Tech & VC 15 Feb 2007 04:12 pm
OpenDNS Pros and Cons
I started using OpenDNS today. I’m not sure if I like it or not…
Pros: It’s snappy. I feel like I notice a difference in the time it takes for sites to load. The DNS misspelling auto-correction feature works as advertised. I don’t think I need the anti-phishing technology because it’s now built into FF and IE, but I’m glad it’s there for those who are less savvy.
Cons: What are they storing? What am I giving up in the way of privacy by using this services? I’m certain they are storing every DNS query I make along with the originating IP address… so, if I have a static IP address, they are essentially getting my browsing history. That feels like an awful lot to give up just for snappier DNS requests. I wonder if my ISPs DNS service tracks my request history too.
I wish they did one of two things: EITHER, tell me loud and clear that they do not store and track individual DNS requests that then map to IP addresses (so the government can’t subpoena this this information, or worse…). OR, store all the data, but say explicitly that I, THE END USER, own all the data and can host it on my own if I desire.
One of those two steps would make me much more comfortable with the service. That being said, I’m getting a lot of value from it, and I think our aging DNS system is ripe for disruption/improvement. This is a great step in the right direction.
2 Responses to “OpenDNS Pros and Cons”
on 15 Feb 2007 at 4:50 pm 1.David Ulevitch said …
Thanks for the constructive feedback. I know that regardless of what we do with storing data, everyone here agrees we need to be totally transparent about it. For the record, we don’t have any real information on your browsing history, just your DNS history; subtle but important difference.
Thanks for your comments and glad you’re liking it. It’s only going to improve.
on 16 Feb 2007 at 8:15 pm 2.candice said …
>I wonder if my ISPs DNS service tracks my request history too.
It probably ends up in giant logfiles and thrown away after the logrotate cycle.
Pretty much everything else does. Logs of any sort are too disk-intensive to merit keeping for anything other than short-term debugging.
It might not get logged at all, but I haven’t looked at the logging in modern BIND so I couldn’t tell you from actual knowledge whether that is a common default or not. Someone else here could, I’m sure.
I’ve been avoiding setting up authoritative dns for weeks now…