Re: OpenDNS safer or not?

On Jun 23, 8:47 am, "Sebastian G." <s...@xxxxxxxxx> wrote:
davidu wrote:
And if you use OpenDNS because you *want* this type of
protection, then it's with your consent.
It is within your consent if they add sites on their censorship list which
are not related to phishing at all, and this without your knowledge?

You have no idea what OpenDNS does.

I'd rather say this applies to you.

Sebastian,

Let's be crystal clear right now. You can, with OpenDNS, get standard
RFC compliant DNS with NXDOMAIN's being returned, no phishing
protection, no adult blocking, and nothing else. I understand that
you have ZERO clue what the service does, but I figured you would at
least try and see.

Every administrator that configures OpenDNS decides what functionality
they want. Guess what? Admins love being able to have a simple place
to say "Hey, I want to block myspace.com" and when they do that, it
doesn't affect you in any way. That's the entire point. The DNS
results on the recursive nameserver are modified based on the src_addr
making the requests.


You have no idea that we give you full control over your DNS in a way you
never have before.

And you seem to have no idea how utterly bull*** this is. Not just wrt. to
what OpenDNS does (censorship that is not just limited to proclaimed
phishing hosts), but also how I'm running my very own DNS server (recent
BIND9 with some patches and a well-understood configuration).

What censorship are we imposing? Nobody makes you block a domain.
It's about giving you power and control, not to mention a more
reliable and faster service.


Your comment is like claiming that a firewall is a security risk because
it causes Denial of Service when it prevents you from accessing certain
sites or using some applications.
It is. A firewall shouldn't do such a thing.

Wow. That's exactly what a firewall does.

No, this is not even remotely what a firewall does.

What does it do then?


It presents a barrier based on specified rules.

And the rules are supposed to implement to filter out everything you don't
want to work. If it blocks something that is supposed to work, the firewall
is obviously misconfigured.

What's that have to do anything I said? That statement is a strawman.


And firewalls can and often do work at all layers of the OSI stack.

You may or may not notice that there are various differences between the
internet protocol stack and the OSI model.

Again, a strawman. Before replying, check out what OpenDNS offers and
educate yourself.

Thanks,
David Ulevitch



.