Solved

Use OpenDNS or ISP's DNS servers

Posted on 2008-10-30
4
1,088 Views
Last Modified: 2013-12-25
What are the benefits, from your experience or knowledge, or OpenDNS over the ISP's default DNS servers?   Would you recommend to always use OpenDNS, never, or what are the factors?  A key in my mind is the speed "benefit."  How can that be best tested and measured?  Are there any reliable generalizations that can be used as a "rule of thumb" to know when to use OpenDNS or not.

I have read the OpenDNS site and a number of others so don't just post links.  I don't mind them as a reference or resource with more info but want your expertise too.  Thanks for your help and time.

Let me know if there is a question about this.

bol
0
Comment
Question by:b0lsc0tt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 3

Assisted Solution

by:therockyb
therockyb earned 225 total points
ID: 22847308
Hi,

Here is my suggestion,

I set 4 DNS resolvers , first one is the ISP, second OpenDNS, third ISP and fourth OpenDNS.

I then use a very low time out for the dns query (2 seconds).

Depending on who is your ISP they normally host their DNS servers on their network and they have a low latency, you can't alway be sure of the latency of OpenDNS because the request is going on Internet versus your ISP dns servers being on their ''intranet''.

There is 2 things to monitor/consider... the latency to reach the server and the delay for the request to be completed.

You can easily monitor both, ping you ISP dns server for 6 or more hours and send the results to a file (ping -t YOUR_ISP_DNS_SERVER > d:\latency.txt) (then order the result in excel to check the average and the peaks) you can do the same for OpenDNS.

Now to the check the delay to answer the dns request you can use a tool like network-tools.com/nslook, input you ISP dns server and you should get a result like this : [xxx.xxx.xxx.xxx] returned a non-authoritative response in 63 ms

You can do the test a couple of time during the day and keep track of the records for both opendns and your ISP dns servers.

At the end if latency of both tests are better with you ISP keep the order suggested on the beginning, if not, inverse the order to have OpenDNS in first and third position.

I would recommend for sure to implement it what ever the order you choose, if your ISP DNS servers ever get down, you would not even notice with a low timeout set for the queries. I would not recommend to remove completely your ISP dns servers in case OpenDNS ever had a problem.
0
 
LVL 16

Accepted Solution

by:
sh0e earned 275 total points
ID: 22847320
I have deployed OpenDNS in a couple of locations.  It was done mostly for the DNS filtering.
I needed something to filter out "objectionable" material, and OpenDNS was the least intrusive and free.  I know it's easily circumvented with some technical knowledge, but I can just point out deliberate attempts and it allows me to say "I have preventative measures in place" when people ask.

There have been no noticeable down-times.  They have a chart showing their uptime/downtime, as you can notice there is virtually no downtime:  http://system.opendns.com/ .  This was true even during their growth (there were some servers down, but nothing that you would notice).
I have noticed that DNS resolves "feel" faster.  It's definitely a plus that you can fall back on someone dedicated to serving DNS, in case your ISP's DNS server has problems.  This has actually gotten me out of a few hassles here and there.  But I'm not sure if it's actually faster.
If you'd like something more definitive, you could whip up a nslookup script.

If you are worried about privacy, you may want to consider whether you want to trust OpenDNS with your traffic data (DNS requests).  They have a privacy policy, and claim they won't abuse data collected, but you never know.

To summarize, I don't see any big pluses or negatives to using OpenDNS.  I have personally had few problems with it.  If you want some minor content filtering, it's quite good.  It's pretty stable and feels fast, and can back you up if your ISP's DNS is unreliable.  It sure wouldn't hurt to add it as a secondary or fallback DNS server.
0
 
LVL 54

Author Comment

by:b0lsc0tt
ID: 22957292
Thanks for the responses and info.  It has been an interesting question.
bol
0
 
LVL 54

Author Closing Comment

by:b0lsc0tt
ID: 31511934
Thanks!
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Make the most of your online learning experience.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month5 days, 20 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question