Re: OpenDNS safer or not?

davidu wrote:


Let's be crystal clear right now. You can, with OpenDNS, get standard
RFC compliant DNS with NXDOMAIN's being returned, no phishing
protection, no adult blocking, and nothing else.


I didn't manage to get such a behaviour. Can you enlighten me a bit?

The DNS results on the recursive nameserver are modified based on the src_addr
making the requests.


Which is even more stupid.

You have no idea that we give you full control over your DNS in a way you
never have before.
And you seem to have no idea how utterly bull*** this is. Not just wrt. to
what OpenDNS does (censorship that is not just limited to proclaimed
phishing hosts), but also how I'm running my very own DNS server (recent
BIND9 with some patches and a well-understood configuration).

What censorship are we imposing?


"we"? Anyway, I already mentioned some well-known examples (which might also
be related to OpenDNS's peering partners which filter various DNS requests).

It's about giving you power and control, not to mention a more
reliable and faster service.


It's doing what? Excuse me, but how should this work?

It presents a barrier based on specified rules.
And the rules are supposed to implement to filter out everything you don't
want to work. If it blocks something that is supposed to work, the firewall
is obviously misconfigured.

What's that have to do anything I said? That statement is a strawman.


And it's precisely a counter-argument to the BS you're writing.

And firewalls can and often do work at all layers of the OSI stack.
You may or may not notice that there are various differences between the
internet protocol stack and the OSI model.

Again, a strawman.


And a counter-argument. Now, how exactly do you block Skype with a firewall?
.