.
 
Hey, if I can explain something and enlighten some one, I am happy, even if it isn't the intented person.
 
shade91 said:
XOR, Xipher:

Give it up. You're wasting your time arguing with idiots.
Click to expand...

I sorta did already. I argued my case, gave people the benefit of my knowledge. They can choose to listen or not.

You can lead a horse to water and all that.
 
You must log in or register to reply here.
Back
Top