Thursday

DNS and OpenDNS: advanced DNS features

Well, DNS has not changed much over the last 20 years. It was never designed with security in mind. Normal address resolution normally goes over UDP which makes it even worse and susceptible to spoofings attacks. DNSSEC is meant to solve some of the issues by implementing some cryptographic checks. But all dns clients and servers will need to be updated and the implementation will not be easy. So it's not for tomorrow.

Today, I stumbled upon OpenDNS. It has nothing to do with DNSSEC but it can also improve your security. The first feature is being an alternative for the DNS servers from your provider and they provide an intelligent cache of most DNS information. Thus providing excellent DNS resolving speed. They respect the TTL of the domain anyway.
Secondly, they include a phishing filter and typo correction. I fooled around with the typo correction and it didn't impress me.
What I found more interesting was the phishing filter. Apparently it's actually Phishtank: a community based phish verification system where users submit suspected phishes and other users "vote" if it is a phish or not. Phishtank is also used by Opera.

Bit with OpenDNS, you don't need new browsers or new plugins/extensions. Just fill in the following DNS server in your PC or home router/DNS forwarding server

  • 208.67.222.222
  • 208.67.220.220
If you don't want the antiphising features of OpenDNS, you can always disable them and simply use it as a DNS. They have other nifty features such as shortcuts. Shortcuts are a cool way to use a short word for a long address. You have to register with them to use this feature. Then you can link for example "mail" with "https://mail.yahoo.com". From now on, you simply type "mail" and you get to your Yahoo webmail. Nice idea. It gives a new breeze to the whole DNS system. Concerning privacy, OpenDNS seems not to keep records on an individual basis. You can never be sure. Same goes for your own ISP. Unless you setup a DNS server at home.

No comments: