Thanks everyone. Sounds like Open DNS on its own won’t make a huge difference either way from our current setup, although I do need to verify we’re paying for this as we are a for profit company and I was kind of wondering that myself. We use all Cisco routers and switches so for all I know its covered in our Cisco agreement (I don’t mess with the networking stuff) but I will verify. We have offices all over the world on the network, and I have heard sometimes the decision for deciding local content is made at the DNS layer, AKA the IP address returned is for a local site for somewhere like Google, although I think this isn’t as true as it once was. So one thing I need to test is whether remote sites still get localized content even after pointing their DNS servers to filter through Open DNS. Ryan -----Original Message----- From: Blind-sysadmins <blind-sysadmins-bounces@lists.hodgsonfamily.org> on behalf of Scott Granados <scott@granados-llc.net> Reply-To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Date: Thursday, March 3, 2016 at 6:11 AM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] Open DNS in a corporate environment?
So personally, I’ve always run a pair of bind servers and used the DNS system the way it was intended.:) Open DNS isn’t a bad way to go and I know some businesses and schools using it. Never heard anything negative that would scare me away from giving it a try. I have had reliability issues using google’s DNS but not open DNS.
Good luck.
On Mar 3, 2016, at 3:55 AM, Andrew Hodgson <andrew@hodgsonfamily.org> wrote:
Hi,
Recursion is the service you want to use in this scenario, so not sure what you mean by this to be honest. Actually using Simple DNS you will be using the root nameservers anyway.
To answer the original question, I can't see what difference it makes using your nameservers and the root hints will make over using OpenDNS. OpenDNS has some extra features, like blocking specific sites in a database, as well as having a large DNS cache, which can sometimes increase lookup times, but on a LAN with a DNS server, I find this less of an issue, as people tend to visit the same websites, so the sites that are being visited by the users are cached in the local DNS server already.
If you are a business customer, then I think you need to pay them as well. I looked into it a while ago as a replacement to an on-premis filtering product, so we could get filtering across the board for external users as well, but in the end didn't go with it as it was going to be quite expensive, and they were bing taken over by Cisco!
Andrew. ________________________________________ From: Blind-sysadmins [blind-sysadmins-bounces@lists.hodgsonfamily.org] on behalf of Steve Nutt [steve@comproom.co.uk] Sent: 03 March 2016 07:02 To: 'Blind sysadmins list' Subject: Re: [Blind-sysadmins] Open DNS in a corporate environment?
Hi,
I don't use OpenDNS, because it allows DNS recursion, which can slow down lookups potentially. I allow recursion, but only for trusted IPs.
I use SimpleDNS for Windows on a 2012 R2 Windows virtual server.
Each to their own I guess.
All the best
Steve
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Ryan Shugart Sent: 03 March 2016 06:04 To: Blind sysadmins list <Blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Open DNS in a corporate environment?
Hi: Anyone used Open DNS on a business network? Currently our internal DNS servers resolve external queries by just going to the root servers and working from there, but our security guy has it in his head that OpenDNS is a better way to go for some reason. In looking at their web site they do offer some business services that report to block malware by blocking its DNS lookups (until malware writers use IP addresses directly or point to another public DNS server I guess that would work well.) I know quite a few people that use OpenDNS at home and I think it works well, I’m just wondering if its really more secure than just going the route we go today. Thanks. Ryan _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins