OpenDNS discussion part 2, Developing a solution

June 16, 2013 at 9:10 am Leave a comment

In my last blog post I talked about the advantages and disadvantages of OpenDNS.  The main advantage that I’m concerned with is the filtering, as I have children in the house…  Not to mention that I don’t want to accidentally run across some content that I’m not interested in seeing myself.  The chief disadvantage to OpenDNS is that CDNs (Content Distribution Networks) use Geo-location when they answer DNS servers requesting the IP Address of a server.  This means that when you use OpenDNS and download from iTunes, stream from Hulu, NetFlix or Youtube, or any other of a number of high bandwidth activities, you are talking to one of a group of CDN servers that are located somewhat near the OpenDNS server that you are using for DNS resolution.  For me, this means one of OpenDNS’s East Coast servers, which I believe are located near DC.  Everyone using OpenDNS’s service on the East Coast will be directed to these same CDN servers.  That means there’s a good chance that these servers are busy, which translates to slow downloads, etc.

When you request a DNS name that is in one of your blocked categories, OpenDNS responds with a special IP address.  Your browser goes there, where they redirect you to their block page.  In my testing, this redirection (for filtering) is always the same IP address.  When you type in the name of a non-existent domain, they send back a different IP address.  When you go to a phishing site (like their test phishing site, you get back a 3rd IP address.  I’m not expecting that these addresses never change, however.  It’s likely they have lots of servers that do these jobs, perhaps co-located with the DNS servers you are hitting, or perhaps that have a big pool of them all at their corporate HDQ.

What if you have a DNS server that can perform lookups against OpenDNS servers,  looking for these special “block” addresses, and if they are found, that’s what the DNS client gets back.. But, if the IP of the site (as returned by OpenDNS) doesn’t match one of these “block” addresses, your DNS server checks a close DNS server (like your ISP’s), or performs resolution itself against the root DNS servers, giving you back that IP address, which would be of a Geo-located server that is nearby.

Yes, it will be slower to respond than either method alone, but it will get you the best of both worlds.  You’ll have the advantage of their free (or low-cost) filtering service, plus you’ll get sent to close CDN services, which are probably less busy than the ones everyone else using OpenDNS is hitting.  Is that worth the extra milliseconds it takes to query OpenDNS servers?  That’s up to you.


Entry filed under: Networking. Tags: , , .

OpenDNS and CDN networks OpenDNS discussion part 3, building a custom DNS solution

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


June 2013
« May   Jul »

Most Recent Posts

%d bloggers like this: