Solved

Use OpenDNS or ISP's DNS servers

Posted on 2008-10-30
4
1,054 Views
Last Modified: 2013-12-25
What are the benefits, from your experience or knowledge, or OpenDNS over the ISP's default DNS servers?   Would you recommend to always use OpenDNS, never, or what are the factors?  A key in my mind is the speed "benefit."  How can that be best tested and measured?  Are there any reliable generalizations that can be used as a "rule of thumb" to know when to use OpenDNS or not.

I have read the OpenDNS site and a number of others so don't just post links.  I don't mind them as a reference or resource with more info but want your expertise too.  Thanks for your help and time.

Let me know if there is a question about this.

bol
0
Comment
Question by:b0lsc0tt
  • 2
4 Comments
 
LVL 3

Assisted Solution

by:therockyb
therockyb earned 225 total points
ID: 22847308
Hi,

Here is my suggestion,

I set 4 DNS resolvers , first one is the ISP, second OpenDNS, third ISP and fourth OpenDNS.

I then use a very low time out for the dns query (2 seconds).

Depending on who is your ISP they normally host their DNS servers on their network and they have a low latency, you can't alway be sure of the latency of OpenDNS because the request is going on Internet versus your ISP dns servers being on their ''intranet''.

There is 2 things to monitor/consider... the latency to reach the server and the delay for the request to be completed.

You can easily monitor both, ping you ISP dns server for 6 or more hours and send the results to a file (ping -t YOUR_ISP_DNS_SERVER > d:\latency.txt) (then order the result in excel to check the average and the peaks) you can do the same for OpenDNS.

Now to the check the delay to answer the dns request you can use a tool like network-tools.com/nslook, input you ISP dns server and you should get a result like this : [xxx.xxx.xxx.xxx] returned a non-authoritative response in 63 ms

You can do the test a couple of time during the day and keep track of the records for both opendns and your ISP dns servers.

At the end if latency of both tests are better with you ISP keep the order suggested on the beginning, if not, inverse the order to have OpenDNS in first and third position.

I would recommend for sure to implement it what ever the order you choose, if your ISP DNS servers ever get down, you would not even notice with a low timeout set for the queries. I would not recommend to remove completely your ISP dns servers in case OpenDNS ever had a problem.
0
 
LVL 16

Accepted Solution

by:
sh0e earned 275 total points
ID: 22847320
I have deployed OpenDNS in a couple of locations.  It was done mostly for the DNS filtering.
I needed something to filter out "objectionable" material, and OpenDNS was the least intrusive and free.  I know it's easily circumvented with some technical knowledge, but I can just point out deliberate attempts and it allows me to say "I have preventative measures in place" when people ask.

There have been no noticeable down-times.  They have a chart showing their uptime/downtime, as you can notice there is virtually no downtime:  http://system.opendns.com/ .  This was true even during their growth (there were some servers down, but nothing that you would notice).
I have noticed that DNS resolves "feel" faster.  It's definitely a plus that you can fall back on someone dedicated to serving DNS, in case your ISP's DNS server has problems.  This has actually gotten me out of a few hassles here and there.  But I'm not sure if it's actually faster.
If you'd like something more definitive, you could whip up a nslookup script.

If you are worried about privacy, you may want to consider whether you want to trust OpenDNS with your traffic data (DNS requests).  They have a privacy policy, and claim they won't abuse data collected, but you never know.

To summarize, I don't see any big pluses or negatives to using OpenDNS.  I have personally had few problems with it.  If you want some minor content filtering, it's quite good.  It's pretty stable and feels fast, and can back you up if your ISP's DNS is unreliable.  It sure wouldn't hurt to add it as a secondary or fallback DNS server.
0
 
LVL 54

Author Comment

by:b0lsc0tt
ID: 22957292
Thanks for the responses and info.  It has been an interesting question.
bol
0
 
LVL 54

Author Closing Comment

by:b0lsc0tt
ID: 31511934
Thanks!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now