Veteran Member
Join Date: Jun 2006
Location: Florida
|
Reading around it seems the benefit for using something like Google DNS or Open DNS seems to be a slightly faster Internet experience, but I'm curious about the privacy/security implications. Is there increased security by using a system like this? The only thing I know about DNS is how to change my various domains' nameservers to point to different web hosts. Thanks for the explanations to come.
|
quote |
is the next Chiquita
Join Date: Feb 2005
|
I doubt DNS has anything to do with security. If you want to, think of it as a phonebooks consisting of addresses of various servers.
The difference between ISP's default DNS server and OpenDNS would be same as using a old phonebook printed five years ago against using a current one. Both may still have good addresses for popular & bigger players such as Google, but the older phonebook may have invalid entries that requires even more lookups in other DNS server before you reach the destination. So there's no change to security here. As for privacy, I would think it's a case of switching out from ISP's DNS server to OpenDNS, so your browsing activity is now on a different server, if they do even keep that kind of information. (and I don't know for a fact that they don't or do) |
quote |
Less than Stellar Member
|
OpenDNS provides protection against phishing, so it is a security thing.
I just think that the alternate DNS servers provide for quicker IP lookups. OpenDNS also corrects for common typing mistakes like typing ".rog" for .org or ".ocm" for .com. Dunno about Google DNS. It's new to me. If it's not red and showing substantial musculature, you're wearing it wrong. |
quote |
is the next Chiquita
Join Date: Feb 2005
|
Cool, I must have missed that phishing protection thingy.
|
quote |
Veteran Member
Join Date: May 2004
|
There *have* been security issues popping up in common DNS implementations recently that allow for injection of new info on the sly.
To take your phonebook example, Banana, it would be like a scam artist sneaking in to your house and editing your *new* phonebook to point to his business. But I'm not sure what else it gets you, other than a globally accessible, assumed to be correct and secure, server. Well, that and *MY* ISP (Cablevision) has been playing footloose and fancy free with their damned DNS system recently, doing their "Oh, let us HELP YOU... and show you ads!" crap when I mistype something. Goddammit, if it's a dead site, I want to see a DEAD SITE. Asshats. |
quote |
Veteran Member
Join Date: Jan 2005
|
So is this supposed to be like dyndns? I'm confused.
|
quote |
skates=grafs
Join Date: May 2005
Location: New York
|
No, dyndns is more for updating a certain host computer with varying IP addresses to a single host name, making it easier to find on the internet.
Google Public DNS should just allow your computer to load web pages faster because it promises very fast DNS lookups (host name to IP conversions that are required for loading web pages). |
quote |
I shot the sherrif.
|
Of course, google would also be collecting the information (URL's) that people are typing in, and would likely be able to tie that to the existing google cookie on your machine to know even more about what you do online. /tinfoil hat
I assume they would then try to use that information to supply more relevant ads or sell the ad information, as now they would not only know what search terms you've typed in lately but also where you're going on your own time. Ex. Google would have zero idea normally that I go to AN. I never type "applenova" or anything similar in their search engine. But if I used their DNS servers, they'd know that my machine requested the DNS entry for Applenova. Google is your frenemy. Caveat Emptor - Latin for tough titty I tend to interpret things in the way that's most hilarious to me |
quote |
is the next Chiquita
Join Date: Feb 2005
|
Quote:
I didn't even think it was possible, injecting a different address since I thought DNS is basically a read-only operation- you ask a server for an address and thus it's a matter of trusting that server to be honest. |
|
quote |
I shot the sherrif.
|
Correct. They put their machine between you and the real server and then supply you with bogus data, so that your request never reaches the real DNS server.
|
quote |
Veteran Member
Join Date: May 2004
|
Quote:
|
|
quote |
I shot the sherrif.
|
Call me paranoid, but I don't believe it.
|
quote |
‽
|
|
quote |
is the next Chiquita
Join Date: Feb 2005
|
Hmm. But how? I'm picturing that my ISP server is the first point of contact- it's all what my network knows about- it has to go to the gateway address of the ISP which would then hop to ISP's DNS server (assuming we're using the default here rather than defining OpenDNS). Therefore, they'd have to hijack ISP's gateway and that's pretty far more severe breach than if they were sniffing my packets on a random route to say, Google's server?
|
quote |
‽
|
Quote:
You're right, though: if all servers on the route to the DNS server can be trusted, then the chances of the DNS server being authentic are high. Unfortunately, that doesn't have to be the case. |
|
quote |
I shot the sherrif.
|
"The temporary logs store the full IP address of the machine you're using."
So you hit google's page any time from that IP that and they have your DNS searches tied to the permanent google cookie living on your machine and whenever that IP address overlapped with the DNS queries. Google is your frenemy. Caveat Emptor - Latin for tough titty I tend to interpret things in the way that's most hilarious to me |
quote |
I shot the sherrif.
|
Quote:
See the various Defcon hacks for real life examples of it happening in a very short amount of time. (IIRC one of the hackers replaced all image requests with goatse) Google is your frenemy. Caveat Emptor - Latin for tough titty I tend to interpret things in the way that's most hilarious to me |
|
quote |
is the next Chiquita
Join Date: Feb 2005
|
Quote:
Or at least the DNS server would be on the same network with the gateway server so there's no external hopping to be sniffed. Quote:
Thanks for sharing, alci & chucker. |
||
quote |
‽
|
Quote:
Quote:
|
||
quote |
I shot the sherrif.
|
True, it's not the be all end all etc. for gathering information, but given google's willingness to hand over user information when presented with a warrant (or when asked not so nicely), and the Govt's various programs to monitor piles of online traffic, it does make me nervous.
Google is your frenemy. Caveat Emptor - Latin for tough titty I tend to interpret things in the way that's most hilarious to me |
quote |
Veteran Member
Join Date: Jun 2006
Location: Florida
|
So, basically the only upside to these systems is a potential speed increase while browsing. There's a potential for increased ad generation and browsing habit sharing, but it's not really known. There's no benefit with respect to security. Did I sum it up correctly?
|
quote |
Veteran Member
Join Date: May 2004
|
In some cases it's worth it just because your ISP's DNS entries are terrible. This happened to my gf, who is on Time Warner cable. I changed her router's dns entries to the OpenDNS numbers, and voila - it was like unclogging a sink.
|
quote |
M AH - ch ain saw
Join Date: May 2004
|
I'm thinking of switching away from Time Warner's DNS, too - what do you guys recommend OpenDNS or Google DNS?
|
quote |
Custom User Title
Join Date: Jul 2006
Location: At home
|
Using it right now. It's fast !!
There's no "openDNS google results" page either so a 404 is 404, wich is great. |
quote |
Travels via TARDIS
Join Date: Aug 2005
Location: Earthsea
|
I wonder how long it will take an ISP to do something really nasty and try to re-route connections to Google's DNS server addresses back to their own. I wouldn't put it past 'em.
An inbound DNS connection from a customer's system to 8.8.8.8? Well, we'll just route that packet to this machine over here instead. Apparently I call the cops when I see people litter. |
quote |
Custom User Title
Join Date: Jul 2006
Location: At home
|
Isn't it illegal ? I mean, you're asking for something you pay for but get something else instead (And I guess without any warning).
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
I've used OpenDNS for a few years now and love it. Sure I don't like the ads they throw up there when I miskey a URL, but the security features are great. I have now subscribed to their "Deluxe" service so I don't get the ads anymore. It's was $10 a year I think, something insignificant to say the least.
My main reasons for using OpenDNS aren't the DNS routing as much as traffic control and monitoring. Since my home network is paired with my account on OpenDNS I can set it so you can't get to MySpace at all on my home network. Once the DNS system attempts to pull it the site is blocked. I have also blocked most ad sites and banners through OpenDNS. Porn, Hate and malicious sites are also blocked by category. Sure this doesn't block all of them, but it sure does limit them. Well worth the effort to set up if you asked me. Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Senior Member
Join Date: Feb 2005
|
I think another reason people get OpenDNS is that there is option you acn select where they block access to adult sites. I don't know how good it works though. For adults its not an issue but if you have kids.... I can see how it would work much better than a netNanny type program IF they update the DNS fast enough so that rated X sites are never resolved... Wondering how they treat torrents....
JTA |
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Quote:
http://www.icann.org/en/topics/new-g...24nov09-en.pdf Quote:
Quote:
The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
|||
quote |
Stallion
Join Date: Feb 2006
Location: Milwaukee
|
I feel like my browsing experience has been slower since trying this. Fudgesicles.
|
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Google secretly reveals new browser project: Google Chrome | Brad | General Discussion | 62 | 2008-10-28 15:16 |
please explain 'class' in PHP | nassau | Programmer's Nook | 12 | 2006-07-13 13:36 |
Can someone explain iPhoto to me? | solinari6 | Apple Products | 20 | 2005-04-19 10:06 |
Can someone explain this in Activity Monitor to me? | jimdad | Genius Bar | 3 | 2005-01-15 15:31 |
Can someone explain this? (Strange CPU usage) | DMBand0026 | General Discussion | 6 | 2004-08-07 18:49 |