Web Development

How do I ... configure OpenDNS in Windows Vista?

DNS entries are often the primary suspect on a slow network connection. To avoid this you can use OpenDNS. Jack Wallen shows you how install and configure it on Microsoft Windows Vista.

DNS entries can often be the primary suspect on a slow network connection. From routers to individual machines, DNS entries are typically received via DHCP, and if you're mobile with your laptop, you never know if the DNS entries you receive will be working, sort-of-working, or not working. To avoid this, you can use OpenDNS. OpenDNS was created by David Ulevitch in 2006 to provide solid DNS servers to consumers and businesses instead of being stuck with the less-than-effective DNS servers provided by your ISP.

But OpenDNS doesn't stop with domain name service services. OpenDNS also offers a phishing filter, domain blocking, and typo correction. But the most important service offered by OpenDSN is their namesake -- DNS.

Do not be confused by the name; OpenDNS is not an open source software app or service. OpenDNS gets a portion of its revenue with advertising on an OpenDNS server when an unknown URL is directed to OpenDNS. You may have come across one of these pages. You enter an address only to come to a site that lists possible existing URLs -- instead of the Page Load Error page displayed by your browser. This is OpenDNS.

But let's get to the point -- DNS. Setting up Vista to use OpenDNS is simple. Let's see just how simple.

This blog post is also available in PDF format in a TechRepublic download.

Configuring for OpenDNS

Let's assume you are using a laptop that gets its IP address and gateway via DHCP but you often have problems with the DNS entries you receive from one access point or another. The first thing you need to do is click on the Star button (or "Orb" as some call it) and then enter ncpa.cpl in the search text area (you can just start typing as soon as the Start Menu appears -- see Figure A).

Figure A

This is nothing more than a shortcut to bring up the Network Connections window.
Once the Network Connections window is open (Figure B) you will want to select your current active network connection.

Figure B

Right-clicking will open the necessary menu to get to the connection properties.
When the new menu opens, select Properties, which will open the Wireless Network Connection Properties window (Figure C).

Figure C

You will want to select TCP/IP v4.
Once you select TCP/IP v4, click the Properties button to open up the TCP/IP v4 Properties window (Figure D). This is where you will take care of the actual configuration.

Figure D

One option here will be changed.

From the TCP/IP window, select Use the Following DNS Server Addresses and enter the following:

208.67.222.222
208.67.220.220

Now click OK on the TCP/IP Properties window and then click Close on the Wireless Network Connection Properties window. The changes should automatically take effect. And by configuring OpenDNS in this manner, no matter which network you connect to, your DNS entries will always come from the same reliable OpenDNS entries. So networking should be smooth sailing.

Final thoughts

OpenDNS is a very reliable solution to the often-confounding problem of slow DNS servers. And since ISP DNS servers can't always be relied upon, why not choose a solid, never-changing solution? OpenDNS is a very intelligent DNS configuration for anyone, especially those with mobile solutions who must count on speedy connections but cannot always count on having speedy DNS servers.

TechRepublic's Windows Vista Report newsletter, delivered every Friday, offers tips, news, and scuttlebutt on Vista development, as well as a look at new features in the latest version of the Windows OS. Automatically sign up today!

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

26 comments
CTC_Tina
CTC_Tina

where did you got this 2DNS servers? 208.67.222.222 208.67.220.220 I don't think this is applicable to all location and networks? DO we need to use our server's DNS instead of those?

hghopkins
hghopkins

I have a Vista OS, that is for update, from XP, but it looks for a 'new PC', but, in the process, it looks for the Internet, and the second PC. How do I update XP to Vista? Sincerely, hghopkins@peoplepc.com

mec
mec

I use opendns to prevent porn etc. It sometimes fails badly, but judging by the number of blocked sites it normally works well. I found it amazing how many sites seem to offer legitimate things but are a cover for all kinds of horrific items, pics, scams ... Opendns is an excellent bit of kit

brian
brian

I run internal DNS servers, whose sole purpose is to delineate our staging environment from production. I can just imagine when the lab monkeys start tweaking their netconfigs, find out that their boxes can no longer get to the proper resources, and I have to run out and fix their screw-ups. Next time, add a caveat - like do an Alt-Printscreen and print out what your configuration looks like, in case you have to put it back....

freedog96150
freedog96150

Maybe I setup something wrong, but I configured a small office workgroup that uses a NetGear Prosafe device as the firewall/router to use OpenDNS and the office looses the ability to use NetBIOS names for mapped drives, etc. I configured DNS settings at the firewall as all computers are configured to use DHCP. Since this workgroup is only 5 computers, there is no internal DNS server, no WINS server, and no Windows Server. Just the computers with shared resources. Remove the OpenDNS Ip's from the Netgear and use the setting "Use DNS from ISP" setting, and all NetBIOS names work as expected. Strange behavior. Short of having to actually create a hosts file and load that onto each computer, I was wondering if anyone had any suggestions? Consequently, I am using OpenDNS on a Win2K DNS server (as the forwarders) for an AD domain with zero issues. Of course, all clients see the AD DNS only, and are reliant on the AD DNS for name resolutions, both internal and external. Wish the workgroup setup worked as easily.

butkus
butkus

I've used OpenDNS for more then a year at home. But then I have Comcast cable. Too many times I have received "site not found" which was due to DNS errors with Comcast. No problems now and it's been working fine with every site I use.

groffg
groffg

I use openDNS at home and it works great. I set my router's primary/secondary DNS servers to openDNS rather than doing so via Windows (hence, you set it up once rather than on all your machines).

Michael Kassner
Michael Kassner

I was just curious if you have IPv6 enabled on the active subnet? If it isn't, having IPv6 enabled on that network adapter is a security risk, especially if your perimeter router/firewall is not IPv6 capable. It's quite easy for an attacker to use IPv6 traffic to subvert that workstation if IPv6 traffic isn't getting filtered at the firewall. If interested there's a podcast about that very subject. http://blogs.techrepublic.com.com/networking/?p=688 Also I'd like to mention that OpenDNS is one way to avoid the DNS vulnerability called the Kaminsky bug. If interested there is an article about that as well: http://blogs.techrepublic.com.com/networking/?p=622

bcarpent1228
bcarpent1228

i just set this up for my home computers. Used the router option rather than mess with Vista. Worked fine but i had to reset the router and restart Vista to see the correct DNS in ipconfig. They have a routine "OpenDNS Updater" for dynamic IP addresses - i assume i only need that on my computer to monitor the ISP traffic???

Mark W. Kaelin
Mark W. Kaelin

Are you using OpenDNS? Has it helped resolve your connection issues? Would you recommend it to your peers? Why are the DNS servers provided by ISPs less reliable?

seanferd
seanferd

First, I highly recommend editing your post to remove your email address, as posting your email address in forums is a good way to get spammed. Spammers crawl the internet looking for such. My second suggestion is that you post your question in the Questions Forum, as you are more likely to get some help there. There is a link near the top of the page, but I'll post it right here for you: http://techrepublic.com.com/5200-6230-0.html?contentType=2 Personally, I've never heard of anything like your situation. When you ask your question, please provide information such as what computers are on your home network and how it connects to the internet. Include the model of the computer you are trying to install the Vista upgrade on, and where you got the upgrade disc (e.g., is it from the computer vendor who sold you the XP system?). If it is an OEM upgrade disc from a vendor, it can only be installed on the computer it was originally intended for.

seanferd
seanferd

That's when you add the site to your own settings, and offer it to the community for generic inclusion. Or do you mean that the failure occurs for sites listed as blocked?

The 'G-Man.'
The 'G-Man.'

a firewall just lets through any traffic it does not understand. Surely not?

Luke G.
Luke G.

Because OpenDNS saves your preferences and applies them to any PC IP address you've registered with them in your account. The problem that occurs is that when your IP changes it is no longer in your account and no longer gets your preferences applied to it. You would still get the benefits of the faster name-resolution, however. So, if you are on a non-static IP and want the full features of your OpenDNS account, you need the updater, or an updater of some kind. I have my LinkSys/DDWRT router do the updating for me, and I have set the DNS there to override any other DNS requests from my home network to go to OpenDNS' servers instead. No config needed on the PCs at all for me.

Ken Wolf
Ken Wolf

I would have to echo Patrick@...comments about OpenDNS. I have it implemented on the network I manage at work as well at another client's office and my home network. I have helped other users I have supported implement it on their home networks as well. I highly recommend using this great service.

seanferd
seanferd

It is generally faster (most noticeable on dial-up), has lots of cool features for those interested, and already had better defense against Kaminsky's DNS attack while ISPs were dragging their feet applying patches. If you like the network statistics dashboard of OpenDNS, and you have a dynamically assigned IP address, you need to install the tiny OpenDns Updater (or one of the similar programs offered) so that the Dashboard can gather statistics for you as your IP address changes. 'nix users can chron to the same end.

alashhar
alashhar

if there is a local network and it is working in a domain, so all the worstation DNS configured to local DNS or DC.

j_croydon
j_croydon

I have heard a lot about the good things of opendns. But because it is US based is there any benifit in me connecting to it as i am in Australia?

patrick
patrick

OpenDNS on one of my clents computer system thats runs a windows 2000 enviroment. I like the control that it gives you as an administrator to blacklist certain sites that management doesn't want their employees surfing while working (e.g. youtube, myspace, gambling sites, etc.) It also did help speed up our internet connection while helping to control bandwidth by "blocking" unnecessary web surfing. I highly recommend it. It would also be good for use in the home to help control "bad" sites that might be stumbled upon by children. I've been using it for around 6 months with absolutely no issues at all. -Patrick

Michael Kassner
Michael Kassner

Arbor Networks is one of my got to resources and their CTO jsut mentioned this today: "Last year IPv6 didn't register in scale, but now it's emerging as a concern on the security side," says Malan. "Attackers are going to try it or use it as a transport mechanism for botnets. IPv6 has become a problem on the operational side."

Michael Kassner
Michael Kassner

I was surprised at that as well. Since I first learned about this, I've tested several firewalls that aren't IPv6 ready and IPv6 traffic passed right through.

jerickson
jerickson

You configure you domain DNS server to use a forwarder. There are instructions on the site on how to do that, if you don't already know.

seanferd
seanferd

It probably wont provide you with faster name resolution, as there are no servers currently located in your area. There are five in the U.S., and one in London. If your ISPs DNS is wonky, OpenDNS has very good uptime. If you want customizable filtering, "shortcuts", or net stats, OpenDNS is for you. http://www.opendns.com/ Check it out. Oh, lots of folks from around the world use it, so there must be something they like.

The 'G-Man.'
The 'G-Man.'

How exactly did the connection speed up? For example, you had a 8mbit line before and now you have a ???? I would say it just provided faster name resolution myself, the speed of the connection was the same.

2000mcse
2000mcse

I would have to say that, as I have been using OpenDNS for a couple months now, it is not actually speeding up the connection, just the name resolution so pages load faster. In that sense, it definitely gives the illusion that your connection is faster, but really doesn't have any effect on your actual bandwidth. I searched in vain for a long time for a solution to the issue of blocking for my children. I stopped just short of configuring a Mandrake Multi-Network Firewall server. Then I found an article on LifeHacker about OpenDNS, tried it, and loved it. I have discovered that several sites are not blocked, but when you create an account on OpenDNS.com, you can specifically block those sites. For those of us with children on the internet, this is a welcome relief. FYI...I have found numerous sites that have VERY XXX rated content that OpenDNS does not by default block, even though it is set up to block all pornographic content. The websites all seemed to have a *.name domain name (like www.samplesite.name) so I set a block in OpenDNS to block all sites that end in .name. I have not had a chance to verify that this was effective as I do my best to stay away from those types of sites. But OpenDNS took the block command without error. Sorry to be so wordy, just wanting to help in any way I can!

Editor's Picks