Hello and welcome to Hacker Public Radio
I'm rowinggolfer and today I'm gonna be speaking about "OpenDNS".
This will be a short episode, maybe 10-12 minutes.
I am going to tell you what "opendns" is, what service they provide, a history of the company, and what I believe is their business model (always an issue when something costs nothing)
I am then going to give the reasons why I decided I wanted to use this service both on my home and work networks, and the steps I took to get it working the way I wanted.

I am also going to make a suggestion as to how young entreprenurial hackers can make some beer money by helping others implement this service.

OK... on with the podcast.

So what's my unique podcasting technique today. 
Dave Yates doe it travelling at 75mph [sound effect]
XOKE does in it in just one ear.
Ken Fallon does it walking through a park breathlessly with de luvvliest Oirish accent.
Chad Wollenberg does it on his guitar.

So, you may ask, what has rowinggolfer got up his sleeve?
Well, all I could think of was to record this episode in the smallest room in the house, so to speak. So I believe you are listening to the world's first podcast recorded on the lavatory.

[splash]

ah, that's better.

OK, so on with the show.

OpenDNS.

I am going to assume that you all know how DNS lookup works. Xoke did a nice yellow pages analogy in HPR episode 91. You lookup www.website.org, and the DNS lookup process points your browser to xxx.xxx.xxx.xxx .
This DNS service is normally provided by your ISP.

OpenDNS is an alternative provider of that service.

Well here's the background (taken from wikipedia)
OpenDNS was launched by David Ulevitch in July 2006. He received venture capital funding from Minor Ventures, which in turn was founded by CNET co-founder Halsey Minor. 
OK, so that's re-assurring... right? At least no mention of those Starbucks Bastards. Only kidding, I love starbucks. I fancy a coffee now actually. Perhaps we should take a Klaatu style pause? nope. tell you what, let's order one in.....
"Honey, can you make me a cappuchino? I'm on the kasi recording an HPR."


So is it worth switching to OpenDNS? The answer to that is a definate maybe. 

Some of the arguments against Open DNS are:
1. Privacy - using openDNS means that you are giving yet another company information about where you're going on the internet. Heck Google know more about me than my wife, and my ISP knows more about me than Jehovah. So do I really want another company collecting data about me?
2. it is not, as you could argue its name implies, an open source project.

So what are the benefits?
1. they take DNS seriously, and host their DNS database on powerful servers. I suspect some isp's put their dns servers on older machines?
So in theory at least, your DNS lookups should be quicker, and more reliable.

to use OpenDNS as your nameserver, either point your computer or router to use 208.67.222.222 and 208.67.220.220. (make a note of what your changing it from in case you ever wish to revert)
That's all there is to that. You're now using openDNS.

So will you notice the difference? Frankly I don't know, certainly I didn't, and I don't think this is a huge selling point.

But here is where OpenDNS begins to act not as a company, but as a community, and provide services that I care about. So listen up.

Once you have you set up an account (which is free) and register yourself and your network eith OpenDNS, you can extend the service, and use it to monitor sites visited, or indeed censor the sites which users of your network can acess. You can block a huge variety of sites, either specifically, or by category. Commonly blacklisted categories are porn (of course), phishing sites, and Video Sharing.
The OpenDNS Community act quickly to block sites.
I read about one user who has blacklisted over 750,000 sites. A man with a mission.


Let me pause here. This is unsavoury. I hate cenorship in general, blocking websites can in my opinion by compared to book burning. Restricting access to information is something only the Chinese stoop to... isn't it?
I don't want to get hung up talking about Censorship... that's a massive topic in itself. But briefly, let me justify the categories I've blocked on my networks.

There are some things I don't want my young kids to see yet.
It's only a matter of time before my kids want to know more about some subject perhaps ... I don't know "coke" or "Britney Spears" perhaps... and they head to google, a couple of links later and she's seeing things which were not expected. Heck I've seen images of the once delectable Britney that are burned onto my retinas forever.
There are some social sites which I would prefer my staff visited on their own time, rather than during office hours. 

I've also tried to block the bare minimum of sites, and have done so transparently.
For instance I customised the "block page" to explain why X or Y dot com isn't allowed.

I hope that is clear.

I have 2 final things to mention before wrapping up. Firstly the steps you need to take if you have a dynamic IP and want to use the advanced features of openDNS. Basically you need to inform openDNS that you have a dynamic ip then let them know everytime your external ip changes. they offered client side software for windows and mac, and these programs run in the task bar, and check your ip at pre-determined intervals. (The default is every 5 minutes!) Now bearing in mind checking your external ip involves a connection out to a 3rd party site. Every 5 minutes seems like overkill, but the windows software seems ok once you've set that to something a little more sensible.
For us linux only users, we have to notify ip changes manually by visiting the following link https://username:password@updates.opendns.com/nic/update  and you could of course use a command-line browser such as elinks to visit that link and do so as an hourly cron job.

I personally use a python script running on my myth box, and check my external ip through whatismyip.com and only perform the openDNS update if necessary. I'll put a link in the show notes on hackerpublicradio.org to a copy of my script. The advantages of this method is the error handling. It will simply and cleanly quit if the network is down for instance, and it also logs how my ip changes over time.

And Finally, here's an idea for budding young sysadmins out there.
get the word out about openDNS. next time you listen to a radio chat show and folks are saying how unsafe the internet is.. ring in. tell them about openDNS. or advertise in the local papers.

Say you'll visit, and make their internet safer, stop them getting phished, and keep the missus from seeing Jonah Falcon's manhood etc....
in 10 minutes tops. and charge what... 40 bucks US?

Talking of money... let me mention audible.com they're such great folks....