Thursday, July 24, 2008

Outsourcing my DNS lookup service to OpenDNS

DNS subsystem is a real headache to manage. You will realize that once you have to tweak the system, especially if you want to incorporate your own filtering/access-blocking rules.

And the DNS Cache Poisoning. It's a real threat.

While I believe my DNS subsystem is quite safe under the good-old djbdns servers, I am now testing the OpenDNS, a DNS cache service provider. One of the good things about OpenDNS is that they even allow a single-IPv4 address network to be individually managed, even it's dynamically allocated, as in most of the cases for non-static-IPv4 users.

If you can trust your ISP for the DNS management, you are on your own. But if you can't or don't, OpenDNS is a good alternative. I notice many ISPs still have not changed their DNS cache servers to prevent the poisoning attack as of today (July 24, 2008); using OpenDNS from such a mobile networking environment will make the whole DNS access much secure.