Re: Open DNS

[Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx>]

xiando wrote:

> > I read an article from LH this morning about the OpenDNS service.
> >
> > http://tinyurl.com/24y2cn
> > http://www.opendns.com/
> >
> > Can I use this with Tor? Will that void any anonymity provided by Tor?
> > Forgive me if this is a stupid question.
>
> I call SCAM. Yes. SCAM, I tell you. This isn't really Tor related, so I'll 
> keep it short. In bullet summary, we know:

I think you misunderstand the meaning of the word "scam".

> Their nameservers are:
>
> nameserver 208.67.222.222
> nameserver 208.67.220.220
>
> At first blush their service may seem plausible. However, try them and visit 
> something like www.akljfdlkajdfasfd.com, which takes you to:
> http://guide.opendns.com/?url=www.akljfdlkajdfasfd.com
>
> I'm sorry, but if I try a non-existing domain then I prefer to be informed 
> that the domain can not be found. OpenDNS will tell you "Sure, there's a 
> website called whateveryoutrytoresolve.com, here's the IP, and you should go 
> visit that site and view all these advertisements we've put up there".

If you'd spent two minutes reading their website you would have noticed 
that by signing up for an account you can turn off the feature you 
mentioned above. It's called "typo correction" and is described:

"When OpenDNS receives a request to resolve a domain which does not 
exist (known to techies as NXDOMAIN or RCODE 3), OpenDNS first attempts 
to correct any known typos and resolve the domain again. If that fails, 
OpenDNS uses the request as a search query to give you a page of search 
results. If you turn this feature off, you will no longer have us 
correct typos for you. Note: mail servers running DNSBLs and URIBLs work 
fine with typo correction enabled."

You can hardly blame them for turning this on by default and using the 
advertising. But you can certainly applaud them for making it optional. 
It is a FREE service after all.

> Further, their nameservers really aren't all that fast. I've got 50ms ping to
> them and it takes them 345 ms to resolve a domain. They do cache, so if you 
> lookup the same name twice then you get a quicker response, but so does bind 
> and tinydns and those respond in 1msec if it's cached.

That could be them doing typo correction for you. As far as I can see 
they're bloody fast. Your lack of knowledge about how their system 
works, the fact that you never posted any benchmarks, and you're poor 
usage of the word "scam" makes me disregard your speed comments.

> As for Tor: I want to get a message saying the domain isn't found if it 
> doesn't exist - I don't want no mikey mouse bullshit advertisement landing 
> page. Thus; I'd really dislike it if you use OpenDNS with Tor and now you're 
> sending all these random Tor-users to view the stupid advertisement.

He never said he'd do that. But guess what, if he wanted to do it, he 
could turn off the advertising.

> Now that you know OpenDNS is bullshit scam, consider this:
> I setup a fast Tor exit server, it uses my wildcard nameserver for it, I 
> redirect every resolve failure to a landing page, I'm fairly sure that would 
> upset quite a lot of people.. 

That's not what he said he'd do.

> So don't use OpenDNS at all, specially not with Tor. I call it a SCAM. Perhaps 
> that's a little harsh word, but I do view their "service" as basically 
> nothing more than any other nameserver out there except that they wildcard 
> any non-existing domain to their advertisement page.

Read their documentation. Everyone else, ignore this guy and check out 
the service yourselves.

Mike

P.S. I have no relationship to this site in any way other than having a 
peak at it a year or two back, and just signing up for a new account.