[dns-operations] Too Open (Was: OpenDNS makes your Internet work better

David Ulevitch davidu at everydns.net
Wed Jul 12 17:23:33 UTC 2006

On Jul 11, 2006, at 10:43 AM, Paul Vixie wrote:

>> ...  In fact, I can't imagine a reason why you wouldn't use  
>> OpenDNS.  ...
> i'll provide four, off the top of my head.
> 1. because i use the for things other than web surfing.
> 2. because i need a reliable source of NXDOMAIN data.
> 3. because i want to keep DNS open to non-web applications.


Thanks for the feedback (as always) and kind comments at the bottom.

I want to point out what we're releasing today in a test form for  
greater things to come:


I hope this takes care of issues #1, #2, and #3.  This should also  
make clear that a Site Finder comparison is inappropriate.

> 4. because i don't want any central authority to see what Q's i'm  
> asking.

Did you mention that to ATT and the NSA?  Drop your peering sessions  
with them? ;-)

We have a privacy policy here and I took my time in going over it and  
editing it.  I also want to make it explicit what we do store and for  
how long so you know what we have on file if the DHS comes knocking.

I truly appreciate the discussion here, hopefully those who know me  
know this is going to be done right and those who don't will figure  
out I do things right.  To those of you who have sent me notes and  
bugs and ideas off-list, thanks so much.  We've fixed a bunch and are  
working on the rest we know about.

Back to our regularly scheduled DNSSEC threads... ;-)

David Ulevitch

> i realize that #1 and #2 marginalize me compared to the unwashed  
> masses
> who think that the web is the internet or vice-versa, and just want  
> their
> porn and their myspace and so on.
> i realize that #4 also marginalizes me compared to the folks who  
> use google
> directly rather than sending their queries through proxies.  you  
> folks also
> probably use a frequent-buyer card at your supermarket, rather than  
> using
> the phone numbers of random people to confuse the market research  
> people.
> but i do not think #3 marginalizes me at all.  i am surprised to  
> see smart
> ethical folks who ordinarily see all the way to, and often beyond, the
> horizon, launch a service which depends for its revenue on a  
> <cause,effect>
> tuple which will discourage new non-web services from using DNS.
> typosquatting is bad for the community, and it doesn't matter  
> whether it's
> done with actual NS RRs, or things like TLD wildcards (a la  
> sitefinder) or
> in the recursive resolvers (like many ISP's now do, and now opendns  
> does.)
> that having been said, if typosquatting is going to be done,  
> opendns is the
> best way to do it among the ways i've seen.  kudos to davidu and  
> his team
> for the quality of their implementation and the openness of their  
> launch.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list