Surf The Internet Faster with OpenDNS

Posted by on Wed, July 18, 2007

▼ A d v e r t i s e m e n t

OpenDNS logo

So you want to surf the Internet faster? Ever heard of OpenDNS? I have been using OpenDNS for a week now to test its performance. So far it has not let me down, and the name resolving rate is satisfactory.

What is DNS?

DNS stands for Domain Name System. As you might already seen before, the Internet is made up of numbers called IP numbers that looks like XXX.XXX.XXX.XXX. The responsibility of DNS is to resolve the domain names you insert into the address bar into these numbers so that your computer can connect to the server hosting the contents you are looking for.

Every ISP has their own DNS to serve their customers. For example TMNET in Malaysia has two most common DNS servers: 202.188.0.133 and 202.188.1.5. These IP numbers are sent to your PC or your modem-router when you connect to the Internet. It works the same for any other ISP on the face of the world.

DNS eliminates the need for you to remember IP numbers which can be very long, especially when IPv6 is just around the corner.

DNS by Example

To arrive at this page, your address bar will contain http://www.romantika.name/v2/…. At this moment your PC will query the default DNS server and looks for the IP. The DNS server, looks at it cache and sees whether it already knows the IP and if found it will send the IP to your PC immediately. If not, the DNS server will ask the authoritative DNS server for the domain where in this case it will be NS5.SECURESERVER.NET and NS6.SECURESERVER.NET, then returns the number 68.178.254.5 to you. This is where this site is hosted.

What is OpenDNS?

OpenDNS is a free service, where millions of users around the globe requests names to be resolved. Be aware, however that your ISP might block DNS queries from individual PCs to any other DNS servers than their own. It is dumb but some of the ISP do it.

Can OpenDNS Speed Up My Internet Connection?

It can’t. The only thing that OpenDNS will speed up is the initial connection when your PC is trying to resolve numbers from any given domain names. What happen is that since OpenDNS is used by many and it have a huge cache, queries made are returned immediately so your PC does not have to wait. Also it helps if your ISP DNS is slow. Using OpenDNS speeds up the initial query so you’ll notice a difference in loading time.

How to Set Up OpenDNS on a PC?

You can see what DNS servers your machine is using by going to Control Panel > Network Connections > Select your default connection > Select the support tab > Click on button Details…. You should see the DNS Server.

To change it to use OpenDNS, Control Panel > Network Connections > Select your default connection > Click the Properties button > In the list select Internet Protocol (TCP/IP) > Click the Properties button > Select Use the following DNS server addresses > Enter the DNS server addresses 208.67.222.222 and 208.67.220.220

Please be aware however that you need administrative privilege to make these changes, and the firewall at your location allows queries to external DNS servers. If in doubt you may ask your system administrator, or better still if they have a local DNS server set up ask them to use OpenDNS as the master DNS servers.

Other Interesting Facts

OpenDNS has a database of bad sites consisting of phishing sites (by default) and adult sites (free registration required). If your PC is set up to use OpenDNS all of these can be blocked without any effort at your end. All that is needed is for you to be sure no one but you can bypass the settings and use other DNS servers. For example I set up my router to use OpenDNS in its local DNS server, and blocks any other DNS queries to the Internet. This way I am sure that my local network is safe from any malicious contents. This is an advanced (and technical) topic so I am not going to write it in here unless there’s any request.

OpenDNS does have instructions on how to use OpenDNS for many devices here. However you need to be smarter than your users to totally block other DNS queries except to OpenDNS servers.

Conclusion

OpenDNS is a good effort to provide quality DNS services to the masses. In the beginning of this article I mentioned that it has provided me good speed, not great mainly because the servers are located in the US and one in UK. International speed from TMNET is generally unpredictable so until OpenDNS setup a server in Asia, we get good speed, not great 😉

Here are the current servers:

  • New York, New York, USA
  • Palo Alto, California, USA
  • Seattle, Washington, USA
  • Washington, DC, USA
  • London, England, UK

Give it a try and let me know what you think.

Related Posts with Thumbnails

Facebook Comment

WARNING & REMINDER: Comments are moderated and there is no exception. Comments unrelated to the post, too short, using phoney emails or funny names, will be marked as spam. Foul languages are filtered as spam. Your email will never be displayed on this site. If you would like to receive replies, use a valid email address and check the subscription box below.
 
  • Thanks for the kind words. We’ve had some requests from people who want to set up their network so that the OpenDNS settings on the router are the only ones used (not worked around on individual computers). If you do have more details, I’m curious.

    John Roberts
    OpenDNS

  • ady

    Hello John thanks for visiting.

    To achieve OpenDNS-only settings on any network, we have to consider 2 things:

    1. Users ability to query non-OpenDNS DNS servers
    2. How DNS servers are configured on the network

    Explanation:

    1. A router must be able to block connections to port 53 TCP and UDP to anywhere except 208.67.222.222 and 208.67.220.220. This can be achieved by the router’s ACL or built-in firewall. If there exists a perimeter firewall it will work too. So even if users are able to change their DNS settings they will fail to resolve anything if they set different DNS server IPs.

      An example in iptables that runs on the router is as follows:


      iptables -A FORWARD -p udp -m udp -d 208.67.222.222 --dport 53 -j ACCEPT
      iptables -A FORWARD -p tcp -m tcp -d 208.67.222.222 --dport 53 -j ACCEPT
      iptables -A FORWARD -p udp -m udp -d 208.67.220.220 --dport 53 -j ACCEPT
      iptables -A FORWARD -p tcp -m tcp -d 208.67.220.220 --dport 53 -j ACCEPT
      iptables -A FORWARD -p udp -m udp --dport 53 -j DROP
      iptables -A FORWARD -p tcp -m tcp --dport 53 -j DROP


      This will effectively block any DNS queries to anywhere except OpenDNS servers.

    2. Two most common scenarios exist (other possibilities may exist depending on the network configuration):
      • If DNS settings are pushed by DHCP, OpenDNS IPs can easily be pushed to user machines. That is if there is no local DNS running, and all machines are supposed to make their own queries directly to the Internet. In this configuration, the above mentioned firewall rules can be used.
      • If there is a local DNS, then it is much simpler. I use this to cheat my way into saving more bandwidth as the local DNS caches queries. In this case nobody is allowed to make DNS queries except to the local DNS (local IP number). And the local DNS should be set to use OpenDNS servers as their upstream DNS servers. Most routers will automatically use this after the static DNS settings have been set.

        An example in iptables that runs on the router is as follows:


        iptables -A FORWARD -p udp -m udp --dport 53 -j DROP
        iptables -A FORWARD -p tcp -m tcp --dport 53 -j DROP


        This will effectively block any DNS queries to anywhere except local DNS server (in the same LAN segment). If the local DNS server is in a different LAN segment, the 2 lines below can be added before the two lines above:

        iptables-A FORWARD -p udp -m udp -d $LOCAL-DNS-IP --dport 53 -j ACCEPT
        iptables-A FORWARD -p tcp -m tcp -d $LOCAL-DNS-IP --dport 53 -j ACCEPT

        Replace $LOCAL-DNS-IP with the actual IP number of the local DNS server.

    The results from iptables/firewall settings mentioned above can actually be achieved by using any access restriction mechanism that is available in modern routers. You only need the router’s manual to see how to block DNS queries to anywhere except to OpenDNS = block TCP and UDP connection to port 53 but allow to 208.67.222.222 and 208.67.220.220.

    There is however, a problem when implementing this on my WRT54G v2.2 running DD-WRT v23 SP2 because the ISP DNS is used as the 3rd DNS and used by dnsmasq. Since DNS are round-robin, sometimes I get OpenDNS and sometimes I get my ISP DNS. There is a workaround for this but it requires a bit of scripting knowledge to understand. If anyone ever encounter this problem do let me know 😉

  • I used to use OpenDNS while I was on PenangFON in Penang but since moving back to streamyx I have been forced to move back to the default streamyx DNS servers as the lag time to the US is ridicules.