Am 13.11.2008 um 17:26 schrieb Matt LaPlante:
The very nature of OpenDNS conflicts with the concept of anonymity and privacy. By using the service, you're not only giving them the opportunity to track your requests, you're also allowing them to redirect your lookups to third parties at will.
If you switch off the redirects, this is true for any DNS resolver you might use and not OpenDNS specific.
If your local DNS resolver has not recently been updated and doesn't use random ports for queries it's always better to use OpenDNS for security reasons, since else you are vulnerable by cache poisoning.[1]
For the same reasons, if want to use your own caching resolver, make sure you are using a current version that uses random query ports, and make sure the resolver is NOT behind a NAT router, because NAT destroys the port randomization.
Sven [1] http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
Attachment:
smime.p7s
Description: S/MIME cryptographic signature