Episode: 132
Title: HPR0132: OpenDNS
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0132/hpr0132.mp3
Transcribed: 2025-10-07 12:12:03

---

MUSIC
Hello and welcome to Hacker Public Radio. I'm Rowan Golfa and today I'm going to be speaking
about OpenDNS. This will be a short episode, maybe 10 or 12 minutes and I'm going to tell
you what OpenDNS is, what service they provide, a history of the company. And I'm then
going to give the reasons why I decided I wanted to use this service on my home and work
networks and a step side took to get it working the way I wanted. The final I'm going to make
a suggestion is to how young entrepreneurial hackers can make some beer money by helping
others implement this service. Okay, so on with the podcast. What's my unique podcasting
technique today? I think it's very important that all podcasters have a unique technique.
Dave Yates, does it travelling at 75 miles an hour? Zoke, does it in just one ear? Ken
Fallon, does it walk in through the park breathlessly with the lovely historic accent? Chad
Wallenberg, does it on his guitar? So, you may ask, what has Rowan Golfa got to be
sleeve? Well, all I could think of was to record this episode in the smallest room in
the house, so to speak. So, I believe you are listening to the world's first podcast
recorded on the love of tree. That's better. Okay, so on with the show. OpenDNS, I'm going
to assume that you all know how DNS look up works. So, did a nice yellow pages analogy
in HPR episode 91, if you need to refer back. But basically, if you look up www.website.org,
the DNS look up process, just points your browser to whatever that is in a correct table,
this DNS look upservice is normally provided by your internet services provider and OpenDNS
is an alternative provider of that service. Well, why do we need a different service.
Well, here's the background to the company. OpenDNS was launched by David Ulevitch in
in July 2006, so it's a baby of a company really.
He received venture capital funding from minor ventures,
which in turn was founded by CNET co-founder Halcy Minor.
OK, so that's reassuring.
At least no mention of those Starbucks bastards.
Only kidding, I love Starbucks.
Is it worth switching to open DNS?
The answer to that is a definite maybe.
Some of the arguments against open DNS are privacy.
Using open DNS means you are giving yet another company
information about where you are going on the internet.
Google know more about me than my wife
and my internet service provider already know more about me
than Jehovah.
So do I really want another company collecting data about me?
Another objection to open DNS I've heard is it's not
as you could argue its name implies open source
or an open standard project.
But what are the benefits of open DNS?
Well, this company take DNS seriously a host.
They specialize in DNS look up and they
host their DNS database on powerful service.
And I suspect that this is one aspect of service provision
that some ISPs probably put on older machines.
So in theory, at least your DNS look up should be quicker
and more reliable.
So to use open DNS as your name server,
you can point your computer or router to use 208.67.222.222.
And the secondary 208.67.220.220.
When you do that, it's probably worth making a note
of what you're changing it from.
In case you ever wish to revert.
And that's all there is to it.
Once you've done made those changes,
you're using open DNS as your name server.
Will you notice the difference?
Frankly, I don't know.
I didn't.
And I don't think this is a huge selling point.
But here is where open DNS begins to act not only as a company
but as a community and provide some services that I care
about and which made it attractive proposition to me.
So I'll just stop.
Once you've set up an account, a free account with open DNS
and register yourself and your networks,
you can extend the service and use it to monitor sites
as for sites visited or even censor the sites
which users of your network can access.
You can block huge variety of sites,
either specifically.
So if you notice that there's one site
which is getting a huge amount of hits on your network
and it's a site which you feel is getting out of control,
you can just block it.
So that statistical feedback is quite useful,
really good graphical interface they have
once you've logged into your account.
But you can also block sites by category.
Commonly, black-listed categories are adult sites, of course.
Fishing sites, video sharing.
And the Open DNS Community Act to block sites.
They've got a new Fishing site.
They probably spring up every 20 seconds worldwide.
I guess that's an absolute guess.
But quickly, the advanced users of the Open DNS name sharing,
if they spot one of these things, they'll log it.
So it's not absolutely foolproof.
And it's Open DNS users who've given the feedback.
It's one user who is actually personally black-listed
over 7,500 sites, three quarters of a million sites.
So I don't know what his mission is, but so.
OK, let me pause here.
We're talking about censorship.
And this is unsavory.
I hate censorship in general.
Blocking websites can be compared to bug burning,
restricting access to information after all, isn't it?
And surely that's something only Chinese, stupid, isn't it?
But I don't want to, this is not a podcast about censorship.
That is a massive topic in itself.
But briefly, I feel I need to justify the categories
I've blocked on my networks and why I've done it.
Well, at home here, there are some things.
I don't want my kids to see yet, if ever.
They could stumble across things accidentally.
It's only a matter of time before my kids want
to know about some subject, perhaps.
I don't know.
You may want to look up the recipe for Coke or type in Britney
Spears.
I don't know.
And you head to Google, stick that in, a couple of links
later.
And you may not, you may be seeing things
that you've never in your wildest dreams imagined
as a seven or eight-year-old.
Heck, I mean, I've seen some images of Britney Spears
I used to find are quite delectable.
I've seen some of her now that are burned
onto my retinas forever, and I don't appreciate them.
So I don't want that to happen to my kids.
Also, there are some social sites at work
that I prefer my staff visited on my own time
rather than joining office hours.
But I've tried to block the bare minimum of sites,
or bare minimum of categories.
And hopefully, I've done so transparently.
For instance, I customized the block page
to explain that it was myself who'd blocked it.
Explain why x or y.com isn't allowed.
So I hope that's clear.
Two final things to mention before wrapping up.
Firstly, the steps you need to take,
if you've got a dynamic IP and want that network to be,
to use the advanced features of OpenDNS,
you need to inform OpenDNS every time that IP,
the external IP, changes.
They offer client side software for Windows and Mac
to perform this for you.
And these programs run in a taskbar
and check your IP at pre-determined intervals.
The default for that is every five minutes, bearing in mind
when you try to check your external IP that always involves
a connection out to a third party somewhere.
So every five minutes is, in my opinion, overkill.
But the Windows software seems OK once you've set that
to something a little bit more sensible.
For Linux, only users, we have to notify IP changes manually,
visiting the following link, HTTPS, colon slash slash user
name, colon password, change those as you will.
So HTTPS, colon slash slash user name, colon password,
at updates.opendns.com, forward slash NIC, forward slash update.
And you could of course use a command line browser,
such as e-links, to visit that link as an hourly crime
job.
And then that will keep your network current.
The settings that you've got will always, always work.
I, on my networks, I personally use a Python script.
I have it running on my myth box, which is on all the time.
And that checks my external IP through the website.
What is my IP.com?
And only perform the open DNS update if it finds a change.
I'll put a link in the show notes on hacker, publicradio.log
to a copy of that script if anyone wants it.
The advantages of that method is the error handling.
It will simply and cleanly quit if the network is down,
for instance.
And I also use it just to log how my IP changes over time
should be quite useful if an error comes to me for a huge
bit torrent, allowing seconds.
Hey, it's not me.
That wasn't my, exactly.
You've catch my drift.
But finally, here's an idea for budding young cis admins out
there.
If you can get the word out about open DNS, I
mean, I frequently listen to radio chat shows.
We have in the UK here, we have radio too.
There was a long time program hosted by Jeremy Vine.
You could probably even download it on the net, if you wish.
And they frequent it.
Whenever they talk about the internet, it's, oh, there's
so much stuff out there.
It's not safe.
I don't know how you can let kids anywhere near it.
And oh, my credit card.
My identity got stolen, et cetera, et cetera.
And I'm there screaming.
Well, someone come on there and say, open DNS can be set up.
And no matter how clueless you are, that will give you
an extra little bit of protection against these things,
if you're concerned about.
Nobody ever does.
And I certainly have managed to get around to it yet.
So if you hear a chat show like that on a local radio show,
or even advertising local papers say, open DNS,
protect yourself on the internet, make yourself
a little bit safer.
If you're not technically able to do it,
I'll come round and do it for you.
And it'll take you 10 minutes tops.
And 40 bucks US, I don't know what you charge.
And certainly, I think 25 quid round here for that sort
of service would probably get a few takers.
A bit of beer money.
And talking of money, should we mention audible?
I don't know, that's another group of podcasts.
Well, I hope this has been some use to somebody.
That's another heck of public radio in the cup.
Thank you.
Thank you for listening to Hack or Public Radio.
HPR is sponsored by Carol.net.
So head on over to C-A-R-O-O-J-E-C for all of the TV.