When you see something new being lauded by Matt Mullenweg (of WordPress fame), Kevin Burton (of TailRank) and Chris Pirillo (of GnomeDex fame) you sit up and take notice.
In this case they are talking up a new service called OpenDNS. OpenDNS is a very simple idea – it is a centralised series of DNS servers which protect you against phishing sites and speed up your browsing.
How do you use the service? Simply change the DNS settings in your computer (or router) to point at OpenDNSs DNS servers (208.67.220.220 and 208.67.220.222) and off you go!
They claim to be much faster by enabling huge DNS caches (does this mean changes to a sites DNS settings will propagate more slowly?) and by having their caches “at the major intersections of the Internet” – so far U.S. only.
They also claim to protect you against phishing by comparing sites you want to visit against their database of known phishing attacks. This strikes me as a dubious claim as these sites change daily and keeping up with phishing sites is a fast paced game of leapfrog. Marshal Kirkpatrick is equally skeptical (if not more so!).
The speed difference of using the OpenDNS servers isn’t especially obvious for anyone based in Ireland. Browsing to any of my regular sites is in fact, initially, a little slower then normal (most are not in their cache yet I suspect) but speeds up on second load.
However, one place I did notice a definite speed bump was in my RSS reader. Chris Pirillo mentioned it in passing when he said:
If you use a news aggregator, either one (or both) of these solutions is mandatory
He was correct. Browsing websites might not seem much faster but my NetNewsWire RSS reader refreshed my >200 feeds in a fraction of the time it normally takes. Maybe this is how they should be promoting their service. Anyone else notice this?
Tom, thanks for taking a look.
On your specific points:
1. I hadn’t considered the impact on my RSS reader (NetNewsWire)… even for me, hard to remember that DNS is everywhere! 😉
2. OpenDNS absolutely respects TTLs (time to live), so our big cache will not be a hindrance to domain addressing updates. We do plan to add a “check this site directly, not against the cache” feature for the impatient domain owners among us.
3. London location should be up in about a week. Equipment is in country, and being configured/tested. We know that US UK does not equal the world. (see my post about this) More to come.
4. Our phishing data is updated daily, and accelerating from there. Read the phishing section of the FAQ for more details. We’re not a 100% solution. Anyone who says they are… well, there are bridges to sell. But we’re serious about making this protection the best we can. As I noted in the TechCrunch comments, I don’t expect you or like minds to be at high risk for this, but I’m sure you are the first call for tech support for someone who might benefit.
I’d also just like to point out that while we focus on safer, faster and smarter, being more reliable than your current options is really at the core of what we’re doing.
Happy to respond further, publicly or privately.
John Roberts
OpenDNS
It’s an interesting idea, but I too would be skeptical about it’s use against phishing sites. Funny it sped up your feed reader though. That made me think, since your reader sends requests to the same hosts every minute (or whatever) with little change (except when a new feed is added), what would happen if your reader cached the IPs locally? It could update them once a day to catch DNS changes. This sounds like such a good idea to me it must have been done. Anyone? If it’s not done, I’m doing it tomorrow (are there any good open-source readers out there?)! Someone tell me why this is a stupid idea before I go and waste a load of time on it. 🙂
I had a big speed improvement on my feed reader but I am using a new one (attensa) and will wait a few days before making my mind up.
Very interesting product though which shouldn’t be too difficult to replicate.
According to the OpenDNS FAQ, OpenDNS uses live information from three external services to protect its users from phishing sites, so their phishing protection data should be rather current. And, later this summer, they will be introducing “a free community site, with API, which will serve as a collaborative clearing house for data and information about phishing and malware on the Internet.”
Hm….. I’m not sure how much of a boost it would give to your RSS aggregator.
I’m sure it would def help but you’d probably have to have a HUGE DNS problem for you to see a significant boost.
BTW……….. this realtime preview thing you got going on in your comment form is REAAALY slow on my computer… 100% CPU while I type… fun 🙂
Tom,
I just set it up at home and definitely seems to deliver with more speed, especially with bloglines. (FYi to other readers: I am based in Austin, Texas)
John – thanks for stopping by and clarifying those points.
Eoghan – RSSOwl is a cool little cross-platform open source RSS reader
Pat – keep me posted
James – thanks for the info
Kevin – it does seem to have boosted my feeder – not sure why. On the Live Comment Preview plugin. I have seen that behaviour occur. Usually a re-start of the browser (or opening the page in another browser) sorts it out. I don’t know is it due to memory leakage in the browser, or a plugin clash or what but it is not normal behaviour for the plugin and can be quickly resolved as I have advised. Sorry if it caused you problems 🙁
Colin – good to know, cool. By the way, my sister has just come home from Dallas for a few days and loves how cool it is here! Just thought I’d tease you!!!
I enabled this last week after reading about it on Jason Kolb’s blog and all seemed well. The only visible change was when I mistyped URLs (I’m always typing xom instead of com) it auto-corrected them.
But I had to revert to my standard DNS servers this morning as I was getting constant hosthame lookup failures. When I pinged their DNS server IPs, I discovered that only one of them was alive. I’m guessing it it is Techcrunch effect?
In any case, there is not enough upside for me to try them again.
Conor, when you say that “only one of our DNS servers was alive” based on pinging, I think you’re misinterpreting the results. We anycast the two nameserver addresses, and you are — based on your location — always sent to one location (the closest one, network wise). If that location is unavailable, then you’ll be invisibly sent to another location. The point? You would only “see” one location at a time from any single point. From Ireland, most likely you would be sent to New York, at least for a few more days, until London is online.
Our servers are barely registering the traffic to date.
I’m firstname at opendns.com –> send your traceroute or any other data showing us problems.
John
OK, but if I ping 208.67.222.222 and 208.67.220.220, should they both not at least reply (which they are currently doing)? Only one was replying this morning.
This morning I had the DNS IPs on the PC set to the OpenDNS ones and I was getting hostname lookup failures. I had left the router using my ISP’s DNS IPs for the moment.
So due the failures, I pointed the PC back to using the router’s IP for DNS and the problems went away. Whilst my understanding of why I had a problem may be off the mark, I did still have a problem using your DNS servers. I’d be happy to play more if you want me to try anything.
Being skeptical of something is an easy thing to do. To create something is much harder. Suffice to say, if OpenDns were to only reduce the number of phishing attempts against you by 1%, that’s 1% better than you had before, at no cost to you.