EvilZone
Hacking and Security => Hacking and Security => : NHAS April 05, 2014, 08:20:33 AM
-
Hey EZ, Just wanted to ask you guys what your thoughts on OpenDNS are.
At the moment I'm contemplating switching from my ISP's DNS to their one and was just wondering if anyone had any reason I shouldn't or information that I should be aware of before I switch.
Thanks for any info or just general opinions on OpenDNS.
-
Well in a lot of cases there is not much reason to switch nor is there much against doing so.
If you really want to do something useful with your DNS queries I suggest you setup your own caching DNS server on the network.
On slow lines and even on fast lines this can have quite the speed advantage.
At OpenDNS headquarters in beautiful San Francisco, CA, our world-class engineering team is obsessed with inventing new methodologies to eradicate malware, botnets and phishing through DNS, and use the system to intelligently route our users around it.
This is from their website, thats cute, nothing more imo.
The only problem with DNS as it is used for most systems is the lack of encryption on the queries.
There might be something to gain in that field as there are 'secure' alternatives.
-
Yeah guess I could setup a DNS server on our network I have a computer lying around not doing anything...
Oh and I'm pretty sure OpenDNS does support encrypted DNS queries.
See here: http://www.opendns.com/about/innovations/dnscrypt/
-
Yeah guess I could setup a DNS server on our network I have a computer lying around not doing anything...
Oh and I'm pretty sure OpenDNS does support encrypted DNS queries.
See here: http://www.opendns.com/about/innovations/dnscrypt/
I myself use pdnsd , I have a thread somewhere about basic setup combined with squid.
The only trade-off for encrypted queries would be the speed, not that irl this is noticable.
For one you would prevent snooping from your ISP which is something at least.
-
Okay thanks
-
I use googles DNS, no reason though. Just always have.
-
I use googles DNS, no reason though. Just always have.
Yeah, I was thinking about that. But i'd prefer if I had control of the DNS somewhat.
-
Yeah, I was thinking about that. But i'd prefer if I had control of the DNS somewhat.
Then cache it, a plus is that you can also use block lists/null routing of ad's, trackers and other internet whores.
Can run just fine on the same machine.
You could also increase the TTL's a bit , most devices don't hop that often anyway, it can eliminate quite some traffic.
One of the funny little things is that I never have ad's on youtube.
-
Hmm cant run it on the same machine 'cause I often turn it off so I think ill stick with chucking the DNS onto another one but thanks for all the knowledge proxx have a cookie.
-
Parents used it on the router to block pr0n as a kid... was terrible.
3 years before I learned how to change my DNS server on the computer.
Sad story. :'(
-
One of the funny little things is that I never have ad's on youtube.
Neither have I. And Adblock Edge is shit; I switched from ADB, and it was just pure fail.
As for OpenDNS, I've heard good and bad.
Bad:
"OpenDNS may cooperate with legal authorities and/or third parties in the investigation of any suspected or alleged crime or civil wrong." Obviously one of the worst parts is the logging aspect. They also log your queries for a time (I think for 72 hours). During which the gov't is free to send requests for such data without your knowledge. And the quote below confirms that suspicion:
"The Software together with the Service may collect certain data and information about your use and, if you are an entity, your individual users’ use of the Service (“User Data”). Any personally identifiable information contained in User Data provided to OpenDNS will be treated as set forth in the OpenDNS Privacy Policy available at http://www.opendns.com/privacy-policy/ (http://www.opendns.com/privacy-policy/). With the exception of any personally identifiable information you or your individual users submit, any information you transmit to OpenDNS via the Services related to the functionality of the Services and Software, whether by direct entry, submission, e-mail or otherwise, including data, questions, comments, or suggestions, will be treated as non-confidential and non-proprietary and will become the property of OpenDNS."
As far as the encryption, I would rather use DNS Crypt (http://dnscrypt.org/) (but I don't trust anything with access to my unlimited data even if they promise encryption).
Good:
At least DNSCrypt explains it's not end-to-end but rather uses Elliptic Curve.
"The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve (http://dnscurve.org), but focuses on securing communications between a client and its first-level resolver. While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries."
I guess pick your poison lol.
-
I use openDNS just for shits and giggles. And because I'm not a fan of google. I don't really notice any difference between that and my default DNS, but then again I don't know that much.
-
It is not such a bad idea to tunnel DNS traffic away through something like tor.
Using a caching daemon as a method to compensate with the speed trade-off.
DNS is a great way to profile people over the years, the question is who has insight in such data which is probably stored infinite.