Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

New(?) Anti-Fraud DNS service 186

knownsense writes "A new DNS system to foil spammers, abusers, and other ills of the Internet is around the corner, reports Wired. It claims to be more user-friendly than your ISP's DNS. Among its claimed advantages . . . Faster myspace(!?), coordination with spamhaus, and typo-squatter squashing. The actual service is called OpenDNS."
This discussion has been archived. No new comments can be posted.

New(?) Anti-Fraud DNS service

Comments Filter:
  • by winkydink ( 650484 ) * <> on Monday July 10, 2006 @09:07AM (#15690440) Homepage Journal
    much in the same way that many now block 25. This will be in reaction to bots that start using a shadow/private DNS built into the bot. I don't see how OpenDNS survives this emerging trend.
  • I give it 2 weeks (Score:4, Interesting)

    by Intron ( 870560 ) on Monday July 10, 2006 @09:16AM (#15690491)
    How long until the service is sued by either
    • A user who it fails to block from a phish site, or
    • A "legitimate" business that gets blocked?

    Its one thing to supply facts, but this service is editorializing DNS. I think they are leaving themselves open to attack based on their choices.
  • Re:Better how? (Score:4, Interesting)

    by Vorondil28 ( 864578 ) on Monday July 10, 2006 @09:46AM (#15690661) Journal
    I believe this would qualify as a hack. []
    1. n. Originally, a quick job that produces what is needed, but not well.
    In this case, the real problem is the people behind the scams, but to fix it they're mucking a system that already works beautifully now.

    But in the end, no one is being forced to use it. This won't have any affect on the current system, so whomever they "cater to" won't matter to the overwhelming majority of people who stick with vanilla DNS.
  • by davidu ( 18 ) on Monday July 10, 2006 @11:03AM (#15691232) Homepage Journal

    This POS is neither new nor newsworthy nor useful, at least not for the reasons they try to sell it to you for.

    Well, to be fair, you're responding to the article and not the service. But I'm going to go through and answer each of your points because this post seems to cover a lot of the really important topics.

    An alternative-root DNS system will never work (since Critical Mass is impossible to attain).

    I couldn't agree with you more and we are *NOT* an alternate root. If you are using our service, you are using the real ICANN assigned roots. Period. Full Stop.

    OpenDNS is new particularly because of how we do what we do. We have built a recursive nameservice. That means that we are making the changes only for a client and not for the entire Internet. The article, while good at trying to cover a hard topic, fails to mention that not only are we opt-in but we can set preferences for different users.

    So if you don't want us catching typos, we won't. If you just want straight, normal DNS that's just using a bigger and faster cache, that's just fine by us. We aren't going to mess with you later for deciding that you just want a more reliable DNS. But when you setup your neighbor or mom or brother or friend you might decide they are better off with an added layer of security. The choice is, of course, yours and always will be.

    Myspace will not get faster. Whoever made you believe that is selling snake oil, too.

    First, MySpace is just an example, of course. It does like 10 DNS requests on the homepage loading web,ad,image server FQDNs. But to respond, empirical evidence thus far (from really smart people) would disagree with that statement. Hopefully we'll have some good and more scientifically grounded data soon. If you want to help out with that, let me know.

    In fact, your DNS will actually slow down by a good bit; at least if you belong to the majority of the world (unlike root DNS servers, which actually deliver geographical and network dispersion). The big cache they are so proud of will create lots of problems if they actually do it differently from regular DNS resolver caches that you have at every major (and minor) ISP -- and those will be a lot closer to you than OpenDNS ever will.

    Most resolvers tend to churn through their cache long before TTLs expire so what you're saying isn't exactly true. In many instances most recursive DNS servers toss out a bunch of glue that is consistently being re-fetched. While it's important to respect TTLs (and we absolutely do), it's also important to keep stuff in your cache to get the benefit of the TTL that was set by the zone owner. That's not happening and that's making your DNS not perform well. And it's more than just adding more ram to the system. DNS is 20 years old and it's now a quite critical piece of infrastructure. It's beautiful in many ways, but one way in which it isn't is with how resolvers work. Really, nobody has ever spent much time working on making a killer resolver until recently.

    Fixing typos is a double-edged blade. Sure it's nice if slashdo.torg works. How about whitehouse.gom, though ? And who decides that is really typo-squatter ? (They might just make nice juices !)

    We don't redirect typos like that. We have a ton of requests to do that, but we don't yet for exactly the reason you point out. It's a tough road to go down, and if we do it, it'll be a preference you set with a little checkbox or something. Not a choice I should be making for you. Our goal is to empower you to control what used to be this black box of a memory structure in a DNS server and add some transparency to it for you. That was lost a bit in the article as it focused mostly on the security aspects of our service but there's more; much more.

    Their business model is funny, too.

If it's not in the computer, it doesn't exist.