OpenDNS Phases Out Redirection To Guide 90
First time accepted submitter Jim Efaw (3484) writes "Tired of the OpenDNS Guide surprise from website-unavailable.com when you go to an old link or a typo from some ISPs? Relief is at hand: On June 6, 2014, OpenDNS will stop redirecting dead hostnames to Guide and its ads; the OpenDNS Guide itself will shut down sometime afterwards. OpenDNS nameservers will start returning normal NXDOMAIN and SERVFAIL messages instead. Phishing protection and optional parental controls will still stay in place."
Run your own resolver (Score:1)
Control your own DNS
Re:Run your own resolver (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
You may make him commit suicide again. He's done it before, you know.
Did he redirected?
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
DNS is to complex: host files FTW
So, instead of a single place to update, I'd have to update the dozen or so internet devices on my network?
Re: (Score:1)
You patched your telnet to connect to port 80 by default? Our is the telnet command an alias?
Re: (Score:3)
I'm going to go with "he thinks he looks k00l if he can use words like 'telnet' and 'GET' on a Slashdot post".
Re: (Score:2)
you are week-old n00b, use https and check those certificates
openssl s_client -connect google.com:443
CONNECTED(00000003)
GET / HTTP/1.0
Re: (Score:2)
Re: (Score:2)
Oh I got this...
telnet 2001:4978:f:d9::2 80
Trying 2001:4978:f:d9::2...
Connected to cl-218.chi-02.us.sixxs.net.
Escape character is '^]'.
GET / HTTP/1.0
Host: www.midnightbsd.org
HTTP/1.1 200 OK
Date: Sun, 01 Jun 2014 17:02:59 GMT
Server: Apache/2.2.25 (MidnightBSD)
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I already do - it's easy enough if you have a Linux box. No need to depend on filtered stuff from your ISP.
If you read in between the lines (Score:2, Insightful)
"We can make enough money from selling your IP and the domains you look up."
Re: (Score:2)
Exactly that.
Hello, Seagate rep? Yeah, we're gonna need a freaking exatabyte to store our new hadoop engine data--yeah, the ones with the ready-to-sort web page script filters.
How many? How many does a 53' semi-trailer hold? Really? Yeah, here's the PO #.
Re:If you read in between the lines (Score:5, Informative)
Nope. Never. We've never sold our data. We've never even used it for marketing purposes internally.
We've only ever made money from one of three things: Ads, selling individuals an ad-free version, and enterprise security services.
Today, most all of our revenue, and all of our growth, comes from selling enterprise security. If you work in IT, it's worth checking out to improve your security posture. There's a lot more to it than you might guess.
-David
Re: (Score:1)
Re: (Score:3)
I was here before it was Slashdot...
Re: (Score:2)
Re: (Score:2)
What was it before it was Slashdot? Just curious.
Re: If you read in between the lines (Score:5, Insightful)
What are you talking about? You might not have like the ads, but we never lied about anything. Our service was super clear about how it worked. And for those who didn't like the redirection, it has always been possible to create an account and disable that part of the service.
Re: (Score:2)
David,
Thanks for responding here. You sure don't see the guys over at Comcast responding directly to the Slashdot crowd, so respect there.
One thing I've been hoping that OpenDNS would adopt is the system that FoolDNS uses to thwart tracking and redirects. I'll be honest and say that I switched my router's DNS addresses to FoolDNS for that reason. Is there any meaningful discussion within OpenDNS to provide a service like this?
Thanks!
Re: (Score:2)
That's why I use Google DNS (Score:1)
Business model (Score:2, Funny)
Oh, right. The usual answer. Selling our data.
Re: (Score:2)
yeah the premium paid users ip's are even more worthy: these guys will pay money for nothing.
Re: (Score:3)
Re: (Score:2)
But we’re excited to report that in the past few years we’ve built a thriving enterprise security business and now have more than 10,000 happy, paying customers.
Re: (Score:2)
Re: (Score:2)
If you're looking to block access to a given list of domains/host names, Privoxy can be configured to do this and no more. If you're actually looking just to do DNS caching on your grandma's computer, try this from an elevated command prompt:
sc config dnscache start= auto
net start dnscache
Then type out 1000 times: I will not turn off the local DNS caching system.
Re:Business model (Score:5, Informative)
Nope. Never.
We wouldn't make such a case for turning off ads if this was our business model going forward. You could visit our site and see how we make money. We sell security services. We never could have done it without first being a consumer service, but we're not selling your data. Come on.
-David
Re:Business model (Score:5, Informative)
We have been building a data privacy and data usage policy document that we plan to release soon.
One of the many, many reasons to turn off ads is that we had to share some potentially personally identifiable information with ad partners (indirectly when making ad requests, they would just see it in the ad request), so by turning off ads, our privacy / data policy will be a lot more clear and will not need to have weird "certain third parties for certain services" kind of language to address the advertising business.
We're waiting to turn off ads, we'll get the document cleaned up, and we'll publish it.
-David
Re: (Score:2)
OpenDNS sucks less than everyone else (Score:2, Redundant)
I like the OpenDNS free service, because compared to everything else out there I know of for doing the same job, they suck less than all other options.
Using my ISPs, or VPNs, Google's, or having to roll my own all suck even more.
Re: (Score:3)
Using my ISPs, or VPNs, Google's, or having to roll my own all suck even more.
So what sucks about using google? Don't trust them? I guess that's a valid concern, but I wouldn't say it causes suckage.
Re: (Score:2, Insightful)
Wow, I can't believe my original post got down-modded to a zero. Regardless, I'll clarify per your request.
Google is an advertising company that at-minimum aggregates, so I trust them less than OpenDNS with my DNS service. Simple as that. But especially since OpenDNS has made clear they are a security company and they don't want to mess with those profits, while advertising actually messes with the stated mission of theirs and they want to completely jettison it now, hence their recent changes made public n
Re: (Score:2)
Thank you for taking the time and effort to educate me on something that clearly I needed to be educated on. I appreciate your consideration and effort very much AC.
Good! (Score:3, Interesting)
My company used to use OpenDNS, but then they'd resolve websites that went MIA and our automated scripts wouldn't know that and vomited on what OpenDNS fed them. We're using Google DNS now and it works perfectly. Gets around all the problems introduced by BT mangling the DNSSEC chain.
Ask Slashdot: to-disk caching emergency resolver? (Score:4, Interesting)
Being a prepper of sorts, and seeing the Gub'mint positioning itself to hijack DNS in order to exert control (or potentially just shut everything down by attacking this low hanging fruit) I've been looking around for a very specific type of resolver, which can be placed manually into one of several modes:
NORMAL: all lookups are resolved with network queries (as a standalone resolver OR as a 'thin' resolver which just forwards to some upstream DNS server). The results are returned as a real-time resolver does, but are also cached permanently to disk in a database that will inevitably grow over time.
FALLBACK 1, fill in the blanks: when a real result is received yet it is a fail (NOERROR,SRVFAIL,NXDOMAIN), as might be the case in a hypothetical shutdown attack, a stored query that had a positive result is returned.
FALLBACK 2, DNS network down/disabled: all queries are returned from the database and network lookups are not attempted.
So while we are resolving normally a database is being created for emergency use, yet if some disruption to DNS occurs it would be possible to switch to one of the fallback modes to surf -- if not completely, at least with some reasonable level of success...
A desirable feature would be to store a maintainable list of 'poison' ip/net masks of known DHS/ICE webservers, so any A records matching this list are NOT treated as real results, and trigger fallback action. Another desirable feature would be explicit (and implicit via matching of results) recognition of wildcard DNS schemes such as gobblegook.realdomain.com so repeated resolves of these do not overwhelm the database. But there might be some gruesome heuristics behind this.
I realize OpenDNS is in itself a step in this direction, but the local fallback resolver would also give you options for cases when OpenDNS itself is not reachable, such as a hostile/draconian ISP that rewrites DNS packets to point to its own servers.
Re: (Score:3)
MaraDNS caches to memory, not disk, but will return expired DNS records to the client when there is no answer from authoritative sources.
PowerDNS can connect to a database backend, which can then permanently store a huge collection of DNS records.
Re:Ask Slashdot: disk caching emergency resolver (Score:2)
powerdns can connect to a database backend, which can then permanently store a huge collection of dns records.
thanks kindly, this route looks the most promising.
All; the other relevant details of my response including a sketch of how I could implement this idea are OMITTED because I am being harassed by Slashdot's 'Lameness filter' and rather than engage in some investigatory process (hint: it had nothing to do with CAPS) I said Fuck It. Time to move to Pipedot?.
OpenNIC (Score:2)
Just like (Score:5, Insightful)
The _behavior_ of redirecting failed DNS lookups to an advertising server is unsurprising. Roughly 10 years ago, Verisign did much the same thing to to the master servers for *.com', and broke the concept of getting a "no such record" result for everyone in the world using ".com" addresses.
http://slashdot.org/story/03/0... [slashdot.org]
Many, many people were _extremely_ upset when this unannounced change occurred. It broke tools worldwide that were used to verify DNS configuraitons, and it routed email that was misspelled or had faild DNS to Verizon's advertising DNS IP addresses. I was never sure if Verisign bothered to do anything with all the DNS connection requests, FTP requests, SSH requests, or everyehing else redirected to their sites, but it left Verisign in charge of a tremendous amount of data and potential network manipulation.
People, and software, have become more accustomed to such DNS abuse. But it's still problematic if you don't realize it's going on.
Meanwhile, scumbag Verizon... (Score:1)
Verizon just started redirecting their business class DSL users to Yahoo! search results for bad domains a few weeks ago. Maybe that is what changed OpenDNS's mind about the ads -- they decided they didn't want to be as scummy as Verizon ;-) Oh, and Yahoo!, stay classy.
This was always optional! (Score:2)
Doesn't look like a lot of people knew this - you could turn this off. I see people complaining about this feature and how it broke their tools when they used it at work, but it was always (afaik) optional and I always had it turned off, if you found it a problem you could have too.
Re: (Score:1)
As far as I could tell, turning OpenDNS Guide was not optional unless you created an account, so a large number of people believed that their only options were between intercepted by malware-style redirections or creating an account with the organization that seemed to be behind the malware-style behavior. When you perceive you are being abused by someone, do you then create an account with them at their request, to see if they're going to be less or more abusive now that you've let them know you're willin