Open DNS

I have been using Treewalk DNS for years, its a very stable and safe program, it converts the DNS from your PC, automatically disables Windows DNS and also lets you update ICANN root. Speeded up my net access significantly. Its free for life with no strings attached and takes little resources, just have to give full inbound rights to named.exe process which is totally safe.

www.ntcanuck.com or www.treewalkdns.com

 

My browser cache is cleared automatically when I close it. Didn't think about the windows DNS cache, but I will the next time I switch. I haven't tested how well either does under controlled conditions. If I can find time, I'd like to.
The service rep for my DSL service told me they were having problems with their servers on one of the days I called them. While downloads are much faster with the DSL, normal web browsing with their service is barely faster than my dialup service was. Using the Open DNS, it actually feels like DSL now. If my regular service is having some kind of problem, it's probably not a fair comparison. Then again, they've had this problem for better than a week now.
Never tried Treewalk. From what I see, it doesn't run on my operating systems, Win98 and Ubuntu Linux.
Rick

 

Bine PE runs on 98,its from makers of Treewalk, nothing for Linux yet.

 

At least you have an alternative, which is great.
There is a version for win98, called BIND-LE, same website as Treewalk.
And Ubuntu has BIND available, which is probably more troublesome to setup then the easy to go TreeWalk installer.

 

They do have a privacy policy, their address and phone number listed on the page, and an introduction to each member of the team with each of their emaill addresses. If you look up the building you can see that it really is a high-rise building, and seems to be shared with a number of legitimate and government offices. If they're trying to hide something, they're doing a lousy job.

I noticed the same thing just pinging the server, but many times it does indeed go a little faster. Either we're not getting the optimized connection when doing such things or they are just processing actual DNS requests faster. Of course the difference between OpenDNS and my ISP's DNS servers was a difference of about 10 milliseconds, which is not something I would readily notice. Of course this is all also likely to be different for different people, especially the difference between OpenDNS and their ISP.

 

I've tried it a few times without much luck. The first couple times it crashed frequently, then when I tried again recently to serve my LAN it would fail to lookup new sites unless I refreshed about 3+ times.. locally it seemed to be OK, but still missed some sites here and there.

For some people, however, it seems to work really smoothly, I don't know. When it did work for me it was pretty nice, things did speed up, but for my purposes it was just a no-go. If you're interested I would say give it a try, worst case scenario you uninstall it.

 

Treewalk is a great product and helps web surfing speed up considerably. It never had a problem on my pc except that it can be the only local proxy or else it won't work. So yes, it won't work with the proxomitron or privoxy

Alphalutra1

 

Whether TreeWalk DNS improves speeds will depend on your ISP. It did nothing for me--I guess I have a pretty good DNS service.

Maybe installing the Microsoft Loopback Adapter, giving the loopback adapter a unique subnet address, and then using that subnet address for your TCP/IP DNS settings (rather than 127.0.0.1), would work to avoid the issue you had with 127.0.0.1. The TreeWalk DNS site mentions this procedure.

I've personally seen the TreeWalk DNS service absolutely devour CPU on several occasions, so I was thinking about trying the loopback adapter myself--if I continue using TreeWalk DNS in the first place, that is.

 

Incidentally, the CEO and the VP of product development at OpenDNS.com had this to say when I inquired about DNS cache poisoning (quoted here with explicit permission):

 

Hi Guys,

Received an email form Steve Bass author of OpenDNS article, from PC World regarding safety. He assures me that everything is safe.

Also it seems that OpenDNS, has worked with CastleCops, & at OpenDNS you will find an acknowledgement, regarding CastleCops. Visiting Castlecops I found 4 threads regarding OpenDNS one post from Paul an admin type.

As far as I'm concerned, the safety thing is over & done!

Take Care
rico

ps at Castlecops, I just typed "OpenDNS" in there search box.

 

There are a lot of nasty things that could happen with DNS records when you use a third-party service, but I figure the same thing could happen with your ISP, too.

From all I've seen, it's a really nice service that really works, and I'm happy with it so far.

 

Running Treewalk on an ancient dual P-III 850 machine, absolutely no CPU overload problems here.

 

The problem only happens under certain circumstances, and is mentioned on their site. It has only happened a few times on my system. It has nothing whatsoever to do with the type of CPU you have (but why on earth would it?).

 

i love opendns. it fixed my network problems

 

Is there a way to communicate the DNS info over a secure channel?
Perhaps with some kind of local DNS proxy utility so your preferred and alternate DNS servers are directed to 127.0.0.1:53 (local host) and the utility communicates via SSL or other secure means to OpenDNS servers?
Even for pay this would be an interesting option like a Secure DNS Proxy Service.

Sure you can do this somewhat with forwarding the DNS requests through the TOR or SSH proxy servers, but those don't cover every DNS request.

I asked if this could be done with a SOCKS proxy a long time ago, but never got an answer.

 

i just don't care if it's secure or not, it's either this or no connection. i have a screenshot of a page taking over 1 hour 15 minutes to load with tiscali's DNS. i really, really hate tiscali. they have known about this problem for a month or so, i have asked them to fix it but they haven't even bothered replying. there are 100s of posts about it at tiscali forums uk, they don't help anyone. their support team are idiots.

i hate tiscali.

 

You may see a significant improvement, or you may see no (noticible) improvement at all. I fell into the latter category. It depends on your ISP service.

 

You would change the DNS setting in your router, that's all.
Performance increase only applies to DNS lookups.

 

The performance overhead would be a killer - DNS uses UDP for speed to avoid the overheads of establishing a TCP connection. TCP connection plus SSL negotiation (including certificate check) for every DNS request would slow most connections to a crawl (aggressively caching past requests would become a necessity).

In my experience, Tor does cover every DNS request - the only time your browser should attempt one directly is with protocols not covered by Privoxy/Tor (e.g. FTP).

 

And doesn't a DNS request/response fit in one single network packet? That is what I remember of it.

 

There is no secure communication channel possible through UDP?
Because it is a one way street?
Would a secure channel be possible through 2 UDP connections, one send and one receive?
Would the DNS performance of such a setup be any worse than it is now when the DNS is forwarded through the proxy?

I was referring to DNS communication outside of the browser.
For example, command line pings and DNS lookups, programs like Port Explorer doing IP resolving, Windows Automatic Updates, and other programs that don't utilize the web browser but still make DNS requests through svchost. These programs don't have an easy way to set up communication through a proxy.

Is it possible for these types of programs to have their DNS requests go through a proxy like TOR? What about an SSH proxy?
Is there a way to force svchost to perform all DNS lookups through these proxies not just the browser?