Re: OpenDNS safer or not?

davidu wrote:


Is it safer to use OpenDNS as the default DNS, or is it better to use the
one from my ISP?
Safest is to run your own caching DNS server.
With ORSN as root zone and as primary cache for the gTLDs.

Why on earth would you think that's "safer?"


Simple: DNS is constructed that if there's disagreement in the root zone,
then the majority of the root servers dominates. Out of the 13 root servers,
7 are in the USA. Thus the USA can dictate disruption and censorship.

For the gTLDs: Just remember VeriSign's sitefinder. It's really better to
have a backup of such a zone.


We're giving more control and insight into the DNS than anyone ever
has. OpenDNS has done more to secure the DNS in less than a year than
the old guard of the Internet has in the last 20 years.


Utter bull***. OpenDNS has only done three things:
- promoting themselves
- destabilizing the system with additional TLDs not belonging to the ICANN root
- censorship

What exactly did they do for security?

DNSSEC where is it?


Good question. OpenDNS doesn't even work with DNSSEC at all due to a broken
signature chain at the root.

Blocking of botnets, phishing sites, etc at the resolver, at

the edge of the network where it has the most directed impact without
wide-spread repercussions?


Yes, this is exactly what OpenDNS is doing.

ORSN is the last thing on earth to be using. They are a political hedged

bet, nothing to do with security or "safer."

What a nonsense. ORSN is exactly the right approach against the current
problems.

-davidu (from OpenDNS, obviously)

A clueless idiot, obviously.
.