OpenDNS does what for me again?

| Comments (4) |
This Wired article talks about the glories of OpenDNS, a DNS caching service. OpenDNS claims to offer three benefits:
  • Performance &em; they maintain a local cache so that name resolution is allegedly faster.
  • Anti-phishing &em; they won't resolve the DNS names of known phishing sites.
  • Typo-correction &em; if you type a non-existent domain name, it will return a search page with potential results.

Let's talk about the performance claim first:

In return, sites like the notoriously sluggish load significantly faster, thanks to the way OpenDNS caches IP addresses.

The background you need here is that DNS is a distributed database. Resolving a name like requires going to the root servers, which point you to the com servers, which point you to the servers, which give you the IP address to Typically, your local name server (either operated by your ISP or by your local IT department) does all of this for you (in what's called recursive) more and then caches the result. So, if you point at OpenDNS rather than your local resolver, there's a higher chance that its cache will be already primed with the response so that you can skip the resolution.

How much of a difference does this make? Not much. First, name resolution is typically very fast, on the order of a second or so, which is much faster than your typical web site. I just tried it from my work address and it took .1s. Second, the result is cached, not only in the local nameserver but also in your browser, so you only get lag when you initially go to a Web site, not when you're clicking around inside it. (Cache expiry times vary but we're talking minutes to hours.)

The second issue is anti-phishing. Basically, what OpenDNS is doing is maintaining a blacklist of sites that it thinks are phishing sites. It then refuses to resolve those names. There are already existing anti-phishing blacklist systems such as Microsoft Phishing Filter, Google Safe Browsing, etc. Because these tools run on the client they can take advantage of other cues about phishing and do a better job than a pure blacklist solution (which tend to get out of date). Given that, it's hard to see what OpenDNS's stuff brings to the party

The final argument is typo-correction (reminiscent of Sitefinder. Again, this is something that's easily done at the client side and Firefox, at least, treats some things typed in the title bar as things that should be searched on (I'm not sure I understand the algorithm here&em;it's certainly possible that there's some extension or whatever that already does this). Anyway, it seems like you'd much rather have the search engine of your choice do this, rather than whatever results OpenDNS decides to give you (including their sponsored results). So, it's not clear what the value of this service is either.



Respect your opinions a lot, so thanks for sharing them.

These are just the first of many features we want users to be able to control and manage. While your points are well taken, you'd be surprised at just how bad some ISPs and networks are at operating a recursive cache.

I appreciate your feedback and hope you'll keep checking it out.

In regards to the Site Finder comparison: like everything else we do, it's optional.


OpenDNS is more likely to be useful in cases where you have a problem with the DNS provision being advertised on your local net.

OpenDNS should mention this somwehere as a disclaimer - "For us, US is the world".

Couple of examples of how fast my ISP's query lookup is, compared to OpenDNS's (both produced same ANSWER SECTION):

dig @
;; Query time: 184 msec

;; Query time: 35 msec

dig @
;; Query time: 243 msec

;; Query time: 208 msec

Srijith (and others),

We know quite well that we're not yet global, and we should be. A London location will come online in ~10 days, which should help enormously for you in Amsterdam.

Read this post:
I'm very clear (I hope) in explaining how aware we are of the world in World Wide Web. This is day four for OpenDNS, so we'll keep moving.

John Roberts

Leave a comment