Educated Guesswork

« What key length should I use? | Main | BOF Report: WAE »

July 12, 2006

OpenDNS does what for me again?

This Wired article talks about the glories of OpenDNS, a DNS caching service. OpenDNS claims to offer three benefits:

• Performance &em; they maintain a local cache so that name resolution is allegedly faster.
• Anti-phishing &em; they won't resolve the DNS names of known phishing sites.
• Typo-correction &em; if you type a non-existent domain name, it will return a search page with potential results.

Let's talk about the performance claim first:

In return, sites like the notoriously sluggish MySpace.com load significantly faster, thanks to the way OpenDNS caches IP addresses.

The background you need here is that DNS is a distributed database. Resolving a name like www.rtfm.com requires going to the root servers, which point you to the com servers, which point you to the rtfm.com servers, which give you the IP address to www.rtfm.com. Typically, your local name server (either operated by your ISP or by your local IT department) does all of this for you (in what's called recursive) more and then caches the result. So, if you point at OpenDNS rather than your local resolver, there's a higher chance that its cache will be already primed with the response so that you can skip the resolution.

How much of a difference does this make? Not much. First, name resolution is typically very fast, on the order of a second or so, which is much faster than your typical web site. I just tried it from my work address and it took .1s. Second, the result is cached, not only in the local nameserver but also in your browser, so you only get lag when you initially go to a Web site, not when you're clicking around inside it. (Cache expiry times vary but we're talking minutes to hours.)

The second issue is anti-phishing. Basically, what OpenDNS is doing is maintaining a blacklist of sites that it thinks are phishing sites. It then refuses to resolve those names. There are already existing anti-phishing blacklist systems such as Microsoft Phishing Filter, Google Safe Browsing, etc. Because these tools run on the client they can take advantage of other cues about phishing and do a better job than a pure blacklist solution (which tend to get out of date). Given that, it's hard to see what OpenDNS's stuff brings to the party

The final argument is typo-correction (reminiscent of Sitefinder. Again, this is something that's easily done at the client side and Firefox, at least, treats some things typed in the title bar as things that should be searched on (I'm not sure I understand the algorithm here&em;it's certainly possible that there's some extension or whatever that already does this). Anyway, it seems like you'd much rather have the search engine of your choice do this, rather than whatever results OpenDNS decides to give you (including their sponsored results). So, it's not clear what the value of this service is either.

Posted by ekr at July 12, 2006 7:42 AM | Filed under:

Comments

Posted by: David Ulevitch at July 12, 2006 11:14 AM

Posted by: Phill at July 12, 2006 8:48 PM

Posted by: Srijith at July 12, 2006 11:31 PM

Posted by: John Roberts at July 13, 2006 10:04 AM