Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
The Internet IT

OpenDNS Phases Out Redirection To Guide 90

First time accepted submitter Jim Efaw (3484) writes "Tired of the OpenDNS Guide surprise from website-unavailable.com when you go to an old link or a typo from some ISPs? Relief is at hand: On June 6, 2014, OpenDNS will stop redirecting dead hostnames to Guide and its ads; the OpenDNS Guide itself will shut down sometime afterwards. OpenDNS nameservers will start returning normal NXDOMAIN and SERVFAIL messages instead. Phishing protection and optional parental controls will still stay in place."
This discussion has been archived. No new comments can be posted.

OpenDNS Phases Out Redirection To Guide

Comments Filter:
  • by Anonymous Coward

    Control your own DNS

  • by Anonymous Coward

    "We can make enough money from selling your IP and the domains you look up."

    • Exactly that.

      Hello, Seagate rep? Yeah, we're gonna need a freaking exatabyte to store our new hadoop engine data--yeah, the ones with the ready-to-sort web page script filters.

      How many? How many does a 53' semi-trailer hold? Really? Yeah, here's the PO #.

    • by davidu ( 18 ) on Sunday June 01, 2014 @09:16AM (#47140835) Homepage Journal

      Nope. Never. We've never sold our data. We've never even used it for marketing purposes internally.

      We've only ever made money from one of three things: Ads, selling individuals an ad-free version, and enterprise security services.

      Today, most all of our revenue, and all of our growth, comes from selling enterprise security. If you work in IT, it's worth checking out to improve your security posture. There's a lot more to it than you might guess.

      -David

      • by Anonymous Coward
        2 digits! He must be legit
      • David,

        Thanks for responding here. You sure don't see the guys over at Comcast responding directly to the Slashdot crowd, so respect there.

        One thing I've been hoping that OpenDNS would adopt is the system that FoolDNS uses to thwart tracking and redirects. I'll be honest and say that I switched my router's DNS addresses to FoolDNS for that reason. Is there any meaningful discussion within OpenDNS to provide a service like this?

        Thanks!

      • by unity ( 1740 )
        Good to know. I've been using you guys for a long time now; its a great service. Best of luck with the security services.
    • I trust them not to sell my data for marketing purposes : https://developers.google.com/... [google.com]
  • Wait, how will they make money then?

    Oh, right. The usual answer. Selling our data.
    • It is not "your" data, it is data about you. Data that you are freely giving them.
    • From TFA:

      But we’re excited to report that in the past few years we’ve built a thriving enterprise security business and now have more than 10,000 happy, paying customers.

    • Comment removed based on user account deletion
      • If you're looking to block access to a given list of domains/host names, Privoxy can be configured to do this and no more. If you're actually looking just to do DNS caching on your grandma's computer, try this from an elevated command prompt:

        sc config dnscache start= auto
        net start dnscache

        Then type out 1000 times: I will not turn off the local DNS caching system.

    • Re:Business model (Score:5, Informative)

      by davidu ( 18 ) on Sunday June 01, 2014 @09:18AM (#47140839) Homepage Journal

      Nope. Never.

      We wouldn't make such a case for turning off ads if this was our business model going forward. You could visit our site and see how we make money. We sell security services. We never could have done it without first being a consumer service, but we're not selling your data. Come on.

      -David

  • I like the OpenDNS free service, because compared to everything else out there I know of for doing the same job, they suck less than all other options.

    Using my ISPs, or VPNs, Google's, or having to roll my own all suck even more.

    • Using my ISPs, or VPNs, Google's, or having to roll my own all suck even more.

      So what sucks about using google? Don't trust them? I guess that's a valid concern, but I wouldn't say it causes suckage.

      • Re: (Score:2, Insightful)

        by SpzToid ( 869795 )

        Wow, I can't believe my original post got down-modded to a zero. Regardless, I'll clarify per your request.

        Google is an advertising company that at-minimum aggregates, so I trust them less than OpenDNS with my DNS service. Simple as that. But especially since OpenDNS has made clear they are a security company and they don't want to mess with those profits, while advertising actually messes with the stated mission of theirs and they want to completely jettison it now, hence their recent changes made public n

  • Good! (Score:3, Interesting)

    by Anonymous Coward on Sunday June 01, 2014 @06:30AM (#47140287)

    My company used to use OpenDNS, but then they'd resolve websites that went MIA and our automated scripts wouldn't know that and vomited on what OpenDNS fed them. We're using Google DNS now and it works perfectly. Gets around all the problems introduced by BT mangling the DNSSEC chain.

  • by TheRealHocusLocus ( 2319802 ) on Sunday June 01, 2014 @06:55AM (#47140361)

    Being a prepper of sorts, and seeing the Gub'mint positioning itself to hijack DNS in order to exert control (or potentially just shut everything down by attacking this low hanging fruit) I've been looking around for a very specific type of resolver, which can be placed manually into one of several modes:

    NORMAL: all lookups are resolved with network queries (as a standalone resolver OR as a 'thin' resolver which just forwards to some upstream DNS server). The results are returned as a real-time resolver does, but are also cached permanently to disk in a database that will inevitably grow over time.

    FALLBACK 1, fill in the blanks: when a real result is received yet it is a fail (NOERROR,SRVFAIL,NXDOMAIN), as might be the case in a hypothetical shutdown attack, a stored query that had a positive result is returned.

    FALLBACK 2, DNS network down/disabled: all queries are returned from the database and network lookups are not attempted.

    So while we are resolving normally a database is being created for emergency use, yet if some disruption to DNS occurs it would be possible to switch to one of the fallback modes to surf -- if not completely, at least with some reasonable level of success...

    A desirable feature would be to store a maintainable list of 'poison' ip/net masks of known DHS/ICE webservers, so any A records matching this list are NOT treated as real results, and trigger fallback action. Another desirable feature would be explicit (and implicit via matching of results) recognition of wildcard DNS schemes such as gobblegook.realdomain.com so repeated resolves of these do not overwhelm the database. But there might be some gruesome heuristics behind this.

    I realize OpenDNS is in itself a step in this direction, but the local fallback resolver would also give you options for cases when OpenDNS itself is not reachable, such as a hostile/draconian ISP that rewrites DNS packets to point to its own servers.

    • MaraDNS caches to memory, not disk, but will return expired DNS records to the client when there is no answer from authoritative sources.

      PowerDNS can connect to a database backend, which can then permanently store a huge collection of DNS records.

      • powerdns can connect to a database backend, which can then permanently store a huge collection of dns records.

        thanks kindly, this route looks the most promising.

        All; the other relevant details of my response including a sketch of how I could implement this idea are OMITTED because I am being harassed by Slashdot's 'Lameness filter' and rather than engage in some investigatory process (hint: it had nothing to do with CAPS) I said Fuck It. Time to move to Pipedot?.

  • Use OpenNIC instead - less schennigans
  • Just like (Score:5, Insightful)

    by Antique Geekmeister ( 740220 ) on Sunday June 01, 2014 @08:33AM (#47140657)

    The _behavior_ of redirecting failed DNS lookups to an advertising server is unsurprising. Roughly 10 years ago, Verisign did much the same thing to to the master servers for *.com', and broke the concept of getting a "no such record" result for everyone in the world using ".com" addresses.

                                  http://slashdot.org/story/03/0... [slashdot.org]

    Many, many people were _extremely_ upset when this unannounced change occurred. It broke tools worldwide that were used to verify DNS configuraitons, and it routed email that was misspelled or had faild DNS to Verizon's advertising DNS IP addresses. I was never sure if Verisign bothered to do anything with all the DNS connection requests, FTP requests, SSH requests, or everyehing else redirected to their sites, but it left Verisign in charge of a tremendous amount of data and potential network manipulation.

    People, and software, have become more accustomed to such DNS abuse. But it's still problematic if you don't realize it's going on.

  • by Anonymous Coward

    Verizon just started redirecting their business class DSL users to Yahoo! search results for bad domains a few weeks ago. Maybe that is what changed OpenDNS's mind about the ads -- they decided they didn't want to be as scummy as Verizon ;-) Oh, and Yahoo!, stay classy.

  • Doesn't look like a lot of people knew this - you could turn this off. I see people complaining about this feature and how it broke their tools when they used it at work, but it was always (afaik) optional and I always had it turned off, if you found it a problem you could have too.

    • by Anonymous Coward

      As far as I could tell, turning OpenDNS Guide was not optional unless you created an account, so a large number of people believed that their only options were between intercepted by malware-style redirections or creating an account with the organization that seemed to be behind the malware-style behavior. When you perceive you are being abused by someone, do you then create an account with them at their request, to see if they're going to be less or more abusive now that you've let them know you're willin

A person with one watch knows what time it is; a person with two watches is never sure. Proverb

Working...