OpenDNS

nessus

2[H]4U
Joined
Jan 30, 2001
Messages
2,221
Seems like an interesting concept. Of course I have my own caching DNS at home and any 3rd party in the DNS chain makes me think twice...

You can sure tell when the first articles about them were published from their stats. I've set them up as a forwarder to play with on one of my home DNS boxes.

http://www.opendns.com/
 
I have my own cache at home as well... but meh, I'll give these guys a try as well.
 
I don't like the concept. I just don't think DNS is the place to correct typos. On top of that, automatically resolving to the "correct" address without alerting the user that he made a typo seems bad. And I'd like to see some benchmarks that compares the speed of their resolutions compared to the speed of a typical users' ISP's resolutions. Of course that would be somewhat difficult to test. I'm sure most ISPs have at least some DNS caching.
 
jpmkm said:
I don't like the concept. I just don't think DNS is the place to correct typos. On top of that, automatically resolving to the "correct" address without alerting the user that he made a typo seems bad. And I'd like to see some benchmarks that compares the speed of their resolutions compared to the speed of a typical users' ISP's resolutions. Of course that would be somewhat difficult to test. I'm sure most ISPs have at least some DNS caching.

It's actualy realy easy to test. About 5 minutes with Ethereal and NSlookup.
 
moetop said:
It's actualy realy easy to test. About 5 minutes with Ethereal and NSlookup.
The complications enter when your ISP doesn't have a particular domain name cached. The first time you request it, your ISP's DNS server will have to send a request to another server, introducing delay. After the first time, though, the ISP's server will have it cached. Once it is cached, it will be quite fast, most likely faster than opendns's. To get accurate results, one must test several times. I suppose the best way to test might be to test several domain names a single time, once each with your ISP's server and opendns's server.
 
jpmkm said:
The complications enter when your ISP doesn't have a particular domain name cached. The first time you request it, your ISP's DNS server will have to send a request to another server, introducing delay. After the first time, though, the ISP's server will have it cached. Once it is cached, it will be quite fast, most likely faster than opendns's. To get accurate results, one must test several times. I suppose the best way to test might be to test several domain names a single time, once each with your ISP's server and opendns's server.
I agree with all that. I think OpenDNS could be quite nice for those who have ISPs with crappy DNS servers. I remember when I had Comcast, their DNS servers just totally sucked. I used a friend of mine's colocated server and name resolution was damn near instant, even first-time lookups were fast. Then he couldn't afford to colo anymore and I started my own caching-only server.

I'm just curious to see how well this works out, not that I expect any actual performance gain. Just for the experience.
 
jpmkm said:
The complications enter when your ISP doesn't have a particular domain name cached. The first time you request it, your ISP's DNS server will have to send a request to another server, introducing delay. After the first time, though, the ISP's server will have it cached. Once it is cached, it will be quite fast, most likely faster than opendns's. To get accurate results, one must test several times. I suppose the best way to test might be to test several domain names a single time, once each with your ISP's server and opendns's server.

Still not terribly difficult and within 5 minutes you should be able to find one that is not cached. Or just register a new name yourself.. :)
 
Blitzrommel said:
I agree with all that. I think OpenDNS could be quite nice for those who have ISPs with crappy DNS servers. I remember when I had Comcast, their DNS servers just totally sucked. I used a friend of mine's colocated server and name resolution was damn near instant, even first-time lookups were fast. Then he couldn't afford to colo anymore and I started my own caching-only server.

I'm just curious to see how well this works out, not that I expect any actual performance gain. Just for the experience.


Also if you dont run your own filter the fact that it filters out known phishing sites is an added plus.
 
moetop said:
Still not terribly difficult and within 5 minutes you should be able to find one that is not cached. Or just register a new name yourself.. :)
Well my point is that you need to run several trials in order to reduce error(introduced by unrelated network latency and such). Sure, you could easily find a domain name that isn't cached within 5 minutes, but once the nameserver resolves it, it will most likely cache it. And how do you determine if a delay is a result of a noncached domain name or of unrelated network latency due to congestion and whatnot?

Of course one could just disregard all those factors and just test ISP's resolution vs. openDNS's resolution, without regard for any caching schemes the ISP might implement. Though doing it this way might introduce too many variables to be able to accurately analyze the results.
 
Back
Top