OpenDNS Makes Your Internet Ãœber
OpenDNS is the cutting-edge Internet service by a San Francisco-based startup founded by David Ulevitch. Simply put, with OpenDNS you are no longer tied to using your ISP’s slow DNS servers. I have been using OpenDNS for almost a month now and I can tell you that there are more than just speed improvements. Before I get into it, let me explain the whole DNS model.
As I mentioned in How To: Start Blogging, whenever you access a website your computer first contacts a domain name server (DNS) to find out what server IP address is paired with that particular domain name. By default without any configuration your computer automatically uses DNS servers provided by your ISP which are commonly overused and slow. As Chris Pirillo pointed out, you can experience anywhere from 50 milliseconds to a second or more when dealing with slow DNS’s before your computer can interact with the actual website.
Enter OpenDNS. By configuring your computer to use the domain name servers at OpenDNS you can benefit from more reliable and faster DNS servers and queries. But it doesn’t stop there - OpenDNS provides protection against known phishing sites and allows for a user-friendly Internet experience with on-the-fly TLD (.com, .net, etc) spelling corrections. As OpenDNS begins adding features you have the ability to control them via a preferences page on the site. Their service truly gives you some control over the Internet.
To the end user, the OpenDNS service is truly transparent. You won’t really notice that you’re using it with the exception of the speed and security improvements. It does nothing to hinder your browsing habits. There are however the few times when it doesn’t know of the website you are trying to access and treats your address bar entry as an OpenDNS search engine query. For the little time that OpenDNS has been public and active, they seem to be handling the load quite well with over 60 million DNS queries daily.
Okay so now that I’ve got your attention you’re probably wondering how you too can start browsing with OpenDNS. It’s rather simple, all you need to do is tell your computer (or router if you’re on a network) to use the OpenDNS servers whose IPs can be found on this start page. Fortunately, they offer comprehensive guides to setting it all up. However there are some situations where OpenDNS won’t work. When I was in California, OpenDNS refused to work on the hotel internet (behind a network). The only thing that really matters to me at least is that I’ll be able to benefit from OpenDNS at home and in this case it works perfectly.
In OS X, configuring OpenDNS is as simple as dropping in these two IP’s in sys prefs » network » configure ethernet/airport » TCP/IPOpenDNS is on my “startups to watch” list - I can see great things coming from them in the near future. Imagine having a control panel for your entire Internet experience. OpenDNS is the company that can make it happen.
Very interesting concept. I’ve heard good things about OpenDNS and how it improves DNS load times. Next step will be having your own personal DNS server with DS3 connection.
DS3 is so 1999…
I’ve read quite a bit about OpenDNS but haven’t taken the plunge. It seems like a really neat thing to start messing around with and maybe this post was the boost I needed. Thanks for the sweet writeup, Paul.
Thanks, Paul!
What all of us really want is OC-3 (at least) to the home. But glad we can help in the meantime.
Regarding the hotel network… we’re hoping to talk to that kind of network provider about not locking down DNS in the future.
If you run into other problems, please let us know. We’ve got a lot planned, but speedy, reliable DNS is the first step.
Cheers,
John
OpenDNS
I’ve been trying it out using Firefox with the Faster Fox extension and it seems to be sheding about .2 seconds of the load time. Thanks for the tip.
Been using OpenDNS for about 3 weeks now and have definitely noticed some speed increases…cool stuff.
I just recently started using it for more than a week now. It like it but I just have one issue with it. You see I’m not sure its that much faster than my ISP. OpenDNS says that their DNS server that is closest to me is in Washington, D.C. but my ISP is a smaller ISP (well smaller than Turner and Comcast). I think its DNS server is closer but I’m not entirely sure. I’m using a ISP known as Knology and its based out of Georgia. So it might be closer than OpenDNS’s server. I’m also not really sure how I can test this.
This is a great tip. I would have never thought that using a DNS service other than my ISP’s would be beneficial. I’m noting a huge speed increase. I guess Verizon’s DNS is a POS.
I have been using OpenDNS for about a week. I have noticed considerable performace improvements compared to my ISP’s DNS servers (my ISP is Optimum Online).
I’m glad the word is getting out there more and more; this truly is a wonderful service!
It’s nice to have a backup DNS anyway. Via Digg, there was a guide to set up your own DNS server, but it looked complex. This other unix-based guide seems more doable.
I’d just like to point out the David Ulevitch went to my school. He makes good stuff, but ya’ll already know that.
It’s even fast for me (living in Greece). I hope they can open their London data center soon.
Obviously this service does have some advantages. But I’m curious about the few people here who said they noticed considerable/huge/etc speed increases… Just how many different websites do you go to every few minutes? How does this speed increase come?
Once an address is resolved by the DNS process, it stays cached on the local computer/browser for quite a while. So the only speed increase anyone is likely to feel will be the first time they access a website every day/hour/session. Plus, the ISP’s DNS server is likely to cache the address further, so even if it’s a slow server the next resolution for the name will go faster.
So to have a huge speed increase, and a consistently noticeable one, someone will have to go and open a lot of different websites (different sites, not just different pages on the same site), in a short duration of time. And do to that repeatedly. Probably also closing and running the browser again each time.
Why and how are you doing that? I’m really curious. It doesn’t seem to me to fit any sort of “regular” network and browsing pattern.
Not to mention there are tons of public DNS servers besides this OpenDNS, so not sure why you are “watching” this startup “company”? Just another mountain made out of a molehill if you ask me.
Yaron,
Most ISPs do a poor job of running DNS. It’s not their core competency and they don’t realize its importance to the user-experience. You’d be surprised at how bad some ISPs like Comcast are at providing DNS. Their caches actually cause more harm than you’d imagine.
Additionally, no ISPs provide their users with any choice in managing their DNS. The fact that we’re faster and more reliable is just the cornerstone of our company. Never before has anyone provided management and control of the DNS from the end-user and end-network perspective.
You have anti-virus software, anti-spam services, etc. but DNS is just a firehose. Not any more. People can claim that DNS can’t fix everything, but it can fix a lot and having insight and intelligence into recursive DNS is important. Issues like phishing, botnets, keyloggers, malware distributers, spamsites and tons of other “crap” all use DNS. Let’s secure the DNS and then move our way up the stack.
And Andrew — most public DNS servers suffer the same problems as your ISPs. I guess we just need to prove it better. :-)
The only caveat would be an ISP who wanted to use OpenDNS and let their users manage the preferences, that’d be an ISP that had a clue.
Oh, and to be totally upfront, Speakeasy actually runs pretty good DNS servers but everyone already knows they are awesome, so no surprise there.
Thanks for the write up Paul and I’m glad you like the service. I’m sorry I didn’t get to meet you last night, I saw your name on the RSVP list for STIRR. Next time…
-david
Thanks for the reply, David.
You’d be surprised at how bad some ISPs like Comcast are at providing DNS. Their caches actually cause more harm than you’d imagine.
So it will be more than a whole second to get a DNS result? If that’s the case, I agree it’s terrible, and they have a big problem. But I also think their customers should yell at them, not go elsewhere, because DNS actually IS a big part of what an ISP offers.
Though that’s not an option if there are people who don’t really have an alternative. I’m not familiar with the US ISP market well enough.
I certainly agree that a good DNS can work better than a bad DNS, and provide faster name resolution. What I don’t quite get, as I wrote, is the people who not only say they feel some improvement, but who feel drastic improvement. Most people don’t run so many DNS queries as a part of normal computer usage and browsing. A site will load faster once, but then it will be cached by the browser. And the browser cache does work immediately, regardless of how the DNS server is set.
So I wanted to hear from them how a normal browsing session for them looks like. Why is it not a “yes, it’s good” but a “yes, it’s much much better and I feel it all the time” sort of thing?
most public DNS servers suffer the same problems as your ISPs.
Why?
For the ISPs you said it’s not their core competency. I think it should be a part of the basic ISP service, but I can agree many ISPs may not consider it like that.
But public DNS servers? I have a feeling that if someone is providing a DNS server, then their core competency will certainly be DNS. It’s not like they have anything else to focus on. No?
Additionally, no ISPs provide their users with any choice in managing their DNS.
That’s true, and is indeed something ISPs don’t provide. This is why I only asked about the speed issue, not this.
On the other hand, aren’t most people using *dynamic* IPs? A very large majority of people, even? And while dynamic IPs on broadband connections may last a long time, they still do change…
This is also something that should be very seriously considered. Certainly catching requests for known phishing domains, and passing them to the correct one, or to a warning page, is a good thing. But it’s also breaking the DNS protocol, because there is a registered domain, and yet your DNS server will not resolve to it. This is a problem even before you start to consider who makes the decisions, and how mistakes are handled.
It’s worse for trying to correct common typos. Because the typo domain may be registered to someone, in which case just ignoring it at the DNS level, because probably that’s not what the user wanted, is a big deal.
So yes, this is why you make it optional. But DNS is usually a set and forget sort of thing, people may change the DNS address and then leave it alone and forget about it. And then not understand why different computers get them to different sites for the exact same addresses.
Basically, if a DNS server doesn’t resolve names according to the actual registered domains, doesn’t it it breaks DNS as a uniform naming and addressing system?
i been thinking of getting my own DNS on a spare linux box….as for OC-3, screw that i rather have quad OC-256.
Yaron,
I’m going to reply later tonight. I’m currently at Cisco waiting to talk about DNS (of course).
http://isotf.org/isoi.html
Your questions are good and deserve the time it takes to write a clear answer. I’ll have that time later tonight. :-)
-david
Honestly? Makes no difference to me. If it is faster, it’s not fast enough for me to notice.
I just changed my DNS to OpenDNS too, on my router, and there was an instantly increase in speed.
The only worry I have is if OpenDNS consider a site to be evil, what if I want/need to get there for research, this there no wany to override it short of changing my DNS back?
Nice call on this one Paul
I’m not 100% with these guys yet. But then again, the only person I trust with my data is myself.
Yaron,
Sorry for the late reply, there’s got to be a better way to keep track of comments I leave on blogs that I mean to come back and check up on… I got busy this weekend with the SRL festivities in San Jose. :-)
In response to your question about how bad ISPs can really be? Well, you might be lucky in Europe by having good ISPs (like XS4ALL) and others but when we bring up our London location (As soon as AS701 and AS2914 quit being lame and bring us circuits) I invite you to test it out and see. If we come up at the AMS-IX later in the year or early 2007 we’ll be fully populated for Europe. :-)
In response to the browser cache issue, when you load a page like http://www.myspace.com you do like ten requests from your browser including things for image servers, ad servers, etc. Those all often have low or zero TTLs which expire super quick. You also don’t carry the glue for any of those records and your ISPs is likely churning through them at a quick rate making it leg work for your lookups. End result, slowness, regardless of DNS caching on your side.
In response to the part of about public DNS servers. There aren’t any that are focused on performance. In fact, most people are running open servers by accident (contributing to the DNS amplification attack) or are otherwise unable to shut it down due to internet reliance on them (4.2.2.1 comes to mind, which is NOT a high-performing nameserver, although it does appear anycasted within Level3)
We’ll deal with Dynamic IPs and more when we roll out a full blown account management system.
As for the rest of your questions, those are best had on the dns-operations mailing list where we can discuss them in a better forum, where it’s already been discussed and will likely be discussed quite a bit more. To be brief though, the notion that there is “one true DNS tree” has long since been dead (thanks to split horizon, views, CDNs, internal DNS, etc) and I believe acknowledging that and starting to secure and enhance the recursive DNS layer is an important step for the Internet. You’ll find most others agree though I welcome an open discussion (as you can see). :-)
-david
Dan,
Good comment about privacy issues. One comment, two questions:
Comment: You know we have no idea what URLs you visit right? We know the hostname but not the URL, not a huge privacy violation there. Plus, we make our privacy policy quite clear and at the end of the day, I’m not going to tell some kids mom that their kid is looking at porno. I use OpenDNS too. ;-)
1) Who does your DNS now are what makes you think they aren’t logging it? (Particularly if your ISP is ATT)
2) What makes you think the root-servers and GTLD-roots aren’t logging everything already (and I know a few TLD and GTLD operators who are, for the record).
-david
hey frnz i want ur help on usin open dns services i have a acct wid dem also…bt d problem i m facing is creating network for my two pcs….
d ip of one pc is d one provided by my isp n d oder has 192.168.0.1 as its ip n both r sharing d same internet connection by cross cabling …
i hv also registered wid opendns.com….
now d problem i m facing is how to create network for my both pcs..plzz help me out…
n thanx to all of u in advance.
@Nikhil - I’m sorry but I have no idea what you just said.
Are you being paid to write all this?
@Sharvil - Do you see a disclosure notice? (no I’m not being paid)
Sharvil,
I did give some stickers to Paul when I met him (long after this post was written) but I got some PaulStamatiou.com buttons from him so that was probably a fair trade. :-)
-david ulevitch
@Paul:
Sorry. Your optimistic and positive way of writing just made me wonder :-).
I will now read all the details before commenting.
@David:
Yes, absolutely fair trade. And you have done a great job with OpenDNS.
I am impressed that you are not doing it for a commercial gain but for the community. Keep up the good work.
@sharvil — We make money. So does my other effort, EveryDNS.Net — I don’t think doing cool things and making money are mutually exclusive. :-)
@David:
Alright, I would just say OpenDNS is uber-cool.
It is a simple but a strong concpet.