NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: Karoo is DNS hijacking

On Mar 27, 2008, at 2:18 AM, Colin May wrote:

As usual when this happens, we see our numbers grow (in this case, our
UK account signups).

I was curious about this - from what I can see (based on the OpenDNS website
'Features' page and by doing some tests using dig) OpenDNS is no better than
the other ISPs/DNS Service Providers identified as hijacking DNS.

You didn't do a good job reading. There is no similarity at all.

If you're talking about us not returning NXDOMAIN, that's not true. Customers who want NXDOMAIN responses get them. The VAST majority of our customers, which includes 10's of 1000's of schools and businesses don't need them, or just set them up for their mailserver. We have a full web-based management system for IT administrators and parents to manage their DNS. T

The fact that we make money by showing search results when a domain isn't found is no different from how Google or Yahoo make money. And just like Google and Yahoo, people are *choosing* to use OpenDNS.

This is revolutionary stuff -- we've done more to secure the DNS in the last year than any other DNS operator has since it was invented.

After an ISP starts hijacking DNS NXDOMAIN responses and you see your
numbers grow, do they then start to churn down again after people realise
that OpenDNS are really no better an alternative?

Of course not.

(I appreciate there may
be features in the OpenDNS service offering but these days web browsers also
offer things like phishing warnings etc).

Indeed most of them use our data -- we run PhishTank: http://www.phishtank.com/friends.php

Managing the DNS on your network is just as important as having a last- line-of-defense in your browser. Security is about layers of protection.

[ OpenDNS isn't hijacking anything! OpenDNS is a fully opt-in
service that users voluntarily choose to use by setting the OpenDNS
servers in their systems.

DNS hijacking is best defined by environments that divert users' DNS
requests in some way *without the users having requested such
a service* (e.g., either opt-out only or no opt-out available).

There's a big difference.

Agreed 100%. Thanks. We're still dealing with this common misunderstanding of our service, even two years after we started the company and with millions of happy users.

I guess I need to hire a new marketing gun. :-)