[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
davidu at everydns.net
Wed Jul 12 17:23:33 UTC 2006
On Jul 11, 2006, at 10:43 AM, Paul Vixie wrote:
>> ... In fact, I can't imagine a reason why you wouldn't use
>> OpenDNS. ...
> i'll provide four, off the top of my head.
> 1. because i use the for things other than web surfing.
> 2. because i need a reliable source of NXDOMAIN data.
> 3. because i want to keep DNS open to non-web applications.
Thanks for the feedback (as always) and kind comments at the bottom.
I want to point out what we're releasing today in a test form for
greater things to come:
I hope this takes care of issues #1, #2, and #3. This should also
make clear that a Site Finder comparison is inappropriate.
> 4. because i don't want any central authority to see what Q's i'm
Did you mention that to ATT and the NSA? Drop your peering sessions
with them? ;-)
editing it. I also want to make it explicit what we do store and for
how long so you know what we have on file if the DHS comes knocking.
I truly appreciate the discussion here, hopefully those who know me
know this is going to be done right and those who don't will figure
out I do things right. To those of you who have sent me notes and
bugs and ideas off-list, thanks so much. We've fixed a bunch and are
working on the rest we know about.
Back to our regularly scheduled DNSSEC threads... ;-)
> i realize that #1 and #2 marginalize me compared to the unwashed
> who think that the web is the internet or vice-versa, and just want
> porn and their myspace and so on.
> i realize that #4 also marginalizes me compared to the folks who
> use google
> directly rather than sending their queries through proxies. you
> folks also
> probably use a frequent-buyer card at your supermarket, rather than
> the phone numbers of random people to confuse the market research
> but i do not think #3 marginalizes me at all. i am surprised to
> see smart
> ethical folks who ordinarily see all the way to, and often beyond, the
> horizon, launch a service which depends for its revenue on a
> tuple which will discourage new non-web services from using DNS.
> typosquatting is bad for the community, and it doesn't matter
> whether it's
> done with actual NS RRs, or things like TLD wildcards (a la
> sitefinder) or
> in the recursive resolvers (like many ISP's now do, and now opendns
> that having been said, if typosquatting is going to be done,
> opendns is the
> best way to do it among the ways i've seen. kudos to davidu and
> his team
> for the quality of their implementation and the openness of their
> dns-operations mailing list
> dns-operations at lists.oarci.net
More information about the dns-operations