Known as Domain Name System, DNS is an Internet service that ciphers domain names into Internet Protocol (IP) addresses. “The DNS is the central database of the internet, and without it, the internet would cease to exist as we know it,” as pcnames.com bluntly puts it. Alphabetized domain names are used for a reason; it’s easier for the human mind to remember names instead of numbers. But the Internet was founded on IP addresses, i.e., numbers, and so DNS must convert a domain name into the matching IP address. For example, one of the IPs for www.opendns.com is 220.127.116.11. This kernel of information seques into….
What is OpenDNS?
A trademarked brand, OpenDNS® is an extension of the Internet’s Domain Name System. This Internet service protects users from phishing and provides elective content control filtering. Like Google Public DNS and DNS Advantage, it is an alternative to “recursive” DNS servers offered by MSOs and ISPs. Its flagship product is a network security suite called ‘Umbrella,’ which according to Wikipedia is “designed to enforce security policies for mobile employees that work beyond the corporate network using roaming devices such as Window and Mac laptops, iPhones and iPads (and tablets) and provides granular network security for all devices behind the network perimeter.” Despite the misleading name, OpenDNS is based on closed-source software.
At this juncture it is helpful to specify the differences between “authoritative” and “recursive” DNS nameservers. As OpenDNS blogger Chris Frost states, “Recursive DNS nameservers are responsible for providing the proper IP address of the intended domain name to the requesting host.” On the other hand, Frost continues: “Authoritative DNS nameservers are responsible for providing answers to recursive DNS nameservers with the IP ‘mapping’ of the intended website.”
Authoritative DNS servers provide corresponding IP addresses and other essential DNS data to the querying recursive nameserver. Also vital to this process is the root domain server, which resides at the top of the DNS hierarchy. Root domain servers have IP addresses of authoritative DNS servers that process DNS queries for Top Level Domains (TLD), e.g., “com,” “net,” “org” or “gov.” First the recursive server asks the root domain server for the IP address of a TLD. Then it asks the authoritative server for said TLD (com, net, etc.) After the IP address is determined the recursive server sends the appropriate IP address to the end user computer. See the following diagrams:
Image Source: OpenDNS
Courtesy of Cisco Systems, Inc. Unauthorized use not permitted. Accessed 9 December 2016
Image Source: Nirlog.com
One last aside: even though the terms “nameservers” and “DNS servers” tend to be used interchangeably, they are not the same. The distinction is “tricky,” as IT consultant and administrator William Hilsum notes. He continues, “A DNS server typically is for converting FQDN (www.xxx.com) to IP Addresses (192.168.0.1)…. On the other hand, ‘Name Server’ is typically used to locate a DNS Server.”
OpenDNS was was started by enterprising computer scientist David Ulevitch in July 2006. The company offered recursive DNS resolution for businesses, schools and homes. Some of the early products/services available included Phishtank (a user-shared anti-phishing database) and a web filter that blocked adult content which by 2010 became FamilyShield. More recently, OpenDNS introduced Security Graph (a intelligence and threat detection engine) in 2013. The company was acquired in an all-cash transacation by Cisco Networks for $635 million on 27 August 2015.
How to Use OpenDNS
Like other alternate DNS servers, the basic OpenDNS products are free and simple to use — no downloads are needed. Its most popular application is probably used as a web filter for home networking. It can be seamlessly interfaced on both the local router or individual client devices, no matter the platform (e.g., Windows, iOS, Android, Mac). OpenDNS offers three home internet security products: OpenDNS Family Shield, OpenDNS Home and OpenDNS Home VIP (at $19.95 per year). Click on the imbedded product links above for more information and setup instructions.
Per howtogeek.com, the following instructions below show how one can add OpenDNS to a router:
Open your web browser and go to your router’s address. Usually it is 192.168.1.1 type in the user name and password to access administrator settings. For this example I am using a Linksys WRT54GS, yours may be different but the entry is basically the same. Under basic setup find your router’s static DNS settings. Type in 18.104.22.168 and 22.214.171.124, hit save and you’re done!
Take a look at this brief and humorous intro to OpenDNS:
The Benefits and Features of Using OpenDNS
Remember, you don’t have to use the DNS server provided by your ISP or MSO. Third party servers like OpenDNS offer several features and benefits that your existing DNS server likely doesn’t have.
Faster Browsing. Depending on where the DNS server is located, one’s geographic location and the speed of one’s ISP servers, a third-party DNS server could offer faster browsing over the existing DNS server. It should be noted that ISPs have the reputation of lagging behind when it comes to implementing the latest DNS technology when compared to third party providers like OpenDNS and Google Public DNS.
Reliability Issues. Related to browsing speed is reliability. Some ISPs are lax when maintaining their network elements. Evidence of neglect can be found in the speed and stability of their DNS servers. When they perform less than optimally, websites load very slowly or even fail to load at at all. Hence a third party DNS server can offer more reliable service.
Web Filtering for Parental or Work Supervision. This service allows configuration to block specific types of websites with content that may be unsuitable for children or NSFW. When configuring a router, the settings will affect all devices running on a home or office LAN. Remember of course that tech-savvy teens — and aren’t they all? — can change the DNS server on their device to foil network filtering.
No Phishing. Another filtering service of OpenDNS allows users to block phishing sites. Today’s browsers such as Chrome and Firefox have native phishing protection but networks that run Windows XP with Internet Explorer 6 would be prudent to use OpenDNS for protection against identity theft. Note that Google Public DNS does not offer this service; their emphasis is on speed.
Better Security. Many ISP/MSO DNS servers lack security features such as Domain Name System Security Extensions or Domain Name System Security Protocol (DNSSEC) support. This DNS extension provides “origin authentification of DNS data, authenticated denial of existence and data integrity but not availability or confidentiality.”
As mentioned previously, one of the main reasons people opt for an alternative DNS is to speed up browsing on the Internet. A downloadable program called Namebench compares the DNS server from your MSO or ISP with other providers and informs you of the findings. With this information users can learn what DNS server is fastest for their application.Your intrepid author ran this test and much to his surprise discovered that the fastest service available was from an AT&T DNS server which ran 84% faster than his current primary DNS server. Those who wish to change the primary DNS server need to know their OS platform. The author uses Windows 7; detailed instructions for changing a device’s DNS server when using this platform can be found at https://www.opennicproject.org/configure-your-dns/how-to-change-dns-servers-in-windows-7/