[SLL] who is randomizing DNS source ports? deploying DNSSEC?

[Derek Simkowiak]

    Brian,
    That particular OpenDNS resolution (re: www.google.com) has been in 
place since May of last year.  A public forum discussion about it -- 
hosted by OpenDNS -- is here:

http://forums.opendns.com/comments.php?DiscussionID=226

    In that forum, you'll see that there were many people who were upset 
about it.  I'm not particularly happy about it, but if you get a free 
OpenDNS account, you can disable the "feature" that makes this happen.

    OpenDNS explained why they do this with Google, including answering 
several questions about privacy concerns.  That explanation is here:

http://blog.opendns.com/2007/05/22/google-turns-the-page/

    The whole situation is a big turd all around, but I am satisfied 
with OpenDNS's explanation.  (I have yet to see an explanation from Google.)

Brian> /Do you want to relay all your searches through them?/

   Yes.  The enduser features (content filtering, "shortcuts", phishing 
protection, and -- if you enable it -- traffic monitoring) are well 
worth the Google-indirection annoyance for me.

    As a company, OpenDNS is extremely privacy oriented, and they are 
all about a "free internet".  Their content filtering is based on 
community contributions and peer review, for example.

Brian> /Wonder what they're doing with it.  Or injecting in it. /

    Their privacy policy states what aggregate information they collect, 
and what they do with it.

http://www.opendns.com/privacy/

    As far as injecting, I haven't seen anything other than the Google 
thing, but I know that they filter plenty of AdWare ads for me (because 
I configured my account that way).  That alone is worth it to me.

    Of course, no 3rd party is as trustworthy to me as me.  But in an 
Internet age ruled by the likes of Comcast, Verisign, and ICANN, I'm 
perfectly happy to use the services of a company like OpenDNS.

--Derek

Brian Hatch wrote:
> Relatively near to 2008-07-25 14:59 -0700, Derek Simkowiak alleged:
>
>   
>> I'm currently using OpenDNS, because my corporate clients want to 
>> filter pr0n (mostly due to liability concerns).  OpenDNS is infinitely 
>> better than NetNanny (and similar), and it also protects Outlook users 
>> from phishing domains.  The web-based GUI tools are quick and easy, and 
>> the price is right (it's free).
>>     
>
> And it doesn't provide accurate domain resolution.
>
>   $ host www.google.com 208.67.220.220
>   www.google.com is an alias for google.navigation.opendns.com.
>   google.navigation.opendns.com has address 208.67.216.230
>   google.navigation.opendns.com has address 208.67.216.231
>
> Do you want to relay all your searches through them?  Wonder
> what they're doing with it.  Or injecting in it.  Wonder
> what they'll hijack next week.
>
>
>