OpenDNS offers a service to all Internet users that goes to the core of networking to improve security, privacy, and performance. As a home user, you typically just use the DNS service that your ISP provides. The DNS (Domain Name System) server that your computer connects to has the responsibility to translate URLs that you want to visit into the IP Network Addresses of the servers that host those sites for your computer. OpenDNS provides the same basic translation as your ISP, but faster and with a few advanced features that you won’t get through your ISP or even Google Public DNS.
OpenDNS has three levels of its service that it offers: Basic, Deluxe, and Enterprise. Basic is free while the others require a subscription. Enterprise is typically aimed for larger organizations, but Deluxe could be worth the cost for the extra features. I only have experience with the Basic service and I have found it do be sufficient for all my needs. You can see the differences graphed out and sign up for the (free) Basic OpenDNS service on the Use OpenDNS page.
Once you sign up with OpenDNS, you simply enter the OpenDNS server IP addresses (126.96.36.199, 188.8.131.52) in your network settings following their instructions for a wide variety of operating systems. After that, you should be able to visit the test page and see the message below.
One of the cool features you can take advantage of with OpenDNS is shortcuts. Instead of typing out a full URL, you can just type a shortcut into your address bar and it’ll take you to the webpage you configured it for. For example, from the screenshot below, if I type ‘404ts’ into my browser and hit enter, it’ll take me to http://www.404TechSupport.com/. You can configure shortcuts for any URL and it adds another layer of convenience as an alternative to bookmarks.
Using OpenDNS to block websites is the primary feature that sells me on wanting to use it. I use it at home but wish I could sell my organization on using it at work. OpenDNS won’t resolve any malicious or phishing sites. Imagine the number of fewer support calls we would have because malware websites, redirects, and malicious scripts are stopped cold because they are blocked from resolving the domains they are trying to refer to.
When you try to visit a site that is blocked by OpenDNS, you’ll see a page warning you as such. There are some ads at the bottom of the page if you’re using the OpenDNS Basic service, the others are ad-free. You can customize the page to have your own logo instead of the OpenDNS logo and your own message. The ability to add a bypass to these pages is coming for the Deluxe and Enterprise services.
Not only are malicious sites filtered automatically, you can also choose to filter sites by the level of protection you need. You can filter by High, Medium, or Low levels of protection which is just a one click method of filtering out more categories. You can also opt to do no filtering so you won’t be blocked from any sites but those marked as malware. Instead of choosing a level, you can custom configure your level of filtering by choosing which categories you don’t want to see. Some of the categories include: Adware, Dating, Drugs, Hate/Discrimination, Nudity, Religious, Tasteless, Social networking, Video sharing, and many more.
The Web Content Filtering feature is excellent for laying the groundwork to protecting your children online. Schools and Libraries can also implement OpenDNS to achieve CIPA Compliance (PDF) to make themselves eligible for E-Rate Funding.
Sites are categorized by the community through Domain Tagging. Individuals can submit domains to a category and then the community can vote on whether or not they agree with the categorization. After enough agreeing votes are collected, the domain will be added to the category and will be filtered if you choose to filter that category for your network.
Along with the category filtering I just mentioned, you can also blacklist a domain so it is always blocked or whitelist one so it is never blocked. For example, if there was a known phishing attempt going around, I could simply block the domain of the phishing site and rest assured that none of my users on my network would fall for it and accidentally give out their login credentials.
OpenDNS offers Malware/Botnet and Phishing protection by default, but you can optionally uncheck them if you just want the faster DNS resolution and none of the other features. The malware/botnet protection protects from known botnets being able to connect back to their command center, mostly rendering the bots inoperable and so the infected machines don’t participate in DDOS attacks. The phishing protection blocks websites based on a database that is kept-up at PhishTank.com, a service run by OpenDNS. The idea behind PhishTank is that if you receive a phishing e-mail, you go submit it to the website and that will help protect others.
All of these settings are controlled on a per-network basis, meaning you can have a different configuration for different parts of your network that have different external IPs or IP ranges. You can also use a piece of software from OpenDNS on your machine to keep your account updated with your current IP address if you have a dynamic IP.
Along with the settings, statistics are also differentiable along the different networks. You can see the total requests, unique domains, Top Domains, Blocked Domains, and other stats that might be of interest. These can be seen across all networks or just a particular network.
When outsourcing such a vital component of your network infrastructure, it’s reassuring to see such a positive record of up-time through the OpenDNS Status Page, which is also accessible through http://184.108.40.206/ (in case OpenDNS were to go down). It’s also reassuring to know that many large companies and educational institutions rely on OpenDNS. Your request is routed to the nearest OpenDNS server for the fastest response, but is also backed up with other servers positioned around the world.
Good Reasons to use OpenDNS
Go ahead and get started! Sign up with OpenDNS and check out at least the free Basic service to see all that is offered.
Stay tuned for part 2 tomorrow: OpenDNS pt. 2 – A Comparison