Don't Use OpenDNS On Servers
17 Apr 2009
Are you thinking about using OpenDNS in your servers’ /etc/resolv.conf? Don’t. Why? Because when OpenDNS receives a query for a non-existing name, instead of returning NXDOMAIN (essentially name you’re looking for does not exist), it will return some IP, which probably is meant to catch typos, misspelt URLs or phishing attempts. Works great for humans and their browsers, not so much for your applications. NXDOMAIN is a valid result after all and may impact application’s logic.
$ dig @208.67.222.222 doesnotexist---doesnt.com ; <<>> DiG 9.4.2-P2 <<>> @208.67.222.222 doesnotexist---doesnt.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46259 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;doesnotexist---doesnt.com. IN A ;; ANSWER SECTION: doesnotexist---doesnt.com. 0 IN A 208.69.36.132 ;; Query time: 14 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Fri Apr 17 14:14:49 2009 ;; MSG SIZE rcvd: 59
Comments (1)
Dmitriy, OpenDNS does have few other problems too like one is this - http://mwolk.com/blog/opendns-blocking-sites-unable-to-open-websites/
You can't use shared IP too!