Don't Use OpenDNS On Servers

Are you thinking about using OpenDNS in your servers’ /etc/resolv.conf? Don’t. Why? Because when OpenDNS receives a query for a non-existing name, instead of returning NXDOMAIN (essentially name you’re looking for does not exist), it will return some IP, which probably is meant to catch typos, misspelt URLs or phishing attempts. Works great for humans and their browsers, not so much for your applications. NXDOMAIN is a valid result after all and may impact application’s logic.

$ dig @208.67.222.222 doesnotexist---doesnt.com

; <<>> DiG 9.4.2-P2 <<>> @208.67.222.222 doesnotexist---doesnt.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46259
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;doesnotexist---doesnt.com.	IN	A

;; ANSWER SECTION:
doesnotexist---doesnt.com. 0	IN	A	208.69.36.132

;; Query time: 14 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Apr 17 14:14:49 2009
;; MSG SIZE  rcvd: 59

Categories: linux |

Comments (1)

Abhimanyu // 02 May 2009

Dmitriy, OpenDNS does have few other problems too like one is this - http://mwolk.com/blog/opendns-blocking-sites-unable-to-open-websites/

You can't use shared IP too!