Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1104
  • Last Modified:

Use OpenDNS or ISP's DNS servers

What are the benefits, from your experience or knowledge, or OpenDNS over the ISP's default DNS servers?   Would you recommend to always use OpenDNS, never, or what are the factors?  A key in my mind is the speed "benefit."  How can that be best tested and measured?  Are there any reliable generalizations that can be used as a "rule of thumb" to know when to use OpenDNS or not.

I have read the OpenDNS site and a number of others so don't just post links.  I don't mind them as a reference or resource with more info but want your expertise too.  Thanks for your help and time.

Let me know if there is a question about this.

bol
0
b0lsc0tt
Asked:
b0lsc0tt
  • 2
2 Solutions
 
therockybCommented:
Hi,

Here is my suggestion,

I set 4 DNS resolvers , first one is the ISP, second OpenDNS, third ISP and fourth OpenDNS.

I then use a very low time out for the dns query (2 seconds).

Depending on who is your ISP they normally host their DNS servers on their network and they have a low latency, you can't alway be sure of the latency of OpenDNS because the request is going on Internet versus your ISP dns servers being on their ''intranet''.

There is 2 things to monitor/consider... the latency to reach the server and the delay for the request to be completed.

You can easily monitor both, ping you ISP dns server for 6 or more hours and send the results to a file (ping -t YOUR_ISP_DNS_SERVER > d:\latency.txt) (then order the result in excel to check the average and the peaks) you can do the same for OpenDNS.

Now to the check the delay to answer the dns request you can use a tool like network-tools.com/nslook, input you ISP dns server and you should get a result like this : [xxx.xxx.xxx.xxx] returned a non-authoritative response in 63 ms

You can do the test a couple of time during the day and keep track of the records for both opendns and your ISP dns servers.

At the end if latency of both tests are better with you ISP keep the order suggested on the beginning, if not, inverse the order to have OpenDNS in first and third position.

I would recommend for sure to implement it what ever the order you choose, if your ISP DNS servers ever get down, you would not even notice with a low timeout set for the queries. I would not recommend to remove completely your ISP dns servers in case OpenDNS ever had a problem.
0
 
sh0eCommented:
I have deployed OpenDNS in a couple of locations.  It was done mostly for the DNS filtering.
I needed something to filter out "objectionable" material, and OpenDNS was the least intrusive and free.  I know it's easily circumvented with some technical knowledge, but I can just point out deliberate attempts and it allows me to say "I have preventative measures in place" when people ask.

There have been no noticeable down-times.  They have a chart showing their uptime/downtime, as you can notice there is virtually no downtime:  http://system.opendns.com/ .  This was true even during their growth (there were some servers down, but nothing that you would notice).
I have noticed that DNS resolves "feel" faster.  It's definitely a plus that you can fall back on someone dedicated to serving DNS, in case your ISP's DNS server has problems.  This has actually gotten me out of a few hassles here and there.  But I'm not sure if it's actually faster.
If you'd like something more definitive, you could whip up a nslookup script.

If you are worried about privacy, you may want to consider whether you want to trust OpenDNS with your traffic data (DNS requests).  They have a privacy policy, and claim they won't abuse data collected, but you never know.

To summarize, I don't see any big pluses or negatives to using OpenDNS.  I have personally had few problems with it.  If you want some minor content filtering, it's quite good.  It's pretty stable and feels fast, and can back you up if your ISP's DNS is unreliable.  It sure wouldn't hurt to add it as a secondary or fallback DNS server.
0
 
b0lsc0ttAuthor Commented:
Thanks for the responses and info.  It has been an interesting question.
bol
0
 
b0lsc0ttAuthor Commented:
Thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now