A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.
It's fast and free.
processing...Retrieve Sign In
Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.
processing...Welcome to Webmonkey
- edit articles
- add to the code library
- design and write a tutorial
- comment on any Webmonkey article
Sign In Information Sent
Set Up OpenDNS
/skill level/
/viewed/
Few of us spend much time thinking about the internet's domain name system: the architecture which invisibly translates a browser's request, like "wired.com," into the numeric IP address where the site is hosted.
Yet, despite being largely transparent, the DNS system is not without its problems. Security researcher Dan Kaminsky recently discovered critical a vulnerability in some DNS servers. Despite trying to keep the information under wraps until a patch could be released, the attack leaked out and venders scrambled to patch their servers.
The DNS flaw that Kaminsky discovered allows a hacker to conduct a "cache poisoning attack" that could be accomplished in about ten seconds, allowing an attacker to fool a DNS server into redirecting web surfers to malicious web sites.
The problem is, how do you know your ISP has applied the patch? There's really no way to know, short of watching for an e-mail update or press release. But the news isn't something most venders would want to advertise -- "uh, sorry, but it turns out our servers are insecure and might make you vulnerable to very simple attacks you'll never notice."
Fortunately there is a solution: Bypass your ISP's DNS server and use a service like OpenDNS, which was one of the few DNS venders not affected by this latest bug. Because OpenDNS uses a number of security enhancements above and beyond what your common ISP is likely to employ (like source port randomization) it wasn't affected by the bug Kaminsky discovered.
Not only does OpenDNS offer a more secure setup, it's free, you get a host of advanced features and it just might be significantly faster as well.
Contents |
Introducing OpenDNS
Put simply, OpenDNS is safer and faster DNS replacement. Set up is not much more difficult than setting up a POP e-mail account and you get quite a few extra features as an added bonus.
OpenDNS provides niceties like spelling correction. For instance, type "wordpres.org" when you meant "wordpress.org" and OpenDNS automatically corrects and redirects. OpenDNS also caches IP addresses so it doesn't have to do a fresh look up every time you request a page, which results in faster load times.
Other power user features include the ability to set network-wide keyboard shortcuts (always heading to the Webmonkey homepage? Set up a keyword shortcut and all you need to type is say, "m" and OpenDNS will take you straight to webmonkey.com), phishing blacklists to keep you out of trouble and IP blocking to prevent users from accessing sites you don't want them visiting.
Getting Started
There are two main ways to set up OpenDNS. First off you can set it up for just a single computer -- if you've only got one PC plugged directly into your cable/DSL modem this would be the way to go.
However, these days most of us probably have some sort of router between the modem and our PCs. Let's take a look at how to set up OpenDNS with a router.
The first step is to sign up with OpenDNS -- don't worry, it's painless and free. Once you have an account you need to configure your router to use the OpenDNS DNS servers rather than the defaults your ISP provides.
Most routers have some kind of web-based configuration panel, for instance, Linksys routers can be accessed at http://192.168.1.1. Check your router's documentation to see where the config screen lives, or consult the OpenDNS site which provides specific instructions for about a dozen different routers.
Once you've logged into your router's config panel, the settings you want to look for are the "Static DNS Server" settings. Chances are those fields are currently blank, but if not, write down your current DNS settings before switching them over to OpenDNS in case you want to return to your old settings for any reason.
Now just plug in OpenDNS's addresses, which are 208.67.222.222 and 208.67.220.220. If your router has space for more than two addresses just leave the extra spaces blank.
Now save your settings. Your router will most likely reboot and once it's done you should head to the OpenDNS test page and make sure that you are in fact using the OpenDNS servers.
And that's it, you're done.
Advanced options
Now you're safe from the DNS bug and you can login to your OpenDNS account to configure some advanced options (just click the Dashboard link at the top of the site).
The OpenDNS dashboard has links to all the cool features -- setup keyword shortcuts, block domains, see network statistics and even enable dynamic IP updating.
You maybe wondering how OpenDNS makes any money giving all this stuff away. The answer is that every time the site you're looking for doesn't exist (or encounter a DNS error) OpenDNS dumps you on a custom page complete with Google ads. The page also includes a customized Google search page which can be used to search for whatever site you were looking for.
If you are setting OpenDNS up for your company, you can customize the error page with your company's logo or any other branding you want. There are also controls for customizing blocked site messages, phishing block pages and more.
Custom router setups
While OpenDNS is pretty easy to set up and the site has great instructions for most stock routers, what if you're using a custom router firmware like Tomato or DD-WRT? In that case setup can be a little more difficult. With the DD-WRT firmware in particular you may have a little trouble getting it to play nice with OpenDNS.
Fortunately there are some DD-WRT forum posts on the subject and a couple of tips on the OpenDNS site as well. The solution depends on what version of DD-WRT you're using so be sure to have that info on hand before you start searching.
Conclusion
OpenDNS provides an easy way to sidestep the latest DNS bug. Of course there's no guarantee there won't be a flaw in the DNS setup that OpenDNS uses at some point, but at least you'll know about it since you control most of your DNS settings.
And the fact that you get spelling corrections, phishing protection, IP black/whitelists and a faster browsing experience... Well, it's just the icing on the cake.
Suggested readings
OpenDNS Updater: A Free And Easy Way Update IP Changes
OpenDNS Offers Keyword Browsing Shortcuts
/related_articles/
Special Offer For Webmonkey Users
WIRED magazine:
The first word on how technology is changing our world.
Registration on or use of this site constitutes acceptance of our User Agreement (Revised 4/2/2009) and Privacy Policy (Revised 4/2/2009).
Wired.com © 2009 Condé Nast Digital. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast Digital.