After reading this week’s Robert X. Cringley article, I decided to leave a comment, and also cross post my comment to my blog because DNS is something that I’ve always had a fondness for. Failing to read the nearly 100 comments already posted until after writing it, a few of the other individuals wrote similar comments to mine. Oh well, another voice to be heard.
I’ve been reading Cringely for a couple years also now. Most of it great to read, and insightful. But this one was blah at best.
I agree with the comments above. People have tried to create a “secondary” name system to work with the internet, some have worked OK, others have already failed. Just Google for “Alternative DNS” there is plenty to read up on.
Wikipedia Alternative DNS lists a few of such attempts.
I personally do not trust any one company like OpenDNS to “filter” my requests. Especially with the amount of gTLD’s we now have, it’s bound to be quite difficult to police things. DNS should be Open, Distributed, and Automated. Anyone with a copy of ISC Bind, and some knowledge can start their own System. Brining users to the table is the hard part.
I also agree with Bob Kahn, that the name system shouldn’t be generating as much money as it does. But if someone waved that much money in front of your nose, could you honestly say no?
[update] This post’s comments has kind of turned into friendly a dialog with OpenDNS’ VP of Product, John Roberts. –Thanks John.
Related posts:
- You Boob! After reading Cringley's article this week, I finally decided to...
- “Technology is beginning to assail the underlying concepts of our educational system” This weeks Robert X. Cringley is a worthy read. I...
- cringley "It's honest funding," says Frankston. "The current system is like...
- goog reader Do you use the Google Reader? Try accessing it using...
- earthlink reader update well it seems that the earthlink reader is still not...
Related posts brought to you by Yet Another Related Posts Plugin.
5 Comments
The only filter, currently, is phishing… and you may turn that off if you like. Additional filters introduced in the future will likely be features you have to turn on.
Cringely entertains and provokes, as always, but I don’t want OpenDNS to be misunderstood simply because of mentions in the comments.
Cheers,
John Roberts
OpenDNS
Sorry I didn’t mean to insinuate that OpenDNS was an alternative DNS. If you have the time, could you explain how OpenDNS is “Open”? But you are taking any name that not does resolve to an address, or CNAME record, and forwarding this traffic to your own systems, like Verisign/Network Solutions did a couple years ago. Your FAQ does a good job explaining some of this. I personally think this breaks the way DNS was made to work, authorative, or recursive nameserver explanations aside.
[text]
$ dig px.ns1.net @208.67.222.222
; < <>> DiG 9.3.4 < <>> px.ns1.net @208.67.222.222
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 7295
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;px.ns1.net. IN A
;; ANSWER SECTION:
px.ns1.net. 288 IN CNAME fwd.ns1.net.
fwd.ns1.net. 288 IN CNAME playerx.ath.cx.
playerx.ath.cx. 10388 IN A 68.225.53.142
;; Query time: 38 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Feb 23 21:34:56 2007
;; MSG SIZE rcvd: 90
[/text]
fake domain name.
[text]
$ dig sfsdfpx.ns1.net @208.67.222.222
; <<>> DiG 9.3.4 < <>> sfsdfpx.ns1.net @208.67.222.222
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 45681
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;sfsdfpx.ns1.net. IN A
;; ANSWER SECTION:
sfsdfpx.ns1.net. 0 IN A 208.67.219.41
;; Query time: 93 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Feb 23 21:35:01 2007
;; MSG SIZE rcvd: 49
[/text]
One example of where we’re adding intelligence: what other recursive service shows you its cache? CacheCheck — http://cache.opendns.com/
Checking one’s cache is as simple as running a dig against any nameserver, admittedly you’ve made this process easier for the layman with a web based tool for your service.
Are you concerned that with a name like OpenDNS people could confuse this as an Open Source project?
What is OpenDNS’ thoughts on FOSS? Are you using any Free and Open Source Software to run OpenDNS?
With regards to your claims of added speed, how can your nameserver, ~15-20ms further away over the network, provide an answer sooner than the local cache from an ISP? I’m using my provider Cox as example.
[text]
resolver1.opendns.com (208.67.222.222)
64 bytes from 208.67.222.222: icmp_seq=1 ttl=52 time=40.9 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=52 time=39.9 ms
64 bytes from 208.67.222.222: icmp_seq=3 ttl=52 time=45.0 ms
[/text]
[text]
resolver2.opendns.com (208.67.220.220)
64 bytes from 208.67.220.220: icmp_seq=1 ttl=52 time=41.1 ms
64 bytes from 208.67.220.220: icmp_seq=2 ttl=52 time=42.1 ms
64 bytes from 208.67.220.220: icmp_seq=3 ttl=52 time=41.0 ms
[/text]
[text]
ns1.ph.cox.net (68.2.16.30)
64 bytes from 68.2.16.30: icmp_seq=1 ttl=56 time=18.5 ms
64 bytes from 68.2.16.30: icmp_seq=2 ttl=56 time=16.2 ms
64 bytes from 68.2.16.30: icmp_seq=3 ttl=56 time=15.1 ms
[/text]
[text]
ns1.sd.cox.net (68.6.16.30)
64 bytes from 68.6.16.30: icmp_seq=1 ttl=55 time=24.0 ms
64 bytes from 68.6.16.30: icmp_seq=2 ttl=55 time=25.4 ms
64 bytes from 68.6.16.30: icmp_seq=3 ttl=55 time=23.8 ms
[/text]
[text]
ns1.dl.cox.net (68.1.208.30)
64 bytes from 68.1.208.30: icmp_seq=1 ttl=55 time=60.0 ms
64 bytes from 68.1.208.30: icmp_seq=2 ttl=55 time=43.0 ms
64 bytes from 68.1.208.30: icmp_seq=3 ttl=55 time=38.6 ms
[/text]
[text]
; < <>> DiG 9.3.4 < <>> px.ns1.net @68.2.16.30
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 10104
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 1
;; QUESTION SECTION:
;px.ns1.net. IN A
;; ANSWER SECTION:
px.ns1.net. 300 IN CNAME fwd.ns1.net.
fwd.ns1.net. 300 IN CNAME playerx.ath.cx.
playerx.ath.cx. 14400 IN A 68.225.53.142
;; AUTHORITY SECTION:
ath.cx. 84833 IN NS ns5.dyndns.org.
ath.cx. 84833 IN NS ns1.dyndns.org.
ath.cx. 84833 IN NS ns2.dyndns.org.
ath.cx. 84833 IN NS ns3.dyndns.org.
ath.cx. 84833 IN NS ns4.dyndns.org.
;; ADDITIONAL SECTION:
ns1.dyndns.org. 86291 IN A 63.208.196.90
;; Query time: 4303 msec
;; SERVER: 68.2.16.30#53(68.2.16.30)
;; WHEN: Sun Feb 25 15:16:17 2007
;; MSG SIZE rcvd: 206
; <<>> DiG 9.3.4 < <>> px.ns1.net @68.2.16.30
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 8066
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 1
;; QUESTION SECTION:
;px.ns1.net. IN A
;; ANSWER SECTION:
px.ns1.net. 295 IN CNAME fwd.ns1.net.
fwd.ns1.net. 295 IN CNAME playerx.ath.cx.
playerx.ath.cx. 14397 IN A 68.225.53.142
;; AUTHORITY SECTION:
ath.cx. 84830 IN NS ns3.dyndns.org.
ath.cx. 84830 IN NS ns4.dyndns.org.
ath.cx. 84830 IN NS ns5.dyndns.org.
ath.cx. 84830 IN NS ns1.dyndns.org.
ath.cx. 84830 IN NS ns2.dyndns.org.
;; ADDITIONAL SECTION:
ns1.dyndns.org. 86288 IN A 63.208.196.90
;; Query time: 45 msec
;; SERVER: 68.2.16.30#53(68.2.16.30)
;; WHEN: Sun Feb 25 15:16:20 2007
;; MSG SIZE rcvd: 206
; <<>> DiG 9.3.4 < <>> px.ns1.net @208.67.222.222
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 55187
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;px.ns1.net. IN A
;; ANSWER SECTION:
px.ns1.net. 300 IN CNAME fwd.ns1.net.
fwd.ns1.net. 300 IN CNAME playerx.ath.cx.
playerx.ath.cx. 11320 IN A 68.225.53.142
;; Query time: 203 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sun Feb 25 15:16:50 2007
;; MSG SIZE rcvd: 90
[/text]
You'll notice from the TTL entries above, OpenDNS already had my hostname cached, as I tested out the cache service a while ago. Also the first dig against the local ISP cache took longer as it did not have the hostname in it's cache, so I ran a second test to show how long the query and response took.
Here is the dig using my local DNS cache, which is completely local to me, not traversing any other network or router, only a switch or two, and a wireless access point.
[text]
; <<>> DiG 9.3.4 < <>> px.ns1.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 42002
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;px.ns1.net. IN A
;; ANSWER SECTION:
px.ns1.net. 300 IN CNAME fwd.ns1.net.
fwd.ns1.net. 300 IN A 192.168.48.42
;; AUTHORITY SECTION:
ns1.net. 300 IN NS ns1.mdnsservice.com.
ns1.net. 300 IN NS ns2.mdnsservice.com.
ns1.net. 300 IN NS ns3.mdnsservice.com.
ns1.net. 300 IN NS mywhiz.home.ns1.net.
;; Query time: 2 msec
;; SERVER: 192.168.48.1#53(192.168.48.1)
;; WHEN: Sun Feb 25 15:23:37 2007
;; MSG SIZE rcvd: 157
[/text]