

Why would someone use OpenDNS on a per-PC basis? I must be missing something. - amrith
http://hypecycles.wordpress.com/2009/08/31/opendns/

======
jsz0
Primarily because client side software that serves a similar function is
bulky, harder to configure, and almost never free. If your browser becomes
compromised there's a fine chance its built-in phishing/malware filter will be
broken or disabled. It's unlikely a browser exploit could change your DNS
settings -- if it could you've got much bigger problems.

From a performance point of view many ISP name servers are either
oversubscribed or simply not fine tuned. There are many tricks to DNS
configuration on busy servers and OpenDNS does a good job keeping their
servers fast and responsive. Additionally your ISP may not be giving you the
best possible DNS servers. Many ISPs are getting involved in the ISP sponsored
custom redirect game. While OpenDNS does indulge in this to a degree their
service doesn't seem to take a hit from it which is something I cannot say
about other custom redirects.

------
iigs
_So, could one really do this OpenDNS thing behind a pay-for-internet-
service?_

Yes but it requires the pay-for-internet provider to think about their real
usage scenarios and plan for them appropriately. I'm involved in the
engineering of a similar system that has nearly a million users, and we've
chosen to leave port 53 wide open, even though it can theoretically be used
for DNS tunneling or other nefarious use.

Also, I disagree with the comments on the post that claim that ISP DNS is the
#1 cause of slowdowns -- DNS on an ISP scale is surprisingly easy to dimension
and support in the common case. The important aspects of DNS administration
center around debugging misbehaving authoritative servers and management of
Denial of Service attacks.

~~~
pbhjpbhj
I used to find that I'd get slow downs when performing requests because the
ISP wasn't answering the DNS query in a timely fashion. This would usually
resolve itself in half-an-hour or so, possibly a load issue. But with OpenDNS
I've not had those problems, my ISP nameservers are there as backup however if
I should need them.

Also OpenDNS optionally does filtering and allows reporting of lookups made.
As my kids grow and explore for themselves I think this will be useful.

------
amrith
More on this topic and a follow-on post at
<http://hypecycles.wordpress.com/2009/09/01/opendns-again/>

------
abyssknight
I used OpenDNS while at Defcon to avoid my DNS servers being spoofed. The
minor configuration change was totally worth it.

------
kuzux
Well, in Turkey, it's used for accessing (most of)the censored sites

