You Bitch!
21st of September, 2017

About

Rube

An Advanced and Magical Blogger at an Unbelievable Price!

Latest Comments

Sturm

Drang

Broodlings

G'scheits - German Blogging

Archives

2003
Mar
2003
Apr May Aug Sep Oct Nov Dec
2004
Jan Feb Mar Apr May Jun
Jul Aug Sep Oct Nov Dec
2005
Jan Feb Mar Apr May Jun
Jul Aug Sep Oct Nov Dec
2006
Jan Feb Mar Apr May Jun
Jul Aug Sep Oct Nov Dec
2007
Jan Feb Mar Apr May Jul Aug Sep Oct Nov Dec
2008
Jan Feb Mar Apr May Jun
Jul Sep Oct Nov Dec
2009
Jan Feb Apr May Jul
2010
Jan Feb Mar Apr Jun
Sep Nov
2011
Jan Oct
2012
Feb Jul Sep
2013
Jan Apr
2014
Mar
2015
Jun
Nov Dec
2016
Jul

OpenDNS? A word of warning

I fully expect the Google-hits to go nuts tomorrow when everyone’s Samba caches start expiring and the “Shared” sidebars start disappearing. Gruber posted a recommendation for OpenDNS:

OpenDNS is a totally free service that provides very fast DNS service to anyone, with a bunch of other optional features. Not new, but somehow I’d never heard of it before. Came in handy for me today after Comcast’s DNS servers crapped out.

? [From OpenDNS]

OpenDNS does everything right except for one thing: RETURNING BOGUS IP ADDRESSES FOR HOSTNAMES THAT DON’T EXIST!!1! That’s what NXDOMAIN is for. Bad OpenDNS.

Comments

David Ulevitch

you can turn that off -- just send a note to support and we'll disable NXDOMAIN wildcarding for your network.

Most people prefer it. Do you just not like it because that's not how it used to be or does it cause you actual pain?

Rube

I do like OpenDNS. It's a great idea. Phishing protection at the DNS level is awesome; no-hassle public DNS servers are great.

But I don't like DNS spoofing because it changes a system-wide behavior to solve a Web browser need. My ISP also does this, and it drives me nuts. For example, Samba tries to find a hostname, "BOB":

  1. samba gets an NXDOMAIN for a DNS hostname lookup, then,
  2. uses the lmhosts file, and failing that
  3. broadcasts on the local network for the hostname

If he gets a bogus IP for the hostname on step 1, he will poke a server out on the Internet with SMB requests until finally he decides the host is down, and gives up. It never broadcasts on the local network, and your samba browsing is broke. To fix it, you have to open a Bash terminal and edit config files.

Also, if you mistype your email server into Mail, it will try to login to some random OpenDNS instead of telling you that the hostname is wrong.

When you type in a wrong hostname, Internet Explorer sends you to msn search, and Safari gives you the option of searching Google. So maybe this particular function should be a Firefox extension instead of a brand new backwards-compatible replacement for the DNS system?

I don't see how I could turn of auto-dns-fallback on my network, because I'm on DSL with a dynamic IP. Is that possible somehow?

Macs R We

The OpenDNS NXDOMAIN paradigm may be inoffensive for people using browsers, but since it can't restrict itself to port 80 requests, it screws up all sorts of other network operations. Rube has one good example, above. Here is another, where it sandbags Apple's Time Machine:

http://installingcats.com/2008/06/01/...

c scott

it really sucks. Perhaps maven is stupid at times (i wouldn't be the first to say), however, it downloads bogus pom files from these stupid responses that opendns redirects requests to. Instead of a valid POM, i get javascript in it. Disgusting.

Caused me hours of debugging to understand what was going on.

Leave a Comment

    • This field is required.
    • This field is required.
    • This field is required.
  • Comments use Markdown syntax. HTML may be stripped. Preview is your friend.
  • Akismet