OpenDNS

I am thinking of switching our business over to openDNS for our external DNS resolution. I found this site which I think really helped me make the decision to explore it: Google Public DNS vs OpenDNS vs Your ISP’s DNS – measuring performance The BrowserMob Blog (mostly the utility at the bottom).

Have any of you done this before? We have about 60+ users. The other admin is on board with it (which actually helps ).

I read this thread as well. Sounds like it should be cake to set up:
http://forums.opendns.com/comments.php?DiscussionID=3357

After looking into a bit more, I am really liking what I am seeing. I can't think of a reason why we should rely on our ISPs DNS server. DNSCurve seems super sexy.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

ehnde

I've used it at home. It's an easy way to keep the kids off of things they shouldn't be looking at. Does your company policy compel you to restrict employee browsing, or are you considering opendns for other reasons?

If DNS performance is your biggest concern I'm sure you know very well benchmarks are relative to your location. This is an interesting little tool: GRC's|DNS Nameserver Performance Benchmark

Bl8ckr0uter

ehnde wrote: »

Does your company policy compel you to restrict employee browsing, or are you considering opendns for other reasons?

We do restrict access and we want it even more restricted.

ehnde wrote: »

If DNS performance is your biggest concern I'm sure you know very well benchmarks are relative to your location. This is an interesting little tool: GRC's|DNS Nameserver Performance Benchmark

Awesome tool. +Rep. I think I might try to talk to the sales team to get a quote going.

veritas_libertas

I use OpenDNS wi/Astaro Security Gateway. The combination works great for my home. I really like how well OpenDNS works and they seem to keep on top of any new DNS vulnerabilities.

crrussell3

I switched to OpenDNS here at work (free version) for 350 users, and it works great. We use it along with ISA/TMG for content filtering. Only had one snag with Community Domain Tagging where a health care product company got tagged as pornography so we couldn't view their website, send them emails, etc (added to the white list).

I also use it at home, and every friend/family member/after hours computer job I switch over if I can. No complaints so far.

it_consultant

I moved from open DNS to google DNS when my web filter was having trouble resolving some blacklists it was trying to check. Of course, there are no web users in my internal datacenter environment, so there isn't any concern about nefarious web browsing.

Bl8ckr0uter

crrussell3 wrote: »

I switched to OpenDNS here at work (free version) for 350 users, and it works great. We use it along with ISA/TMG for content filtering. Only had one snag with Community Domain Tagging where a health care product company got tagged as pornography so we couldn't view their website, send them emails, etc (added to the white list).

I also use it at home, and every friend/family member/after hours computer job I switch over if I can. No complaints so far.

I didn't think you would be able to use that as a solution for that many people. I mean the free version. Don't you have to pay if it is a smb?

it_consultant wrote: »

I moved from open DNS to google DNS when my web filter was having trouble resolving some blacklists it was trying to check. Of course, there are no web users in my internal datacenter environment, so there isn't any concern about nefarious web browsing.

As far as I can tell, google dns doesn't give you any "features" besides fast resolution (which is a good thing). Using this tool (mentioned in this thread) GRC's|DNS Nameserver Performance Benchmark I have determined that google dns is slower than opendns but both are faster than our current wan DNS plus our ISP doesn't support DNSSEC.

EDIT:

Talked to my boss. She is on board, especially after she saw my performance graph

crrussell3

Bl8ckr0uter wrote: »

I didn't think you would be able to use that as a solution for that many people. I mean the free version. Don't you have to pay if it is a smb?

As per this forum post response by an OpenDNS employee (OpenDNS Community > Forums > Free account OK for business and NPO use?), they say you can use the free version for a Business, no matter the size, you are just limited by the features of the free version.

Now if you want to allow granular control/access, you would need to upgrade to the paid version, which we don't really have a need for. We just wanted to block specific categories as a whole (proxy, ****, ad, etc).

Bl8ckr0uter

Awesome. That's really something we are going to have to think about.

I think we need some of the advanced features (fine tuned controls and reporting being the major ones) as well as "mobile features" (which could be a huge selling point for me to my boss. I am calling to get a quote as we speak. It would be nice to get enterprise but we could just go with free. After all, it is 120% faster than our current DNS servers.

Bl8ckr0uter

We ended up going with Opendns enterprise. So this is going to be a fun short project to do for the next few weeks.