Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

186 comments

Advantage? (5, Funny)

Anonymous Coward | about 8 years ago | (#15690415)

Among its claimed advantages . . . Faster myspace


Anti-fraud or not, someone's getting lied to there.

Someone getting lied to... (1)

Ritz_Just_Ritz (883997) | about 8 years ago | (#15690574)

That would be the new and improved venture capital weenies who are throwing money around again like crackheads. I guess they didn't learn their lesson last time around.

Didn't RTFA... (-1, Flamebait)

Anonymous Coward | about 8 years ago | (#15690420)

...but WTF is with "faster myspace". Mark article -1, irrelevant. What happened to news for nerds, or stuff that matters?

Oh, f1rst p0st.

Re:Didn't RTFA... (-1, Troll)

Anonymous Coward | about 8 years ago | (#15690432)

Oh, f1rst p0st.
Nope, haha fucking looser.

Re:Didn't RTFA... (4, Informative)

Akaihiryuu (786040) | about 8 years ago | (#15690631)

OpenDNS has been around for YEARS. The original reason it was made had nothing to do with any of this, it was so that members could vote to add new root domains that would have never been added to the "official" DNS servers. It was an end run around ICANN, basically. There are very few restrictions on OpenDNS on what can be added, and it's all voted on by the members. I actually tried using OpenDNS for awhile, but I had problems with it. There just weren't enough servers, and those that were there went down frequently. They acted as a relay to the "real" DNS as well, so you could resolve .com, .net, .org, etc. But after the 5th DNS outage in a month, I finally set BIND on my server to hit the root servers again instead of OpenDNS. The service just wasn't reliable enough. These goals that are being mentioned in this article have absolutely nothing to do with what OpenDNS was supposed to be about. Either TFA is BS written by a media drone who has no clue what's going on, or OpenDNS has radically changed its goals since I last used it a year ago. I hope for their sake that it's the former.

Re:Didn't RTFA... (1)

14CharUsername (972311) | about 8 years ago | (#15690821)

Yeah, I thought the exact same thing. But opendns has apparently changed. I'm guessing the old openDNS went out of business and some guys just bought the name since on the site it says they started in 2005, and the old openDNS was older than that I think.

Re:Didn't RTFA... (1)

fossa (212602) | about 8 years ago | (#15691230)

Are you sure you're not thinking of OpenNIC [unrated.net] ? I also tried to use them once but had many problems and didn't really like the seemingly endless supply of pointless top level domains.

Adverts? (5, Insightful)

HugePedlar (900427) | about 8 years ago | (#15690423)

"Currently, web surfers simple(sic) get an error message when they attempt to navigate to an unused domain. OpenDNS users will instead be routed to a company server that will present a list of search engine results and paid advertisements."

No thanks.

Re:Adverts? (4, Insightful)

trezor (555230) | about 8 years ago | (#15690463)

Second that.

Plus trying to get the entire internet to change one of its key components is a rather ambitious attempt.

The guy even admits that the current phishing and scamming attempts are a social problem, not a technological one. Who's to say this new system won't be abused?

I'll save my enthusiasm for something else.

Re:Adverts? (4, Insightful)

KiloByte (825081) | about 8 years ago | (#15690509)

Who's to say this new system won't be abused?

Suspecting abuse in a SiteFinder-like system? You must be joking...

Two words: censorship and advertising. Isn't this everything we want?

Re:Adverts? (4, Insightful)

KiloByte (825081) | about 8 years ago | (#15690742)

Oh, wait. I would forget: add gathering marketing data. They'll learn what are the most commonly mistyped domain names, so they can typosquat them for some extra dough.

Re:Adverts? (4, Informative)

bigpat (158134) | about 8 years ago | (#15691250)

Plus trying to get the entire internet to change one of its key components is a rather ambitious attempt.

This is not to replace the "entire internet" with a new DNS system. From my read of their website, it is a individual choice to set up your computer using their DNS servers. And they are being very clear about how their servers will behave and what they will do with incorrectly typed addresses. This is from the same guys who have been running one of the most reliable free DNS services, everydns [everydns.net] .

Re:Adverts? (3, Insightful)

jafiwam (310805) | about 8 years ago | (#15691339)

It doesn't matter. NXDOMAIN response needs to exist for a lot of other reasons that makes the 14 year old myspace user getting an ugly error message over a spammer's search page irrelevant.

I don't care if he's the queen mother pope jesus vishnu all in one. What the guy is proposing is fucking stupid.

Stop fucking with DNS. Gimme a friggin IP when I query with a hostname. Gimmie a hostname when I query an IP. STOP THERE. THAT'S IT. NOTHING MORE TO SEE.

If something more "friendly" needs to happen, it needs to happen at the application layer instead.

Re:Adverts? (5, Funny)

kjart (941720) | about 8 years ago | (#15690488)

Agreed. I enjoy how users are 'protected' from phising/spam/advertising by this service by getting more ads! It's like pushing someone out of the way of a speeding car and then punching them in the face.

Re:Adverts? (2, Informative)

Freexe (717562) | about 8 years ago | (#15690604)

I would prefer to be hit in the face than hit by a speeding car... although I'm not stupid enough to walk out in front of a speeding car.

Re:Adverts? (1)

JasonBee (622390) | about 8 years ago | (#15691103)

more examples:

Using your Smartcar to knock someone out of the way of a 1970's buick that is about to hit them. Or maybe riding your bike into them instead. I know...two downhill skiers hitting you out of the way before a Grizzly bear mauls you. I don't have my inertial equivalent spreadsheet with me, so these analogies may be non-equal.

JB

Re:Adverts? (1)

Kopretinka (97408) | about 8 years ago | (#15691118)

More like pulling somebody from the path of a fist and then running them over with a car.

Re:Adverts? New? (1)

andrewman327 (635952) | about 8 years ago | (#15690496)

Doesn't Microsoft already do this in IE?

The word is "monetization". (4, Insightful)

khasim (1285) | about 8 years ago | (#15690519)

This is nothing more than another attempt to make some money off of the basic infrastructure of the Internet. DNS is free right now. And to some people, that means that there is a chance to "monetize" that service.

But how to turn a profit from something that's being given away for free right now?

You'd have to offer some additional incentives. Like "phishing blocking" or claiming that a popular website would "load faster".

As far as I know, the DNS resolution has never been the problem for MySpace loading slowly. It's slow because so many other people are hitting their servers and bandwidth. And since Win2K, Microsoft has included a caching DNS app so once you do hit MySpace, you've cached the address on your workstation. You can't get much faster than that.

Re:The word is "monetization". (1)

Chris Daniel (807289) | about 8 years ago | (#15690649)

As far as I know, the DNS resolution has never been the problem for MySpace loading slowly. It's slow because so many other people are hitting their servers and bandwidth.
At least another factor is rendering time for the ridiculous markup and other things people use on their profiles -- a client resources problem.

Re:The word is "monetization". (1)

thorholiday (970488) | about 8 years ago | (#15691327)

As far as I know, the DNS resolution has never been the problem for MySpace loading slowly. It's slow because so many other people are hitting their servers and bandwidth.

Not to mention that it is written in Coldfusion. :P

Re:Adverts? (2, Insightful)

nstlgc (945418) | about 8 years ago | (#15690609)

I'd say mod parent up but it's already modded through the roof. That comment pretty much says it all. Remember what VeriSign pulled just a couple of years ago? This is exactly the same thing, just with some extra beef wrapped around.

Now, I am but a lowly programmer (4, Insightful)

Tim C (15259) | about 8 years ago | (#15690427)

And know little of networking and other sysadmin type subjects, but:

Users who type "wordpres.sorg" or "craigslist.or" into their browser's address field are automatically routed to the correct address, instead of getting a 404 error page.

Since when were DNS lookup failures responded to with HTTP error codes?

Re:Now, I am but a lowly programmer (5, Insightful)

remembertomorrow (959064) | about 8 years ago | (#15690452)

He was probably referring to the fact that Internet Explorer, by default, shows "friendly" HTTP and DNS error messages, such as "This page cannot be displayed."

That part was definitely written incorrectly, but we all know what he meant (I hope).

Re:Now, I am but a lowly programmer (2, Informative)

Tim C (15259) | about 8 years ago | (#15690492)

I assume that that's what was meant, but even that isn't a 404 error. Just because the pages that IE use for lookup failure and 404s look similar doesn't mean that they're the same error condition.

I was under the impression that Wired was relatively technical; perhaps I was wrong. (I've never actually read it, so I could well be)

Re:Now, I am but a lowly programmer (2, Insightful)

M. Baranczak (726671) | about 8 years ago | (#15690583)

I was under the impression that Wired was relatively technical; perhaps I was wrong. (I've never actually read it, so I could well be)


In a nutshell: yes, you are wrong. And you haven't really missed much.

Wired occasionally has something worth reading, but most of it is just fluff and ads for expensive toys. I stopped taking it seriously years ago. Articles like this remind me why.

Re:Now, I am but a lowly programmer (0)

Volante3192 (953645) | about 8 years ago | (#15690466)

Technically it's not the DNS lookup failure, but the browser's GET request that gives a 404. All one in the same to a user though.

Re:Now, I am but a lowly programmer (1)

Entrope (68843) | about 8 years ago | (#15690522)

You fail at English as badly as the article's author. What do you honestly think "one in the same" means? Here, have an "and" -- if you have overdosed on prepositions, conjunctions are an entirely different grammar sensation!

Re:Now, I am but a lowly programmer (1)

Methuseus (468642) | about 8 years ago | (#15690879)

Wow, amazingly when I read the comment I read it as "one and the same" because that's what made sense.....

Guess I'm not as much of a spelling/grammar nazi as I thought.....

Re:Now, I am but a lowly programmer (1)

Tim C (15259) | about 8 years ago | (#15690591)

My point being that the DNS lookup fails - and an error is returned to the user - before the browser ever gets to issue the GET request. Given that this is about a DNS resolution service, they have absolutely nothing whatesoever to do with anything beyond the resolution of the DNS request - their job is over before the GET request is made, as at that point the connection is already established.

You cannot get a 404 for a DNS lookup failure, unless you're using some sort of poorly-implemented web interface to perform the lookup.

Re:Now, I am but a lowly programmer (1)

Volante3192 (953645) | about 8 years ago | (#15690615)

Meh, yea...I should remind myself not to post before caffeine. Stupid thing is I re-read it, previewed...

Then about halfway into the drive to work I realized, "wow...that was idiotic..."

Re:Now, I am but a lowly programmer (-1)

Anonymous Coward | about 8 years ago | (#15690474)

the 404 error page is a generic error page for IE whenever it can't connect to a website. dns problems is one possible problem that can cause this.

Re:Now, I am but a lowly programmer (1, Informative)

Anonymous Coward | about 8 years ago | (#15690538)

I'm surprised at how many people don't actually know what a 404 is. 404 is an HTTP error code, so it is not generated by the browser or the DNS server. It is an error returned by a web server if a request is sent for a document that does not exist. A 404 CANNOT be returned from a DNS lookup failure, because no server was found to give one.

Re:Now, I am but a lowly programmer (0)

Anonymous Coward | about 8 years ago | (#15690893)

Why do people so often write "an HTTP error" when they mean "a HTTP error" ? The letter H, as in "Haich", is a consonant. It's permissible to refer to it as "'aich" where it occurs other than as the first letter of an abbreviation being spelt out (for instance, PHP => "pee-'aich-pee", but at the beginning it should be sounded; "a haich-tee-tee-pee error".

Re:Now, I am but a lowly programmer (0)

Anonymous Coward | about 8 years ago | (#15691176)

It's pronounced 'aitch', except for a few smaller dialects of English (especially those based in non-native English speakers). Adding the 'h' sound to the front to make 'haitch' is generally considered a mispronunciation at best, and nonsense at worst. HTTP is pronounced 'aitch-tee-tee-pee' and therefore is preceded by 'an', rather than 'a'.

You assertion that the position in the acronym changes the pronunciation of the letter makes me think that you were trying to be sarcastic. If that is so, it didn't work and you should practice more.

Re:Now, I am but a lowly programmer (1)

geoffspear (692508) | about 8 years ago | (#15691185)

Well, aren't we 'oity-toity?

Re:Now, I am but a lowly programmer (1, Informative)

Anonymous Coward | about 8 years ago | (#15690475)

The way it must work then is no DNS request fails.

Instead domains that dont exist are resolved to OpenDNS's own web server which redirects them with a 301 response.

It stikes me they are potentially very susceptable to a DDOS attack.

Re:Now, I am but a lowly programmer (3, Insightful)

XenoPhage (242134) | about 8 years ago | (#15690623)

And on top of this, let's all congratulate these guys on breaking the RFCs by "helping" shovel us to the address we "meant" to type in.. Let's not report back an error and help the end user correct their mistake, but transparently forward them so they never know.

And what happens when someone registers wordpres.org? Then where are we? Well, I meant wordpres, not wordpress.. Thanks for sending me where I don't want to be.. A haven for phishers?

Re:Now, I am but a lowly programmer (2, Informative)

bigpat (158134) | about 8 years ago | (#15691354)

And on top of this, let's all congratulate these guys on breaking the RFCs by "helping" shovel us to the address we "meant" to type in.. Let's not report back an error and help the end user correct their mistake, but transparently forward them so they never know.

Google does this with the "I'm feeling lucky" button. A lot of people use this or use google to type in addresses instead of the url bar, beacause it is far more user freindly. Errors are not always good user interface design.

And what happens when someone registers wordpres.org? Then where are we? Well, I meant wordpres, not wordpress.. Thanks for sending me where I don't want to be.. A haven for phishers?

Sure the challenge in running this service would be keeping your list of legitamite mispellings up to date, but to call this a haven for phishers misses their main selling point which is the blocking phishing sites at the DNS level.

There service is probably not going to see great adoption because it really seems aimed at internet novices, but requires them to change their own DNS settings. But I could definately see using their DNS servers for Grandma's PC.

As for breaking RFCs... How is this any worse than most firewall products out there? They allow all sorts of blocking of selected content based on matched patterns, and often block particular web sites without explanantion. At least they are saying for some redirected or blocked content they are going to tell you what just happened and give you some option to go somewhere else.

Though I might think just running your urls through google is preferable, since they will still give you the option of going to the url you intended. But with a site blocked at the DNS level, then the only option might be to type in the IP address and even then that wouldn't allow you to access name based virtual hosts.

This must be better (5, Funny)

tdemark (512406) | about 8 years ago | (#15690430)

But it has to be better, it has "Open" in its name.

Re:This must be better (1)

M. Baranczak (726671) | about 8 years ago | (#15690600)

A few years ago, they would have called it "iDNS". This too shall pass.

Re:This must be better (1)

Pieroxy (222434) | about 8 years ago | (#15690756)

Will it be as successfull as OpenBSD then?

--
Krazy Kat & Ignatz Mouse [ignatzmouse.net]

ISP's will start port blocking 53 (1, Interesting)

winkydink (650484) | about 8 years ago | (#15690440)

much in the same way that many now block 25. This will be in reaction to bots that start using a shadow/private DNS built into the bot. I don't see how OpenDNS survives this emerging trend.

Re:ISP's will start port blocking 53 (0)

Anonymous Coward | about 8 years ago | (#15690641)

much in the same way that many now block 25. This will be in reaction to bots that start using a shadow/private DNS built into the bot. I don't see how OpenDNS survives this emerging trend.
Should my ISP decide to arbitrarily block ports, it will be enough reason for me to immediately switch to a different one (luckily, in my country, there is competition) and I would also strongly advise everyone I know to switch/cancel/not sign up with them.

If I rent an Internet connection, I want an Internet connection not some sort of AOL. That means no blocked ports.

Re:ISP's will start port blocking 53 (2, Insightful)

winkydink (650484) | about 8 years ago | (#15690813)

It's only an issue for a very small number of people. How big was the revolt when port 25 blocking began?

Re:ISP's will start port blocking 53 (1)

Suzuran (163234) | about 8 years ago | (#15691009)

Or port 80 incoming?

(I'm dancing away my posting delay, moving my fingers so the post might work, I'm kinda like Linus, but not in a productive way...)

Interesting (2, Insightful)

kjart (941720) | about 8 years ago | (#15690444)

The main advantage appears to be that they will prevent you from opening known phising sites. In terms of being faster, I'm not sure how they would be faster than my ISP since my ISP's DNS servers are presumably much closer to my machine than theirs. Any idea how they could make claims like that? Also, though the summary mentions foiling spammers, I saw nothing about that in the article. From the sound of the post, I thought this was something like SPF [openspf.org] even though that doesnt seem to be the case at all.

Re:Interesting (3, Insightful)

vtechpilot (468543) | about 8 years ago | (#15690563)

Here is how the faster claim works. Say there is a 150ms round trip between you and your ISP's name server. You computer requests the IP for www.slashdot.org. If you are lucky then www.slashdot.org is in the name server's RAM cache, and you get a fast response in just a little over 150ms. If not (and for the majority of websites, its not) then the name server has to search its disk cache (this is where it is most likely to be. If its still not found, then your ISP's server has to look up slashdot.org with the root servers, and get the name server for that domain, and next it has query the dns server for slashdot.org to find the machine named www. each of these taking more time.

I presume what they do is have machines with loads of RAM (how many dns entries could you keep in say 4GB anyway?) and try to serve as many requests as possible from a RAM cache rather than disk cache. Thats my guess anyway.

Re:Interesting (1)

guy-in-corner (614138) | about 8 years ago | (#15690744)

Yeah, because the performance hit between my machine and the DNS server is the DNS server's disk...

Re:Interesting (1)

RedHat Rocky (94208) | about 8 years ago | (#15690933)

"If you are lucky then www.slashdot.org is in the name server's RAM cache, and you get a fast response in just a little over 150ms. If not (and for the majority of websites, its not)"

All the more reason to run your own local DNS cache: it will have cached answers YOU are most likely interested in and be a faster link than your ISPs.

An even better reason to run your own cache (not just forwarding to your ISPs nameservers) would be trust. Do you trust your ISPs cache to be secure and free from DNS poison? I sure don't.

Shameless plug: http://lifewithdjbdns.org/ [lifewithdjbdns.org]

It's just a cacheing DNS service... (4, Insightful)

Anonymous Coward | about 8 years ago | (#15690448)

Your ISP probably does the same thing already. These guys claim to have a much bigger cache, so they're more likely to have cache hits than misses.

They also offer ads & search results for non-existent domains, and they claim they will filter out phishing sites.

Not really a big deal though even on a cache miss, a DNS query doesn't take that long.

Better how? (5, Insightful)

Anonymous Coward | about 8 years ago | (#15690458)

A broken, non standards compliant DNS isnt a better DNS, it's a crippled DNS. The phishing and scamming is more of a social problem than a technical problem. The last thing i want is for some DNS host to filter my queries. The open part of open_dns is a farce. This is a commercial venture trying to make a profit by skirting around well defined standards. OpenDNS will be plagued with problems like people who run the dns getting nice kick backs from scammers to keep domains from being filtered, etc. There will be false blocks by accident etc. OpenDNS would have the ability to push companies and personal sites around. Who knows what the OpenDNS people are catering to. What if they catered to the Christian right, and started blocking non wholesome content, etc. This is a bad idea people. -koft

Re:Better how? (3, Interesting)

Vorondil28 (864578) | about 8 years ago | (#15690661)

I believe this would qualify as a hack. [catb.org]
Hack
1. n. Originally, a quick job that produces what is needed, but not well.
...
In this case, the real problem is the people behind the scams, but to fix it they're mucking a system that already works beautifully now.

But in the end, no one is being forced to use it. This won't have any affect on the current system, so whomever they "cater to" won't matter to the overwhelming majority of people who stick with vanilla DNS.

Not going to work (2, Informative)

andrewman327 (635952) | about 8 years ago | (#15690459)

From TFA: "The OpenDNS system, which will open its servers to the public Monday, wants to be a more user-friendly name resolution service than those provided by ISPs, with technology to keep fraudulent sites out of its listings, correct some typos and help browsers look up web pages faster.


These are such lofty claims that I doubt they will be able to live up to them. I like the idea that competitive services will appear, but if that happens I believe that OpenDNS will be a big loser.

Re:Not going to work (1)

Ougarou (976289) | about 8 years ago | (#15690554)

I think there already is a competitor, called Google Web Accelerator (DNS requests are also placed on that proxy service). If not that, then Google Safe Browsing has a service whith almost the same result.
If this works (at all) then they, in a sense, already defeated all competition.

Ahh, yes, YARDNS (4, Insightful)

wowbagger (69688) | about 8 years ago | (#15690462)

Ahh, yes - Yet Another Root Domain Name System, like AlterNic.

One that also does redirection in the case of an invalid domain name, thus breaking code (like mail servers) that rely upon being able to detect bogus domains.

One that requires users to change their DNS settings, with all the attendant breakage and difficulties for troubleshooting.

One that will ALSO load down the upstream DNS servers, since the users won't be using their ISP's name servers.

And I am sure their policy of blocking spammy sites' resolution will sit very well with the Slashdot Zeitgeist.

Yes, I am sure this will be a spectacular success, just like AlterNIC is.

Re:Ahh, yes, YARDNS (1)

Entrope (68843) | about 8 years ago | (#15690543)

Answering for missing top-level zones was such a resounding success when Network Solutions tried it that everyone else decided they had to get in on the action! Don't blame these cutting-edge Internet Innovators And Entrepreneurs just because they beat you to the punch (bowl)!

Re:Ahh, yes, YARDNS (1)

The Cisco Kid (31490) | about 8 years ago | (#15691167)

I'm not saying this is terribly useful, but one difference between this and what Verisign/NSI did is that you dont HAVE to use this, you can continue using your ISP's, or your own, etc. Verisign made the changes directly in the authoritative .COM and .NET, giving you no choice (well, unless you or your ISP updated to the newest BIND which allowed you to enforce 'delegation-only' for .com and .net)

DNS needs to be dumb, not smart (5, Insightful)

Bloodwine77 (913355) | about 8 years ago | (#15690471)

If people want to filter out bad sites and auto-correct bad URL's then that sounds like a job for a client-side application, not for DNS servers. DNS does one thing and it does it well: it acts like a phonebook for IP addresses. There is no bias in its resolutions. Keep it simple and let it do its job without red tape.

Re:DNS needs to be dumb, not smart (1)

HugePedlar (900427) | about 8 years ago | (#15690532)

This'll probably be about as popular as MS Word's Autocorrect, and not nearly as easy to turn off.

Re:DNS needs to be dumb, not smart (4, Funny)

PeeAitchPee (712652) | about 8 years ago | (#15690572)

that sounds like a job for a client-side application

Yeah, my buddy turned me on to this great FREE program called Cool Web Search . . . it keeps track of all of my passwords too!

On another note -- does anyone know why my PC runs so slow now? I think there's something wrong with my Yahoo.

Re:DNS needs to be dumb, not smart (1)

munkay (942872) | about 8 years ago | (#15690773)

Indeed.. this seems to be a 'solution' aimed at web users only, but dns affects a lot more than that.
Some sort of browser url validation plugin seems a lot better solution to me.

Its basically a DNS server with a big cache (3, Informative)

mpetnuch (717102) | about 8 years ago | (#15690472)

Service is pretty cool for people who can't run Bind (or something similiar). However for those that can, I am guessing its probably just as effective as running a caching only DNS server and maybe Squid to emulate their phishing blocking (assuming you have access to known phishing sites). As a matter of fact, the local version should be even faster (although the cache will obviously be smaller so there is a tradeoff). Off the top of my head, I am not sure how you could do the spell checking. Does Bind have a similiar option?

Re:Its basically a DNS server with a big cache (0)

Anonymous Coward | about 8 years ago | (#15690608)

PowerDNS [powerdns.com] is a nameserver that uses a backend structure, there are backends for most RDBMS and BIND zonefiles, but it would be perfectly possible to write a backend for it that does spellchecking.

On top of that it has a separate recursing nameserver component that's 64000 times harder to spoof than BIND. We've been using it for quite a while now (large ISP) and never looked back.

oingo.com is the source of much typo squatting (-1, Offtopic)

winkydink (650484) | about 8 years ago | (#15690477)

Note that a search on Google for oingo.com returns nothing. Try, say, Yahoo. See what you get back.

Now why, do you ask, does Google not have any info on oingo,com? Well, whois tells us that oingo.com is owned by Google.

Don't be evil. Yeah, right.

Re:oingo.com is the source of much typo squatting (1)

WedgeTalon (823522) | about 8 years ago | (#15690542)

That's not uncommon when doing a search for an actual domain name on google. Try searching on just "oingo".

Re:oingo.com is the source of much typo squatting (0)

Anonymous Coward | about 8 years ago | (#15690545)

http://www.google.com/search?q=oingo [google.com]

Plenty of results...actually the top one is the redirected domain.

It's because it's a 301 redirect to another domain (0)

Anonymous Coward | about 8 years ago | (#15690556)

How sinister! The real domain is appliedsemantics.com, for which there is much information.

Re:oingo.com is the source of much typo squatting (1)

Eeeeegon (71595) | about 8 years ago | (#15690557)

Try the Google search with "oingo.com" surrounded by doublequotes. You'll see plenty of results.

Re:oingo.com is the source of much typo squatting (0)

Anonymous Coward | about 8 years ago | (#15690560)

When i search google for oingo, i get applied semantics first result (formerly known as oingo) and some random shit on oingo boingo and redirects.

when i search yahoo i get a bunch of shit on oingo boingo, and a link to applied semantics.

conspiracy theory successfully foiled.

Re:oingo.com is the source of much typo squatting (1)

supersnail (106701) | about 8 years ago | (#15690564)

I did a search for oingo on google and yahoo and got a pretty much identical list.

The home page redirects to "applied semmantics" which prodly boasts of being bought by google.

Whats your beef?

 

Re:oingo.com is the source of much typo squatting (0, Offtopic)

Ougarou (976289) | about 8 years ago | (#15690634)

Google is already evil:
  • They are domain squatters and facilitators of it
  • They allow large amount of AdSense ads leading to sites to rip you off (selling single page PDF files for $30+)
  • It's hard to report copyrighted material on Google Video
Greed has taken over, slowly but surely.

Until it's available... (2, Insightful)

Cocoa Radix (983980) | about 8 years ago | (#15690486)

Until it's available, I'm going to have an "I'll believe it when I see it" attitude, which, surprisingly, is normally the right thing to do with news like this.

I give it 2 weeks (3, Interesting)

Intron (870560) | about 8 years ago | (#15690491)

How long until the service is sued by either
  • A user who it fails to block from a phish site, or
  • A "legitimate" business that gets blocked?

Its one thing to supply facts, but this service is editorializing DNS. I think they are leaving themselves open to attack based on their choices.

servers too far away! (4, Insightful)

muftak (636261) | about 8 years ago | (#15690514)

So using DNS servers that are 23 hops and 170ms away from me is meant to be faster than using ones 4 hops and 5ms away? Think they need some sort of distributed system with servers in every country, and some good peering.

Re:servers too far away! (1)

munkay (942872) | about 8 years ago | (#15690603)

Not only is the speed bad from here (.nl)...
I also wonder about reliability with only two servers sitting on the same network.

Neither new nor useful (5, Insightful)

mxs (42717) | about 8 years ago | (#15690534)

This POS is neither new nor newsworthy nor useful, at least not for the reasons they try to sell it to you for.

An alternative-root DNS system will never work (since Critical Mass is impossible to attain).

Myspace will not get faster. Whoever made you believe that is selling snake oil, too.

In fact, your DNS will actually slow down by a good bit; at least if you belong to the majority of the world (unlike root DNS servers, which actually deliver geographical and network dispersion). The big cache they are so proud of will create lots of problems if they actually do it differently from regular DNS resolver caches that you have at every major (and minor) ISP -- and those will be a lot closer to you than OpenDNS ever will.

Fixing typos is a double-edged blade. Sure it's nice if slashdo.torg works. How about whitehouse.gom, though ? And who decides that microsaft.com is really typo-squatter ? (They might just make nice juices !)

Their business model is funny, too. They sell advertisement for search pages in case they can't figure out where you want to go. This is hilarious, really. The selling point is that it can send you to the right page when you make a typo, but not figuring out what a typo was supposed to mean makes them more money. Hrrm. The better they become at their game, the less money they get ! Brilliant !
(Not to mention that this is precisely what got Verizon into hot water with their SiteFinder crap).

How on earth will OpenDNS stem the tides of spam ? Even IF it had a chance doing that purely with DNS, if it was relevant at all Spammers would find a way to make it inconsequential.

Last, but not least, their company is small. There is no oversight. I don't know whether I want to trust a group of 20 people to decide who is an abuser and who is not. I'd rather have hundreds of parties involved in the process, providing a stable balance to one another. (Fun scenario : OpenDNS gets bought out by DirectRevenue.com, starts redirecting EVERY DNS request to their own servers, encasing every website with a nice adbar. Oops. (points for doing it after attaining critical mass).

Re:Neither new nor useful (0)

Anonymous Coward | about 8 years ago | (#15690664)

That was Verisign, not Verizon.

Re:Neither new nor useful (1)

drrngrvy (873112) | about 8 years ago | (#15690679)

I think the typo-fixing only refers to the top-level domain, not anything else. I'm guessing that's the only way they can avoid blocking valid sites. See how the examples on the site don't imply any intelligent typo-fixing? So, slashdo.torg would probably just be redirected to slashdo.org (and maybe you'll even be lucky enough to get some FREE advertising out of it?!)

Re:Neither new nor useful (0)

Anonymous Coward | about 8 years ago | (#15690718)

(Not to mention that this is precisely what got Verizon into hot water with their SiteFinder crap).

Verisign. NetSol...

Re:Neither new nor useful (5, Interesting)

davidu (18) | about 8 years ago | (#15691232)

This POS is neither new nor newsworthy nor useful, at least not for the reasons they try to sell it to you for.

Well, to be fair, you're responding to the article and not the service. But I'm going to go through and answer each of your points because this post seems to cover a lot of the really important topics.

An alternative-root DNS system will never work (since Critical Mass is impossible to attain).

I couldn't agree with you more and we are *NOT* an alternate root. If you are using our service, you are using the real ICANN assigned roots. Period. Full Stop.

OpenDNS is new particularly because of how we do what we do. We have built a recursive nameservice. That means that we are making the changes only for a client and not for the entire Internet. The article, while good at trying to cover a hard topic, fails to mention that not only are we opt-in but we can set preferences for different users.

So if you don't want us catching typos, we won't. If you just want straight, normal DNS that's just using a bigger and faster cache, that's just fine by us. We aren't going to mess with you later for deciding that you just want a more reliable DNS. But when you setup your neighbor or mom or brother or friend you might decide they are better off with an added layer of security. The choice is, of course, yours and always will be.

Myspace will not get faster. Whoever made you believe that is selling snake oil, too.

First, MySpace is just an example, of course. It does like 10 DNS requests on the homepage loading web,ad,image server FQDNs. But to respond, empirical evidence thus far (from really smart people) would disagree with that statement. Hopefully we'll have some good and more scientifically grounded data soon. If you want to help out with that, let me know.

In fact, your DNS will actually slow down by a good bit; at least if you belong to the majority of the world (unlike root DNS servers, which actually deliver geographical and network dispersion). The big cache they are so proud of will create lots of problems if they actually do it differently from regular DNS resolver caches that you have at every major (and minor) ISP -- and those will be a lot closer to you than OpenDNS ever will.

Most resolvers tend to churn through their cache long before TTLs expire so what you're saying isn't exactly true. In many instances most recursive DNS servers toss out a bunch of glue that is consistently being re-fetched. While it's important to respect TTLs (and we absolutely do), it's also important to keep stuff in your cache to get the benefit of the TTL that was set by the zone owner. That's not happening and that's making your DNS not perform well. And it's more than just adding more ram to the system. DNS is 20 years old and it's now a quite critical piece of infrastructure. It's beautiful in many ways, but one way in which it isn't is with how resolvers work. Really, nobody has ever spent much time working on making a killer resolver until recently.

Fixing typos is a double-edged blade. Sure it's nice if slashdo.torg works. How about whitehouse.gom, though ? And who decides that microsaft.com is really typo-squatter ? (They might just make nice juices !)

We don't redirect typos like that. We have a ton of requests to do that, but we don't yet for exactly the reason you point out. It's a tough road to go down, and if we do it, it'll be a preference you set with a little checkbox or something. Not a choice I should be making for you. Our goal is to empower you to control what used to be this black box of a memory structure in a DNS server and add some transparency to it for you. That was lost a bit in the article as it focused mostly on the security aspects of our service but there's more; much more.

Their business model is funny, too.

People said that about EveryDNS too (and shareware before that) and yet we're still here, well respected, and doing just fine.

They sell advertisement for search pages in case they can't figure out where you want to go. This is hilarious, really. The selling point is that it can send you to the right page when you make a typo, but not figuring out what a typo was supposed to mean makes them more money. Hrrm. The better they become at their game, the less money they get ! Brilliant !

I think there's value in securing the Internet and I've always found that you can both do something positive and make money at the same point. I'm not as worried about that part as I am about getting users like you to understand how this is fundamentally different from what's happened in the DNS space in the past.

Last, but not least, their company is small. There is no oversight. I don't know whether I want to trust a group of 20 people to decide who is an abuser and who is not. I'd rather have hundreds of parties involved in the process, providing a stable balance to one another.

Good point, I think we're gonna launch PhishTank.com [phishtank.com] to take care of that. Not only will it be a clearing house with a fully open license and API for people to use in their applications (spamassassin, log parsers, firewalls, etc) but also provide a layer of transparency into what we are and are not blocking.

(Fun scenario : OpenDNS gets bought out by DirectRevenue.com, starts redirecting EVERY DNS request to their own servers, encasing every website with a nice adbar. Oops. (points for doing it after attaining critical mass).

Well, I can't predict the future, but I know my past, and it's pretty readily available for you to look up too so I encourage you to do that. That said, Verisign was able to abuse people because they had a monopoly on the com/net zone management and registry. I don't have that. My users are my most valuable asset and so I can't do anything to mess around with them. That's why we're providing them a net-benefit, and not a net-takeaway. Read our privacy policy. In the age of AT&T and others being accused of spying on you and saying they own your data, we don't play that game.

We're more transparent than I think you've given us credit for. Check out our privacy policy and try the service and then let me know what you think. I'm happy to answer any other questions you have.

--David

faster? (5, Informative)

mtenhagen (450608) | about 8 years ago | (#15690549)

I did a quick test:

- DNS query -

- dutch hosted .org -

opendns
  Query time: 1228 msec - they have to query upstream
  Query time: 261 msec
  Query time: 192 msec
  Query time: 192 msec
  Query time: 193 msec

my isp
  Query time: 74 msec - they have to query upstream
  Query time: 29 msec
  Query time: 30 msec
  Query time: 29 msec
  Query time: 29 msec

- us hosted .net -

opendns
  Query time: 380 msec - they have to query upstream
  Query time: 192 msec
  Query time: 193 msec
  Query time: 193 msec
  Query time: 193 msec

my isp
  Query time: 184 msec - they have to query upstream
  Query time: 29 msec
  Query time: 30 msec
  Query time: 29 msec
  Query time: 29 msec

- Ping test -
Ping to open dns: 192ms
Ping to my isp: 29ms

- Conclusion -
The dns repsonse is the same as the ping so they will never get faster then my isp.

Re:faster? (0)

Anonymous Coward | about 8 years ago | (#15691337)

wow that's a sweet hosting deal. basically it works out to 1 yr of service for $23 after discount, or 2 years for $142 after discount

Early Bird (1)

Joebert (946227) | about 8 years ago | (#15690553)

The OpenDNS system, which will open its servers to the public Monday

I get the feeling Monday will be a good day to go to the beach.

So much negativity! (2, Insightful)

daitengu (172781) | about 8 years ago | (#15690558)

I can understand why slashdot geeks wouldn't want their DNS servers messed with, I'm among you, however most of the internet users out there aren't nearly as computer literate as we are, and this service I believe would be really good for them. Netcraft has been trying to fight the good fight against phishing and scamming sites for a long time, and here's a group of guys who are really blocking them at the source.

I applaud their efforts, while it may not be for me, I think a lot of people are going to find it very useful.

Re:So much negativity! (4, Informative)

99BottlesOfBeerInMyF (813746) | about 8 years ago | (#15690666)

I can understand why slashdot geeks wouldn't want their DNS servers messed with, I'm among you, however most of the internet users out there aren't nearly as computer literate as we are, and this service I believe would be really good for them.

Most internet users don't know or care what a DNS server is. For this to succeed you need to capture the hearts and minds of the ISPs. Luckily for them, ISPs are very concerned about DNS right now as it is critical, somewhat vulnerable, and they are lacking visibility into it. Unluckily for them, the entrenched players have all started jumping on this and providing real solutions. Why block all requests to a DNS name when legitimate researchers and security people might need to get there? What about when a cracked server that still hosts legitimate content as well? what about when the FQD is a forum with 99% legitimate traffic and 1% worms and phishing?

This solution is a shotgun where a scalpel is needed. Block worm traffic as detected by the DNS request, not all traffic to that domain. Also, contrary to what people seem to be thinking here, the main DNS issue is not worms or phishing (ISPs don't care that much) but they do care about large chunks of their traffic to the DNS servers coming from misconfigured servers repeatedly querying them. Since, in many cases, these servers are their own, blocking them with a fancy, broken DNS server is not the best plan. Redirecting other ISPs' server to an ad a million times a day will not yield any long-term profit (since no person sees them) Rather, fixing their own servers and notifying others/filtering at the peering edge is the way to go. Since ISPs are now able to do that, I foresee a large yawn when operators see OpenDNS (what a misleading name, kind of like OpenXML).

Re:So much negativity! (1)

rkowen (135560) | about 8 years ago | (#15691206)

I'm amazed at the amount of vitriol over OpenDNS's offering also. You don't have to use it if you don't want to.
I guess I'm a little more trusting of them, because I use their other service http://www.everydns.net/ [everydns.net] which provides FREE DNS service. They're one of the few that do (the only one I found at the time that actually worked and was updateable). So I can get my domains from GoDaddy.com for cheap and have the DNS served via EveryDNS.net for free (you can contribute if you want, I kick them about $20/yr).

I don't notice any performance problems, because I run my own local caching named server where the forwarders are set to the OpenDNS servers. But I like the that they will resolve misspelled domains. I haven't really used any of the anti-phishing aspects ... I generally don't fooled that way.

DNS currently sucks... (1)

14CharUsername (972311) | about 8 years ago | (#15690580)

But this is not the solution. The anti-phishing stuff will be good. The typo stuff seems interesting, but their business model seems to benefit more by not finding the typo. But no different from IE redirecting people to MSN, I guess.

But the extra large cache is going to be a problem. If I'm using DNS to distrbute load its going to screw things up. What if I simply want to change a website to a different server? What if my primary connection goes down so I have point the DNS to a differnt IP?

If you cache stuff too long it makes problems. Anyway, I don't think it takes that long to do a dns lookup anyway, does it?

What we really need is a DNS system that can return multiple IP addresses and a code to indicate how to use them (ie, randomly select one or use the first unless it fails then fallback to the next one). And maybe have some "root" servers which contain only changes, so that servers could check them periodically and know what needs to be updated, and use the cache for everything else. Then we can have load balancing, and DNS servers could safely keep stuff cached for longer periods of time.

Of course, this would require everyone to change their DNS servers and their browsers, so it isn't likely we'll see DNS imrpoved anytime soon.

Re:DNS currently sucks... (3, Insightful)

CoolVibe (11466) | about 8 years ago | (#15690701)

If I'm using DNS to distrbute load its going to screw things up. What if I simply want to change a website to a different server? What if my primary connection goes down so I have point the DNS to a differnt IP?
The zone serial number takes care of that. I tested if they mess with the round-robin nature of looking up A records, but that still seems to work just dandy.

Re:DNS currently sucks... (2, Informative)

Bogtha (906264) | about 8 years ago | (#15690713)

What we really need is a DNS system that can return multiple IP addresses and a code to indicate how to use them (ie, randomly select one or use the first unless it fails then fallback to the next one).

RFC 2782 [ietf.org] . I quote:

The SRV RR allows administrators to use several servers for a single domain, to move services from host to host with little fuss, and to designate some hosts as primary servers for a service and others as backups.

It doesn't require any DNS infrastructure changes, but clients need to support it. For example, Firefox and Mozilla don't support it [mozilla.org] .

Coordination with Spamhaus? Count me OUT... (-1, Flamebait)

Anonymous Coward | about 8 years ago | (#15690594)

Spamhaus is the most unreliable blackhole list I've ever seem. I'm amazed at how many people take that damn thing seriously. Their service is rife with collateral damage and Linford and his posse just don't care. In fact, there are at least two of his goons in the US that accept bribes on his behalf to get off their list, assuming you're not the most egregious spammer on earth that is. I had a run-in with these thugs once. After the six month saga of clandestine phone calls and back-alley dealings to get off their SBL/XBL, I tell everybody to not trust Spamhaus as far as they can throw it. Terrible people, absolutely terrible.

Tied DIRECTLY to the NSA (0)

Anonymous Coward | about 8 years ago | (#15690628)


Hello !! NSA ?? Can you please connect me to Abdul Someassahola ??

The really cool part is ... (1)

WindBourne (631190) | about 8 years ago | (#15690787)

they are located next to where the NSA operates its spyware on top of ATT. Hmmmmm, I wonder ...... With a centralized DNS, this will make for a nice way to control the internet.

Personally, I have one word: Next.

Is caching a good thing? (1)

b0s0z0ku (752509) | about 8 years ago | (#15690884)

Sites can periodically change their IPs. Is some kind of testing included in the caching app that makes sure that the cached IP numbers still work? And, even if the testing is periodic, will sites that change their IP numbers be broken longer than the usual propagation time of changes?

And they'dk *better* not cache *.homeip.net and *.dyndns.com.....

-b.

Re:Is caching a good thing? (2, Informative)

The Cisco Kid (31490) | about 8 years ago | (#15691126)

*All* recursive DNS servers/resolvers do caching. They also obey something called 'TTL' for records when doing so, and dynamic-IP services such as those you refer to set a suitably short TTL so as to cause caching to expire appropriately.

That they cache data isn't really that noteworthy, its more them calling attention to it in their marketing more than anything else. Perhaps they have configured their servers to support a very large cache, so that it doesnt have to delete anything until the TTL does call for it to expire.

Really the more useful part of this (for the average used) would be the blocking of known phish sites and/or typo correction, than the caching. And to be honest, I don't see that greate a value in it. For myself, I run my own DNS servers (both authoritative for my personal domains, and recursive for my workstation[s])

Re:Is caching a good thing? (1)

b0s0z0ku (752509) | about 8 years ago | (#15691312)

Really the more useful part of this (for the average used) would be the blocking of known phish sites and/or typo correction, than the caching. And to be honest, I don't see that greate a value in it.

Nor I. AFA phish scams, I type the (bank or whatever) site name into the browser myself - I don't click on links asking for account information in emails. Typo correction? What's the big deal about getting an error message that the named site doesn't exist and for you to reenter the name? What if you were looking for macrosoft.com, whose DNS reg has expired, so you get routed to Micro$oft.com with no questions asked?

-b.

More user-friendly? (1)

houghi (78078) | about 8 years ago | (#15691027)

to be more user-friendly than your ISP's DNS.


How can that be. With my provider I connecet with DHCP and I am done. All I need is my login and my password and ut works. I would love to see how they make it more user-friendly.

Danger to Net Neutrality? (0, Offtopic)

rickatnight11 (818463) | about 8 years ago | (#15691056)

Although I don't know if this was the intention, something about this article gets my Net Neutrality Sense tingling. Couldn't any particular organization take advantage of this with enough money, or couldn't domains just start paying to obtain priority?

And the Weiner is... (1)

eno2001 (527078) | about 8 years ago | (#15691109)

...the people who buy this service.

Honestly, I always tell users that DNS is like 411 for computers. Just like people, they don't know someone they've never met before so they need a directory. Hence the raison d'etre for DNS. So if someone handed you the name of a person or business you don't know and says, "call them" but doesn't give you their phone number, what do you do? You either look in your phone book (Caching DNS which COULD be out of date) or... you call 411. Now, how would you like it if some third parties who weren't telcos started selling you "premium 411" service? I didn't think so. That's all this amounts to. You know that when third-parties jump in providing services they have no business providing, both you (the customer) and you (the legitimate DNS provider) are in for trouble. The customers are going to wind up being held hostage by this new premium service should it become lucrative. If the premium DNS service provider decides that it doesn't like the Democratic presidential candidate, they could set up a longer update cycle on those records just in case any last minute DNS changes happen... And the customer, not understanding that their ISP isn't to blame will call the ISP or the IT dept at work and start bitching to them about how "the internet is broken again". I can't really see this taking off anyway. And the concept that this is the way to stop phishers is laughable. I think this story should have been filed under humor. Maybe I'm just getting old at 36...

False sense of security (2, Insightful)

fishbot (301821) | about 8 years ago | (#15691309)

FTFA: "Those who click on a link in a phishing e-mail that attempts to take them to a fake site and con them into entering their credit card number won't even make it to the website, if OpenDNS knows about it."

A false sense of security is worse than no security at all. "if OpenDNS knows about it" indeed ... so when can the user trust that OpenDNS has successfully caught the phishing attempt, and when should they check that it has failed? The answer is simple; they should perform the same checks WITH OpenDNS as without, except now there will be a whole raft of users who don't know that and the phishing will get worse.

The road to Hell is paved with good intentions ...
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...