Just use OpenDNS

warning! Unless you frequent tech publications on the web, you’re probably not aware that a critical flaw in many DNS system implementations was found recently (DNS is what translates http://www.google.com into an IP address – learn more at Wikipedia). On July 7th, news of the design flaw that researcher Dan Kaminsky discovered started to spread. The next day, many vendors (including Microsoft, which hosted the press conference) participated in a coordinated release of patches. A few days ago the first exploit code started to appear, making it even more critical that DNS systems are patched soon.

As of today, many major ISPs are not patched and remain vulnerable. You can see if your ISP is vulnerable by visiting Kaminsky’s site and clicking the “Check My DNS” button on the right side.

Or, you can just switch your DNS servers to OpenDNS and be done with it. I came across OpenDNS on the day it launched two years ago, and have used them on some machines ever since. Turns out that OpenDNS is one of the few that were unaffected by this flaw:

I’m very proud to announce that we are one of the only DNS vendor / service providers that was not vulnerable when this issue was first discovered by Dan. During Dan’s testing he confirmed (and we later confirmed) that our DNS implementation is not susceptible to the attack that was discovered. In other words, if you used OpenDNS then you were already protected long before this attack was even discovered.

Switching your DNS settings to OpenDNS is really simple and takes about two minutes. To get started, just visit http://www.opendns.com/start and follow the instructions. Or if you know what you’re doing, then the nameservers you want are 208.67.222.222 and 208.67.220.220.

As always, make sure you have installed all of the latest patches for your computer (that would be Automatic Updates for Windows users).

OpenDNS

Post ImageI came across OpenDNS today via Geek News Central. I have been meaning to look for something like this for quite some time. Basically, it is a DNS service, used by your computer to look up the IP address of a domain name. Whenever you setup your Internet connection on your computer, or router, or other device, you have to enter DNS servers that it can use to “resolve” domain names (convert to an IP). Until finding OpenDNS, I had just used the ones I was given from Telus six years ago, because I had memorized them. I always knew there was something better though:

OpenDNS makes the Internet experience safer, faster and smarter for you and everyone using your network. OpenDNS service is free. OpenDNS makes money by serving clearly labeled advertisements on search results pages where we cannot resolve your intent (i.e., not a known typo).

They have a big cache, and geographically dispersed servers, which should speed up requests. OpenDNS will also identify phishing sites and display a warning message. And finally, they will automatically correct spelling mistakes (I want this feature, though it doesn’t seem to be working for me yet, maybe I have to restart – I already flushed the DNS and restarted the browser…).

I just started using it this evening, so I don’t have much to report yet. I don’t think they’ll make any money off me directly, as I won’t click the ads on their search page, but they might indirectly, as I’ll probably start using their servers when I setup computers and networks for people. Give it a shot if you want.

Read: OpenDNS