DNS service promises safer, faster browsing

A San Francisco start-up is promising faster, safer and smarter Web surfing--but there's a catch.

OpenDNS says its free address-lookup service makes Web sites load faster, and that it blocks malicious, data-thieving phishing schemes and other threats. Furthermore, the service corrects obvious typos in URLs, sending people to the site they intended to visit, it says.

To pay for it, though, the company serves up ads and a search page, instead of an error page, if the user enters a Web address that doesn't exist or can't be corrected. The approach is similar one used in an unpopular VeriSign service called Site Finder, which was pulled soon after its launch in 2003.

"I like the idea of improving performance, but the business model is the issue," said John Pescatore, an analyst at research firm Gartner. "Advertising on mistypes is a very iffy thing. VeriSign got a very negative reception, and I think the same is true here."

OpenDNS offers public Domain Name System, or DNS, service. DNS functions as the "phonebook" of the Internet, mapping text-based domain names such as www.cnet.com to the numerical IP addresses used by computers. Internet users typically use the DNS service run by their service provider. OpenDNS offers an alternative "phonebook," with extras.

"We are adding an element of choice, which does not exist for DNS today," said David Ulevitch, chief executive of OpenDNS. "People don't know that there are different DNS servers available. The benefit is a faster, safer and smarter DNS."

OpenDNS says its DNS service outpaces rivals because of its speedy Net connections and intelligent caching. It claims to be safer because it blocks access to known phishing Web sites and known channels that hackers use to control compromised computers. The smarts come from correcting mistypes, turning craigslist.og into craigslist.org, for example.

Experts see OpenDNS as a possible alternative to the spotty DNS service offered by some Internet service providers.

"Many ISPs have frequent DNS brownouts, where DNS response time is slow," Pescatore said. For example, last year broadband access provider Comcast had several DNS outages, effectively knocking its customers offline, he said. "There is a lot of room for improvement in DNS performance."

However, a speed increase depends on geography--the closer you are to an OpenDNS server, the quicker the response, experts said.

A DNS request will have to traverse the Net to one of OpenDNS' servers, currently located on the east and west coasts of the U.S. and planned for Chicago, London and Hong Kong. A local service may be faster and more reliable, said Cricket Liu, a DNS expert and vice president of architecture at DNS appliance maker Infoblox.

"A local, well-managed name server with a decent-sized cache will provide better performance, on average, than a remote name server with a huge cache," Liu said. "I also don't want to depend on the networks between me and the remote name server being up all the time."

Filtering phishers
The safe-surfing and typo correction features could also have their stumbling blocks, experts said.

Phishing is a major problem. In May, just over 20,000 phishing Web sites--a new record--were reported to the Anti-Phishing Working Group. Protecting users against scams is important. However, providers must strive to make sure they offer complete protection, as inaccurate and incomplete shields could be worse than none at all, experts said.

"If users begin to trust the service and assume that sites they get to have been vetted, what happens when a heretofore unknown phishing site slips past?" Liu asked.

OpenDNS uses blacklists to block access to known phishing sites, the company said. It gets phishing data from a number of unnamed partners and constantly updates the information, it said. The company does not, however, have a partnership with the Anti-Phishing Working Group, a cross-industry group that also works with law enforcement agencies.

Though OpenDNS is the first to offer a phishing shield at the DNS level, there is plenty of competition in the antiphishing area from toolbar and Web browser makers. Upcoming Internet Explorer and Firefox updates will both include phishing protection, rendering other protection means largely redundant, Pescatore said.

Correcting a user's errors in typing Web addresses might be helpful, but only if it is limited to rewriting the most popular domain extensions--for example, "cmo" to "com" and "og" to "org", Liu said. More could cause problems. A typo could be a genuine attempt to reach a Web site with a name similar to a better-known site, he said.

To use OpenDNS, people have to change their DNS settings, which are not always obvious to find. The change should be done either in an Internet browser or on a home-networking router. OpenDNS has step-by-step instructions on its Web site.

Paul Mockapetris, the inventor of DNS and chief scientist at secure DNS provider Nominum, said DNS is like the water of the Internet. In that analogy, OpenDNS is like bottled water. If you use it, you don't have to trust the local water, which may be polluted or diseased, Mockapetris said.

"Of course, you have to trust the OpenDNS folks, and I suspect they are looking forward to showing you advertising. So maybe it is more like Gatorade, and maybe they will fluoridate their DNS and add stuff that will kill your prized fish in the aquarium as well as the phish they are looking for," he said.

(Editor's note: OpenDNS is funded in part by Minor Ventures, a venture capital firm founded by Halsey Minor, also founder of CNET News.com parent CNET Networks.)

[maxwis]

Can They Prove It Is Faster?

OpenDNS makes an unsubstantiated claim that their DNS is faster. They do not even have the guts to provide a DNS benchmarking tool that a prospective user could run "before" and "after" to determine if it is worth switching to their service. They also make no mention of service uptime, aka service level agreement (SLA).

[pencoyd]

We look forward to proving it

Maxwis, all our internal tests demonstrate that OpenDNS _is_
faster than other services, through a combination of our
software, our architecture and our network.

Nearly every report we've received from those who have
switched has confirmed our internal tests.

We agree that outside benchmarks, or head-to-head
comparisons against existing services, are more compelling and
more trustworthy. If you're interested in helping us provide
those, please let me know via <a class="jive-link-external" href="http://www.opendns.com/contact" target="_newWindow">http://www.opendns.com/contact</a>

We will show, not just tell, as much as we can. Try OpenDNS for
yourself, and tell me what you see (my email address is on the
website).

John Roberts
VP of Product
OpenDNS

[brianguy]

Very fast on Qwest DSL in Seattle

Wow, I notice a huge speed improvement on my Qwest DSL line in
Seattle.

[guyfrom2006]

How about a DNS less Network

NetAlter claims to be offering a DNS less address system which performs similar to a P2P system but more secured in discovering computing resources in its network. When a user logs into the NetAlter browser, the NetAlter server identifies the ID of the user and publishes it across the network as being online and available for access. Depending on the users preferences (personal portal, file sharing, etc) other users using the NetAlter Browser are able to locate the resources offered by the first user and vice-a-versa.

Though NetAlter Servers maintain a phonebook(listing) of active and passive NetAlter IDs, users do not have to type a url or domain ip address to get to the other computers.

[WilbertNL]

Advertising not so bad

I don't mind that openDNS is funded by ads on their search page. It's less intrusive, since you only get that page after unsolvable requests.