OpenDNS? A word of warning
Posted by in Tech at 11:15 p.m. on March 06th, 200817 Comments 0 Pings
I fully expect the Google-hits to go nuts tomorrow when everyone’s Samba caches start expiring and the “Shared” sidebars start disappearing. Gruber posted a recommendation for OpenDNS:
OpenDNS is a totally free service that provides very fast DNS service to anyone, with a bunch of other optional features. Not new, but somehow I’d never heard of it before. Came in handy for me today after Comcast’s DNS servers crapped out.
? [From OpenDNS]
OpenDNS does everything right except for one thing: RETURNING BOGUS IP ADDRESSES FOR HOSTNAMES THAT DON’T EXIST!!1! That’s what NXDOMAIN is for. Bad OpenDNS.
Comments
Rube
March 8, 2008 at 11:50 a.m.:I do like OpenDNS. It's a great idea. Phishing protection at the DNS level is awesome; no-hassle public DNS servers are great.
But I don't like DNS spoofing because it changes a system-wide behavior to solve a Web browser need. My ISP also does this, and it drives me nuts. For example, Samba tries to find a hostname, "BOB":
- samba gets an NXDOMAIN for a DNS hostname lookup, then,
- uses the lmhosts file, and failing that
- broadcasts on the local network for the hostname
If he gets a bogus IP for the hostname on step 1, he will poke a server out on the Internet with SMB requests until finally he decides the host is down, and gives up. It never broadcasts on the local network, and your samba browsing is broke. To fix it, you have to open a Bash terminal and edit config files.
Also, if you mistype your email server into Mail, it will try to login to some random OpenDNS instead of telling you that the hostname is wrong.
When you type in a wrong hostname, Internet Explorer sends you to msn search, and Safari gives you the option of searching Google. So maybe this particular function should be a Firefox extension instead of a brand new backwards-compatible replacement for the DNS system?
I don't see how I could turn of auto-dns-fallback on my network, because I'm on DSL with a dynamic IP. Is that possible somehow?
Macs R We
March 27, 2011 at 12:55 a.m.:The OpenDNS NXDOMAIN paradigm may be inoffensive for people using browsers, but since it can't restrict itself to port 80 requests, it screws up all sorts of other network operations. Rube has one good example, above. Here is another, where it sandbags Apple's Time Machine:
c scott
March 6, 2012 at 3:38 a.m.:it really sucks. Perhaps maven is stupid at times (i wouldn't be the first to say), however, it downloads bogus pom files from these stupid responses that opendns redirects requests to. Instead of a valid POM, i get javascript in it. Disgusting.
Caused me hours of debugging to understand what was going on.
David Ulevitch
March 7, 2008 at 11:23 p.m.:you can turn that off -- just send a note to support and we'll disable NXDOMAIN wildcarding for your network.
Most people prefer it. Do you just not like it because that's not how it used to be or does it cause you actual pain?