A beginners guide to DNS and OpenDNS

[+Warwagon MVC]

A beginners guide to DNS and OpenDNS

Welcome to the wonderful world of OpenDNS. You are probably wondering what the heck is OpenDNS? In fact what the heck is DNS?

Think of DNS like a gigantic Internet phone book. Every ISP (Internet Service provider) has one. Every website that you connect to has a number associated with it. It's called an IP address. Think of it as a websites phone number. A website can have a bunch of numbers or it can just have one number and sometimes those numbers can change.

Let's take Google for example. People know Google as www.google.com. A computer knows Google as 208.69.36.230 or 208.69.36.231. In the very early days of the internet they didn't want people to have to type in long numbers just to get to a website. So they created "Domain names" like .com .org .gov and the list goes on. This makes it simpler for human brains to remember internet addresses.

Only problem is, we have to be able to use the website name, while the computer has to be able to use the website IP address (number). This is where DNS server was born. When you type in www.google.com into your web browser the computer checks the phone books (DNS server) and say's hey look www.google.com's phone number is 208.69.36.2230 and proceeds to connect to the website.

Now let's imagine you had a DNS server that knew about websites online that could harm your computer and removed them from the phone book so your computer couldn't connect to them.

Welcome to OpenDNS.

OpenDNS is a free DNS server you can use instead of the one provided by your ISP. It has many benefits.

It's Faster - Sometimes it can be faster than the DNS server you already use. Think about it, if your ISP has a slow DNS server then the time it takes your computer to located a websites phone number could slow you down your internet web browsing. It would only be a few milliseconds, but a few milliseconds here and there can add up.

It's Safer - It allows you to specify which sites or whole categories you want it to filter from the phone book. Let's take porn for example. Because it's a DNS server it knows about every porn website on the internet. So you just tell it, "Filter all porn websites" It then removes all the porn websites from its phone book so you can no longer connect to them. That is just one of many types of sites you can block. You can block sites that contain ad-aware (nasty stuff that could infect your computer), Phishing sites (the kind of site that tricks you into thinking they are your bank). Want to block your children's access to Facebook or Myspace? No problem just tell it to block social networking sites :)

I'm not going to say it will block EVERY website in every category. It only blocks what it knows about. For phishing websites it only blocks what has been reported to them by other people. But it is still MUCH safer than browsing the internet using the DNS server provided by your ISP.

Configuring your computer to use OpenDNS.

XP

1) Open the control panel (Start / control panel or start / setting control panel)

2) Double click on Network connections (If you do not see it listed then click on "Switch to classic" view in the top left side of the control panel)

3) Right click the network adaptor you wish to apply OpenDNS to. Usually it's the one labeled "Local Area Connection".

4) Left Click Properties.

5) Under "This connection uses the following items" double click on the one labeled "Internet Protocol (TCP / IP).

6) At the very bottom of the Internet Protocol (TCP / IP) Properties box put a dot in the box labeled "Use the Following DNS server addresses"

7) 2 boxes will now become active. "Preferred DNS server" and "Alternate DNS server". Each box requires a different set of numbers. Use the numbers below

Preferred DNS Server- 208.67.222.222 (remember to hit the space bar after you type 67 otherwise it gets all confused)

Alternate DNS server - 208.67.220.220

8) Click OK and then OK again.

That's it. Now that our computer is using OpenDNS lets configure it. Skip to the section Configuring OpenDNS.

Windows Vista.

1) Open the control panel (Start / control panel or start / setting control panel)

2) Double click on Network and Sharing Center (If you do not see that listed then click on "Switch to classic" view in the top left of the control panel)

3) On the top left side of the screen left click "Manage network connections"

4) Right click the network adaptor you wish to apply OpenDNS to. Usually it's the one labeled "Local Area Connection".

5) Left Click Properties. Then click Continue

6) Under "This connection uses the following items" double click on the one labeled "Internet Protocol (TCP / IPv4).

7) At the very bottom of the Internet Protocol (TCP / IPv4) Properties box put a dot in the box labeled "Use the Following DNS server address"

8) 2 boxes will now become active. "Preferred DNS server" and "Alternate DNS server" each box requires a different set of numbers. Use the numbers below

Preferred DNS Server- 208.67.222.222 (remember to hit the space bar after you type 67 otherwise it gets all confused)

Alternate DNS server - 208.67.220.220

9) Click OK and then OK again.

That's it. Now that our computer is using OpenDNS lets configure it. Skip to the section Configuring OpenDNS.

OS X Leopard (Thanks to thefarewellnote)

1 . Go to System Preferences

2. Click on Network

3 . Select Your Network (Airport or Ethernet) and click Advanced

4. Select the DNS tab and add 208.67.222.222 and 208.67.220.220 to the list of DNS servers. Click OK

That's it. Now that your computer is using OpenDNS lets configure it!

Configuring OpenDNS.

1) Open up the web browser of your choice and type www.OpenDNS.com in the address bar and press enter.

2) At the very top of the OpenDNS website left click on "Create account"

3) Fill out the information on the page and when you are finished press the "Create Account" button.

4) Check your email. You should receive an email from OpenDNS in the next 1-10 mins. Open the email and click the link provided.

In this next section we will be telling OpenDNS what your computer's IP address (Phone number) is. We do this so when you tell OpenDNS to filter out websites it knows which computer to filter it for.

1) Left click on the "Networks" button on the top of the screen.

2) Click the "Add This Network" button.

You should now see "You've successfully added a network!. Just a few more steps and your home"

4) In that new box Left click "OpenDNS updater for Windows"

5) A download box will appear. (for internet explorer tell it to run / for firefox tell it to save file.)

6) Once the file gets done downloading run the file and follow the direction to install it.

The phone number of your computer never stays the same forever. So when your computers phone number changes, this program will update the records of OpenDNS. This way it will always knows your new number and thus keep you protected.

7) Once you are done installing the application and if it doesn't automatically open double click the new OpenDNS shortcut on your desktop.

8) Fill out the "OpenDNS username" and "OpenDNS Password" that you selected when you created your account.

9) Left click on the Preferences tab and click the button labeled "Install as service" this will insure the application will run in the background from the moment you turn your computer on.

10) Press ok.

We are just about done. Now all we need to do is go back to the OpenDNS website and tell it which sites we want to filter.

Setting up Filters.

1) The OpenDNS website should still be open on the bottom of the screen. If you closed it you can go back to www.opendns.com and log back in.

2) Left click on the "Settings" tab.

3) On the left hand side of the screen click "Content Filtering"

4) On the right hand of the screen left click on "custom".

Here is the list of categories that OpenDNS will block. Put a check mark next to the ones you want to block. I would strongly recommend you block at lease "Ad-aware and Parked Domains, even if you decide to block nothing else.

5) Once you have chosen your list you can left click the apply button. Nothing you do here is set in stone. You can always log back into the website at anytime and modify your selection. Please allow 3 mins for the categories you choose to take in effect.

That's it! You are now figured to use OpenDNS. Enjoy!.

Edited April 29, 2009 by warwagon

[HawkMan]

While you are writing about it, why not include the negative points of OpenDNS as well, and not just the positives ?

[That Guy Veteran]

Only had a quick look, but it's a nice guide! OpenDNS now prevents Conficker from phoning home too, as well as providing a SmartCache service.

I've never had a fault with them, although for those on dynamic IPs it is somtimes a little tricky to set up.

[+Warwagon MVC]

While you are writing about it, why not include the negative points of OpenDNS as well, and not just the positives ?

I've never had any negative experiences.

Only had a quick look, but it's a nice guide! OpenDNS now prevents Conficker from phoning home too, as well as providing a SmartCache service.

I've never had a fault with them, although for those on dynamic IPs it is somtimes a little tricky to set up.

I talk about setting that up via the OpenDNS updater. It updates your IP address to OpenDNS if it changes. I have it running on my server so I never see it.

[thefarewellnote]

Nicely wrote. Liked how you covered what DNS was at the start.

Here is the settings on Leopard OS X - your forgot us Mac nerds

OS X Leopard

1 . Go to System Preferences

2. Click on Network

3 . Select Your Network (Airport or Ethernet) and click Advanced

4. Select the DNS tab and add 208.67.222.222 and 208.67.220.220 to the list of DNS servers. Click OK

[Guest]

Unfortunately OpenDNS seems to hamper my torrent speeds significantly :(

But nice guide.

[Sethos]

Unfortunately OpenDNS seems to hamper my torrent speeds significantly :(

But nice guide.

Can an alternate DNS adress really effect torrent speeds or download speeds in general :blink:

[Guest]

Can an alternate DNS adress really effect torrent speeds or download speeds in general :blink:

Apparently so. I wasn't sure if it was the problem at first either, but it became apparent as soon as I reverted to my ISP servers.

[Sethos]

Hmmm, that's news to me - Haven't effected my overall speeds in the slightest.

[08993]

There is a pretty big drawback to OpenDNS though, Privacy.

I have a dynamic IP and use the OpenDNS updater, so basically my defined network in the OpenDNS settings gets tags on the IP. However, there are of course other people using my IP as assigned by my ISP, but because the IP is linked to my Network if they use OpenDNS (maybe they don't even know they are using it) I can see where they go using the OpenDNS stats feature (Top Domains, unique IP's).

I've tracked a Nigerian, and I kid you not they like eBay :) They also visit some Nigerian social network thing. I could theoretically watch my Top Domains list and report them if they visited anything naughty. They could do the same to me, however because I use the OpenDNS updater I usually assign the IP to my OpenDNS network within seconds. I could also block the domains other people visit who happen to have the same IP as me and use OpenDNS.

[HawkMan]

I've never had any negative experiences.

Well you could have mentioned that for the majority of the world, using OpenDNS will most likely cause dns lookups to be slower, unless you for some reason have absolute **** ISP/DNS servers.

Then there's the features of OpenDNS, where it may block more than you want if you use those features (which would be the only reason to use it over your ISP DNS if you're no American or a londoner).

And then there's the fact that their blacklists are user controlled. whitelists/blacklists should NEVER be user controlled. then you get situations like the one we had on this very site where on of the OpenDNS volunteer moderators came here to recruit people to vote for his suggestions to add MSN plus website to the adware/malware black list. he failed, maybe because picking neowin as his ground for finding allies was a bad choice (I'm hoping it was because the majority of neowin users are to smart to go with crap like that). But imagine what religious cults could do. Those crazy people have enough people in them to get anything they don't like black listed. Open source zealots, more than enough people willing to sell their soul to black list some MS and Apple sites. and Apple and MS fanboys are no better.

[MagicFingers]

Well you could have mentioned that for the majority of the world, using OpenDNS will most likely cause dns lookups to be slower, unless you for some reason have absolute **** ISP/DNS servers.

Then there's the features of OpenDNS, where it may block more than you want if you use those features (which would be the only reason to use it over your ISP DNS if you're no American or a londoner).

{Paragraph about user controlled blacklists...}

Well, you must have a fantastic ISP that has great DNS servers, because I've (and anyone else I've setup with this) had nothing but improved lookup times with this.

Pretty sure you can control what types of sites it blocks for you... (not sure what difference it makes if you are an American or a Londoner.(whatever that means, I know of at least 3 places in the world called London))

No service is perfect, but I would say in my opinion, for anyone online that isn't a power user of any kind, this is something to help them for reliability, and safety....

IMHO of course....

[brentaal]

(not sure what difference it makes if you are an American or a Londoner.(whatever that means, I know of at least 3 places in the world called London))

What he's trying to say is - unless you're from the UK or the US, OpenDNS servers will be much further away than your ISP's servers.

Personally, I gave OpenDNS another try a couple of days ago, but surfing felt generally slower and I had my brother complain how he can't access some of the websites he regularly visits.

[+Warwagon MVC]

What he's trying to say is - unless you're from the UK or the US, OpenDNS servers will be much further away than your ISP's servers.

Personally, I gave OpenDNS another try a couple of days ago, but surfing felt generally slower and I had my brother complain how he can't access some of the websites he regularly visits.

OpenDNS has never blocked any Legit safe websites.

[brentaal]

OpenDNS has never blocked any Legit safe websites.

Interesting. How exactly would you know that? Do you visit every web site in OpenDNS's cache?

I'm aware of at least two perfectly legit web sites that used to be blocked.

That coupled with occasional downtime and no servers in my proximity mean I won't be using it.

[BajiRav]

When I switched to Verizon FiOS, my Xbox used to take a long time to sign in to Xbox Live. So I switched to OpenDNS on my router and Xbox then started signing up before my TV showed the dashboard. But then, having OpenDNS somehow messed up my work VPN where names of hosts at my work wouldn't resolve. So I switched my router back to ISP's DNS and only Xbox was using OpenDNS. Here comes the problem - over last few months - ever since the NXE shipped, my XBL sign up started taking longer and Xbox party would frequently freeze. All this while I had completely forgotten about the OpenDNS entries on Xbox. Last week, I removed them and now using FiOS' DNS servers. No lag, no worries.

Bottom line - Your mileage may vary. ;)

[NoLiMiT06]

I have used it in the past and I really like it. I just redid it actually, I have never paid much attention to torrent speeds with it but I will let you know. Going to download the Opie & Anthony show :)

[+John Teacake MVC]

I set a tracert running. The left hand side shows OpenDNS and the Right hand side is BT Broadbands DNS Servers. You work out which is quicker. I don't know if its a placebo or not but I have just switched over to OpenDNS and browsing seems to have speeded up ALOT.

Go Figure . . .