Opendns 1 Opendns
Total Page:16
File Type:pdf, Size:1020Kb
OpenDNS 1 OpenDNS OpenDNS Type DNS Resolution Service Founded 2005 Headquarters San Francisco, California Key people David Ulevitch (Founder & CEO) [1] Employees 20 [2] Website OpenDNS.com OpenDNS is a Domain Name System (DNS) resolution service. OpenDNS extends DNS adding features such as misspelling correction, phishing protection, and optional content filtering. It provides an ad-supported service[3][4] "showing relevant ads when we [show] search results" and a paid advertisement-free service. Services DNS OpenDNS offers DNS resolution as an alternative to using Internet service providers' DNS servers. There are OpenDNS servers in strategic locations, and they also employ a large cache of the domain names.. OpenDNS has adopted and supports DNSCurve.[5] OpenDNS provides the following recursive nameserver addresses[6] for public use, mapped to the nearest operational server location by anycast routing: • 208.67.222.222 (resolver1.opendns.com) • 208.67.220.220 (resolver2.opendns.com) • 208.67.222.220 [6] • 208.67.220.222 [6] IPv6 addresses (experimental)[7] • 2620:0:ccc::2 • 2620:0:ccd::2 Other features include a phishing filter, domain blocking and typo correction (for example, typing "example.og" instead of "example.org"). OpenDNS maintains a list of malicious sites and blocks access to them when a user tries to access them through their service. OpenDNS also run a service called PhishTank for users to submit and review suspected phishing sites. The name OpenDNS refers to the DNS concept of being open, where queries from any source are accepted. It is not related to open source software; the service is based on closed-source software.[8] OpenDNS earns a portion of its revenue by resolving a domain name to an OpenDNS server when the name is not otherwise defined in DNS. This has the effect that if a user types a non-existent name in a URL in a web browser, the user sees an OpenDNS search page. Advertisers pay OpenDNS to have advertisements for their sites on this page. This behavior is similar to VeriSign's previous Site Finder or the redirects many ISP's place on their own DNS OpenDNS 2 servers, but it is a service provided only at users' request.[9] OpenDNS says that the advertising revenue pays for the free customized DNS service.[10] As of March 2010 OpenDNS said that it handled over 20 billion DNS requests daily, with over 26 billion delivered on 21 April, 2010.[11] OpenDNS may have negligible performance gain, [12] but may process queries more quickly than an ISP with slow DNS servers.[13] DNS query results are sometimes cached by routers (e.g. typically local ISPs queries may be cached by ISPs home routers), the local operating system or applications, so speeds may not be noticeable with every request but only with requests that are not stored in a local cache. DNS rebinding protection To provide protection against DNS rebinding, private IP addresses can be (optionally) filtered out of DNS responses.[14] Domain-blocking On May 13, 2007, OpenDNS launched a domain-blocking service to block or filter web sites visited based upon categories, allowing control over the type of sites that may be accessed. The filters can be overridden through individually managed blacklists and whitelists. In 2008 OpenDNS changed from a closed list of blocked domains to a community-driven list allowing subscribers to suggest sites for blocking; if enough subscribers (the number has not been disclosed) concur with the categorization of the site it is added to the appropriate category for blocking. As of 2011 there were over 50 categories. The basic OpenDNS service does not require users to register, but using the block/filter feature requires registering and logging in.[15] FamilyShield OpenDNS also provides the following recursive nameserver addresses as part of their FamilyShield[16] parental controls which block pornography, proxy servers, phishing sites and some malware: • 208.67.222.123 • 208.67.220.123 DNSCrypt DNSCrypt encrypts DNS traffic between the user's computer and the OpenDNS name servers for Windows, Linux, Mac OS X and iPhone.[17] Dynamic DNS On December 3, 2007, OpenDNS began offering the free DNS-O-Matic [18] service to provide a method of sending dynamic DNS (DDNS) updates to several DDNS providers using DynDNS's update API.[19] OpenDNS premium On October 21, 2009, OpenDNS launched OpenDNS premium services, for small businesses and enterprises with advanced needs. For a charge, the service offers ad-free result pages, increased reporting and block features, and other services. Pricing for the Enterprise version starts at $2000 per year.[20] The deluxe version, more customisable than the free-of-charge basic version and free of advertisements, costs $19.95 per year for families.[20] Starting March 15, 2012, OpenDNS Enterprise for Small Business appears to start at $1,500 based on a forum posting that refers to emails received by current subscribers. [21] OpenDNS 3 History • In July 2006, OpenDNS was launched by computer scientist and entrepreneur David Ulevitch. It received venture capital funding from Minor Ventures, which is led by CNET founder Halsey Minor. • On July 10, 2006, the service was covered by digg, Slashdot, and Wired News, which resulted in an increase of DNS requests from just over one million requests on July 9 to 30 million on July 11. • Before 2007 OpenDNS was using the DNS Update API from DynDNS to handle updates from users with dynamic IPs.[22] • On October 2, 2006, OpenDNS launched PhishTank, an online collaborative anti-phishing database. • On June 11, 2007, OpenDNS started advanced web filtering to optionally block adult content for their free accounts. • On November 5, 2008, Nand Mulchandani, former head of VMware's security group, left VMware to join OpenDNS as new CEO, replacing founder David Ulevitch, who remained as the company's chief technology officer.[23] • In July 2009, OpenDNS was funded by Sequoia Capital and Greylock.[24] • In November, 2009 David Ulevitch resumed his post as CEO of OpenDNS. • In June 2010, OpenDNS launched "FamilyShield", a service designed to filter out sites with pornographic content. The service uses the DNS addresses 208.67.222.123 and 208.67.220.123.[25] • On September 1, 2010, the World Economic Forum announced the company as a Technology Pioneer for 2011.[26] • On November 8, 2011, Founder and CEO David Ulevitch wrote an open letter to Congress about the Stop Online Piracy Act and the Protect IP Act.[27] Issues, conflicts and Google redirection While the OpenDNS name resolution service is free, people have complained about how the service handles failed requests. If a domain cannot be found, the service redirects users to a search page with search results and advertising unless the user has paid for an upgraded service. Users can switch this off via the OpenDNS Control Panel, or specify another page to use for missing domains. This behavior is similar to that of many large ISPs who also redirect failed requests to their own servers containing advertising. [28] In 2007, David Ulevitch explained that in response to Dell installing "Browser Address Error Redirector" software on their PCs, OpenDNS started resolving requests to Google.com. Some of the traffic is handled by OpenDNS typo-correcting service which corrects mistyped addresses and redirects keyword addresses to OpenDNS's search page, while the rest is transparently passed through to the intended recipient.[29] Also, a user's search request from the address bar of a browser that is configured to use the Google search engine (with a certain parameter configured) may be covertly redirected to a server owned by OpenDNS (which is within the OpenDNS Terms of Service).[30] Users can disable this behavior by logging in to their OpenDNS account and unchecking "OpenDNS proxy" option.[31] Additionally, Mozilla users can fix this problem by installing an extension[32] or by simply changing or removing the navclient sourceid from their keyword search URLs. This redirection breaks some non-Web applications that rely on getting an NXDOMAIN response for non-existent domains, such as e-mail spam filtering, or VPN access where the private network's nameservers are consulted only when the public ones fail to resolve. Breaking local name resolution can be avoided by configuring the DNS addresses only in the forwarders of the local DNS server or router (the WAN/Internet configuration of a router or other gateway). For other purposes, or when the DNS addresses cannot be configured in a forwarder, domains for which an NXDOMAIN response is expected should be added to the Exceptions for VPN Users section of the OpenDNS Dashboard. OpenDNS 4 Server locations Servers are located:[11] • Amsterdam, The Netherlands • Chicago, Illinois, USA • Dallas, Texas, USA • Frankfurt, Germany • London, United Kingdom • Los Angeles, California, USA • Miami, Florida, USA • New York, New York, USA • Palo Alto, California, USA • Seattle, Washington, USA • Singapore • Washington, DC, USA References [1] "> About Us > Management" (http:/ / www. opendns. com/ who). OpenDNS. Retrieved 2011-08-21. [2] http:/ / www. opendns. com/ [3] July 26, 2007 (2007-07-26). "OpenDNS is a free, ad-based service" (http:/ / www. pcmag. com/ article2/ 0,2817,2163029,00. asp). Pcmag.com. Retrieved 2011-08-21. [4] "OpenDNS > > We make money just like Google and Yahoo" (http:/ / www. opendns. com/ how/ free/ how-can-opendns-be-free/ ). Retrieved 2011-08-21. [5] "OpenDNS adopts DNSCurve, official OpenDNS blog entry" (http:/ / blog. opendns. com/ 2010/ 02/ 23/ opendns-dnscurve/ ). Blog.opendns.com. Retrieved 2011-08-21. [6] "OpenDNS > Support > Knowledge Base > Additional (3rd and 4th) OpenDNS Addresses" (http:/ / www. opendns. com/ support/ article/ 115). OpenDNS. Retrieved 2011-09-21. [7] OpenDNS IPv6 Sandbox (http:/ / www. opendns. com/ ipv6/ ) [8] OpenDNS | 0x80 (http:/ / 0x80.