Musings on IT, data management, whitewater rafting, and backpacking

Thursday, October 21, 2010

Love OpenDNS!

I've been using free OpenDNS Basic at home for many months now.

We recently switched our Comcast visitors network at work to OpenDNS FamilyShield to enhance visitor security and reduce our liability for visitor misbehavior.

Our main corporate network has a Rube Goldberg DNS design so we can't touch that.

OpenDNS blocks lots of "bad" web sites, it's easy to setup (especially FamilyShield), and the Basic account gives me lots of flexibility.

At home I block many ad-serving domains to reduce the annoyance of ads, and reduce our vulnerability to ad-hosted malware.
  • admeld.com
  • apture.com
  • atdmt.com
  • constantcontact.com
  • dinclinx.com
  • doubleclick.net
  • googleadservices.com
  • imiclk.com
  • imrworldwide.com
  • interclick.com
  • pointroll.com
  • quantserve.com
  • questionmarket.com
  • revsci.com
  • revsci.net
  • scorecardresearch.com
  • tacoda.net
  • targetingmarketplace.com
  • viglink.com
I found these after watching OpenDNS logs for a while. YMMV.

Eventually, we'll further lock down our visitor's network by setting firewall rules that allow DNS access (port 53 UDP & TCP), only to OpenDNS FamilyShield servers - 208.67.222.123 and 208.67.220.123.  That way you can't bypass OpenDNS by pointing to other DNS servers.  Yes, there are other ways around this, but we're providing enhanced security with minimal effort.


Love OpenDNS.  So does David Pogue.


Use OpenDNS

No comments:

Post a Comment