Discussion on:

How do I... Configure OpenDNS in Windows Vista?

Are you using OpenDNS? Has it helped resolve your connection issues? Would you recommend it to your peers? Why are the DNS servers provided by ISPs less reliable?

OpenDNS on one of my clents computer system thats runs a windows 2000 enviroment. I like the control that it gives you as an administrator to blacklist certain sites that management doesn't want their employees surfing while working (e.g. youtube, myspace, gambling sites, etc.) It also did help speed up our internet connection while helping to control bandwidth by "blocking" unnecessary web surfing. I highly recommend it. It would also be good for use in the home to help control "bad" sites that might be stumbled upon by children. I've been using it for around 6 months with absolutely no issues at all.

-Patrick

How exactly did the connection speed up?

For example, you had a 8mbit line before and
now you have a ????

I would say it just provided faster name
resolution myself, the speed of the
connection was the same.

I would have to say that, as I have been using OpenDNS for a couple months now, it is not actually speeding up the connection, just the name resolution so pages load faster. In that sense, it definitely gives the illusion that your connection is faster, but really doesn't have any effect on your actual bandwidth. I searched in vain for a long time for a solution to the issue of blocking for my children. I stopped just short of configuring a Mandrake Multi-Network Firewall server. Then I found an article on LifeHacker about OpenDNS, tried it, and loved it. I have discovered that several sites are not blocked, but when you create an account on OpenDNS.com, you can specifically block those sites. For those of us with children on the internet, this is a welcome relief. FYI...I have found numerous sites that have VERY XXX rated content that OpenDNS does not by default block, even though it is set up to block all pornographic content. The websites all seemed to have a *.name domain name (like www.samplesite.name) so I set a block in OpenDNS to block all sites that end in .name. I have not had a chance to verify that this was effective as I do my best to stay away from those types of sites. But OpenDNS took the block command without error. Sorry to be so wordy, just wanting to help in any way I can!

I have heard a lot about the good things of opendns. But because it is US based is there any benifit in me connecting to it as i am in Australia?

It probably wont provide you with faster name resolution, as there are no servers currently located in your area. There are five in the U.S., and one in London. If your ISPs DNS is wonky, OpenDNS has very good uptime.

If you want customizable filtering, "shortcuts", or net stats, OpenDNS is for you. http://www.opendns.com/ Check it out.

Oh, lots of folks from around the world use it, so there must be something they like.

if there is a local network and it is working in a domain, so all the worstation DNS configured to local DNS or DC.

You configure you domain DNS server to use a forwarder. There are instructions on the site on how to do that, if you don't already know.

It is generally faster (most noticeable on dial-up), has lots of cool features for those interested, and already had better defense against Kaminsky's DNS attack while ISPs were dragging their feet applying patches.

If you like the network statistics dashboard of OpenDNS, and you have a dynamically assigned IP address, you need to install the tiny OpenDns Updater (or one of the similar programs offered) so that the Dashboard can gather statistics for you as your IP address changes. 'nix users can chron to the same end.

i just set this up for my home computers. Used the router option rather than mess with Vista. Worked fine but i had to reset the router and restart Vista to see the correct DNS in ipconfig.

They have a routine "OpenDNS Updater" for dynamic IP addresses - i assume i only need that on my computer to monitor the ISP traffic???

I was just curious if you have IPv6 enabled on the active subnet? If it isn't, having IPv6 enabled on that network adapter is a security risk, especially if your perimeter router/firewall is not IPv6 capable.

It's quite easy for an attacker to use IPv6 traffic to subvert that workstation if IPv6 traffic isn't getting filtered at the firewall. If interested there's a podcast about that very subject.

http://blogs.techrepublic.com.com/networking/?p=688

Also I'd like to mention that OpenDNS is one way to avoid the DNS vulnerability called the Kaminsky bug. If interested there is an article about that as well:

http://blogs.techrepublic.com.com/networking/?p=622

a firewall just lets through any traffic it does not understand. Surely not?

I was surprised at that as well. Since I first learned about this, I've tested several firewalls that aren't IPv6 ready and IPv6 traffic passed right through.

I use openDNS at home and it works great. I set my
router's primary/secondary DNS servers to openDNS
rather than doing so via Windows (hence, you set it up
once rather than on all your machines).

I've used OpenDNS for more then a year at home. But then I have Comcast cable. Too many times I have received "site not found" which was due to DNS errors with Comcast. No problems now and it's been working fine with every site I use.

Maybe I setup something wrong, but I configured a small office workgroup that uses a NetGear Prosafe device as the firewall/router to use OpenDNS and the office looses the ability to use NetBIOS names for mapped drives, etc.

I configured DNS settings at the firewall as all computers are configured to use DHCP. Since this workgroup is only 5 computers, there is no internal DNS server, no WINS server, and no Windows Server. Just the computers with shared resources. Remove the OpenDNS Ip's from the Netgear and use the setting "Use DNS from ISP" setting, and all NetBIOS names work as expected. Strange behavior. Short of having to actually create a hosts file and load that onto each computer, I was wondering if anyone had any suggestions?

Consequently, I am using OpenDNS on a Win2K DNS server (as the forwarders) for an AD domain with zero issues. Of course, all clients see the AD DNS only, and are reliant on the AD DNS for name resolutions, both internal and external. Wish the workgroup setup worked as easily.

I run internal DNS servers, whose sole purpose is to delineate our staging environment from production. I can just imagine when the lab monkeys start tweaking their netconfigs, find out that their boxes can no longer get to the proper resources, and I have to run out and fix their screw-ups.

Next time, add a caveat - like do an Alt-Printscreen and print out what your configuration looks like, in case you have to put it back....

I use opendns to prevent porn etc. It sometimes fails badly, but judging by the number of blocked sites it normally works well. I found it amazing how many sites seem to offer legitimate things but are a cover for all kinds of horrific items, pics, scams ... Opendns is an excellent bit of kit

I have a Vista OS, that is for update, from XP, but it looks for a 'new PC', but, in the process, it looks for the Internet, and the second PC. How do I update XP to Vista?

Sincerely,

hghopkins@peoplepc.com

where did you got this 2DNS servers?
208.67.222.222
208.67.220.220

I don't think this is applicable to all location and networks? DO we need to use our server's DNS instead of those?