With OpenDNS- why not disable local DNS cache?

I let a neighborhood youngster use my computer a few hours today. Afterward, I discovered he had visited some porn sites.

I use OpenDNS, so I configured OpenDNS to block porn sites (as a category). Then I asked the youngster for the url of one of the sites he had visited. I won't use its actual name -- so let's just call it "apcray.com".

I then tested to see if OpenDNS blocked apcray.com. It did NOT block it. So I used OpenDNS's internal test for porn blocking. Passed the test BUT apcray.com still was accessible.

My browser is set-up to flush its cache every time it shuts down. Even so, I flushed my browser's cache again, just to make sure. That still didn't stop access to apcray.com.

I then checked the help files at OpenDNS & learned that my computer has its own DNS cache.

Therefore, I flushed & disabled my computer's DNS caching ability. THAT did the job -- no more access to apcray.com.

However, I now wonder if disabling my computer's internal caching might sooner or later foul up something else. So I have the following question...

QUESTION: Since I use OpenDNS, is there any good reason why I should NOT disable my computer's DNS caching client?

I will appreciate any advice offered.
_________________________________________________________

By the way, I had to look-up HOW to disable my computer's DNS cache. Below is a summary of what I found...

By the way, when I ran the displaydns command, it DID display it (on a black pop-up screen), but it zzzzzipped by in the blink of an eye, then immediately disappeared. Can anyone tell me HOW to slow that puppy down?

Aloha from Hawaii,
Bill Bellgamin

 

Instead of using run open a cmd window and run ipconfig /displaydns in there.

 

Thanks -- that slowed her down so I could read it. For info of other neophytes (such as me) I got the command window by...

Start button>run>cmd.exe

Then (on the ensuing black pop-up screen) I typed in ipconfig /displaydns
_________________________________________

Even though it's Sunday (& fewer folks visit Wilders on week-ends) I still hope that someone drops by who will answer my question in post #1.

 

Not in my experience. I run the hphosts HOSTS file and have always had the local DNS service disabled (this is recommended when running a larger HOSTS file.)

BTW, I went to apcray.com and was very disappointed...

 

@bellgamin
I found this post in another thread.
But it is aimed at HOSTS files users. I think with OpenDNS things are different, since this is the point of OpenDNS.
Hopefully Mrk will see this thread and explain a little more.

 

This is no good reason; however, as you already noticed there is a definitely good reason for turning it off.

I always disable Windows DNS Client. All it does is force windows to use the assigned DNS servers. I use my ISP's and OpenDNS servers.

 

Bellgamin,

There is definitely no harm in turning off the Windows DNS Client service. All it does is cache DNS lookups, however, you will lose the cache entries on a reboot anyway. Nothing else relies on it, so go ahead and disable that service. If OpenDNS is caching, then it's redundant anyway. I'm not sure if it does that or not. There are other ones that cache and persist a reboot also, like Treewalk for example, and they are much better than the MS DNS Client service.

Anyway, to answer the question, yep, just disable the service, you're fine..

 

@All -- Thanks for the help. It's off & shall stay that way.

By the way, the computer's DNS cache can also be viewed as a privacy issue. To wit -- if you want it kept private that you surf certain websites, I'm sure you already have your browser set-up to clear its cache each time it starts or each time it closes. However, someone could still get a list of the sites you have visited by viewing your computer's DNS cache.

As for Hurst's link to Mrk's "worst-case scenario" -- for that scenario to occur, MANY MILLIONS of users would need to have the know-how to tinker with Window's innards, and also the paranoia to want to do such a thing. Thus, Mrk's scenario is somewhat parallel to the old chestnut: "What would happen if everybody flushed their toilets at exactly the same instant of time?" The answer is: "We would all be up to our knees in sh*t" -- but how likely is it that such an event could take place?

 

For some reason, I can't remember, I chose to always clear private data when I close Firefox. I may be wrong but reading Mrk it seems better ( faster) to NOT clear private data. I appreciate that doing this may mean that someone may be able to find out that I have been to Wilders, the BBC and Bloomberg but I can live with that. Hopefully I will gain a little extra speed ?

 

I clear my browser's cache, but NOT for privacy reasons. I do so because...

1- The browser cache does not merely list URLs, but also retains entire web pages in temp files. The usual configuration for a browser's cache is ~50MB. I have lots of HD space, but I still don't want to garbage it up. For instance, tomorrow's news page won't be the same as today's, so why store a copy of today's page?

2- Although rare, browser cache has been known to be a lurking spot for malware.

3- Websites change their IPs from time to time, for one reason or the other. Castlecop's IP has changed a number of times in the past few days, as they work to cure a DDOS. Same thing happened with DSLR's site a while back. And Wilder's has been known to change its IP from time to time. When that happened, I wasted a lot of effort tweaking my connection & my computer before I remembered to flush my browser's cache. That decided me to clean the cache with every shut-down of the browser.

Browser cache storage MIGHT save 100-200 milliseconds/look-up. Worth it? Not to me.
____________________________________________

Back to the topic of Window's client-side DNS service...

According to Tech GURU...

Tech GURU goes on to show how you can tweak the registry to avoid negative entries -- but I'd rather use OpenDNS & avoid those situations.

 

Very interesting "stuff" here! If you don't want to lose the DNS cache every time a browsing session ends by having your browser do so, but want to clear it periodically, do any of the CCleaner Advanced Settings, which are not checked by default, do that? Also, does your pc access a site faster by using its DNS cache as opposed to Open DNS?

 

Not sure what all this means

I have just run Crap cleaner to clean download history, internet cache and Internet history and yet when I go to ipconfig/display DNS the sites i have been to since unchecking "clear my private data when I close Firefox"

so clearing the browser cache does not clear the DNS display ?

edit - forgot to reboot

 

I assume you are asking about browser cache as opposed to Windows Client-side DNS cache. Therefore...

Yes, CC enables cleaning browser caches (see screenies below). As to whether those are default settings or not, I do not recall.

99% of the time, any difference would be in milliseconds. You would have to run hundreds of tests in order to determine how much difference accrues to use of OpenDNS. Although it is very *unscientific* for me to say this, I will just remark that OpenDNS "feels faster."

I recommend you to visit OpenDNS's How It Works & look in the upper left-side column to click on links for why they are reliable, faster, safer, etc.

For forum discussions of OpenDNS check the following Wilders threads -- listed from most recent date (1) to earliest date(6)...

1, 2, 3, 4, 5, 6.

NOTE: #6, although the oldest, has the most information.

Happy surfing!

 

I flushed my DNS cache and then disabled the DNS Client service on my computer and then did a little browsing. It seemed to me to slow down my surfing.

 

Hmmm... by default the Windows client-side DNS cache flushes itself every 86400 seconds (24 hours). Further, the Windows cache only jumps in when the browser cache cannot handle the request.

Thus, the Windows DNS cache starts clean daily. The "history" accumulated by your browser's cache pretty much trumps "history" accumulated by the Windows DNS cache. Therefore, unless you tweak the registry such that the Windows cache pervades beyond 24 hours, I have a problem seeing how it might speed things up to any discernible degree. It is a conundrum within an enigma within a mystery.

 

One other thing! I use Sandboxie but it apparently has no effect relative to this because I can "Delete Contents" but the cache is alive and well.

 

This is indeed an interesting thread. Especially the link provided to Mrkvonic post HERE . It has me even considering re-enabling the DNS Cache service and not clearing Firefox's cache. for crying outloud

At any rate, I am satisfied with the operation of my computer and my browsing speed. Having considered the options I will not change anything.

 

@bellgamin

Maybe it was just the sites I visited or the amount of traffic on the net at the time I was surfing that made it seem slower..or maybe it was just my perception and there was no real change. I certainly didn't time it or anything, just a quick and very unscientific trial.

Edit: According to the post by Mrkvonic linked to above in post #17 by chrisretusn, it should be slower with the DNS Client disabled...unless I read it wrong.

 

First off, Mrk used a lawyer's ploy by setting-up a paper tiger by his statement...

Since the Windows client-side DNS cache flushes automatically every 24 hours, a user would have to visit 1000 separate websites during a 24 hour period in order for Mrk's arithmetic to even begin to have meaning. That's 42 sites visited per hour! Maybe you visit that many. Not me!

I might add -- if it takes Mrk's browser 1 full second per website to look up DNS, then he needs a better connection, &/or a faster cpu, &/or a more accessible DNS server at his ISP. The internet standard is ~100-200 milliseconds per look-up.

Secondly, instead of offering any in-depth technical information about the Windows DNS client, most of Mrk's post is taken up with a critique of using the HOSTS file. As a substitute for the Windows DNS cache, the HOSTS file would indeed be rather inefficient.

However, I do not use HOSTS for DNS look-up but for security & ad-blocking. I would think that the vast majority of HOSTS users here at Wilders do so for much the same reasons. I know of no one who has actually tested the milliseconds impact of HOSTS usage -- perhaps because that impact is so infinitesimally small that it would take thousands upon thousand of test iterations in order to measure it with statistical validity.

In light of Mrk's 1-sided list of supposed HOSTS disadvantages, perhaps you might care to read an equally 1-sided ennumeration of HOSTS advantages. Then decide for yourself.

 

Without DNS caching, it depends on how slow or fast your ISP is. If you have quick ISP lookups, then the difference is minimal without the caching. However, if you're a victim of slow DNS servers or other little glitches and slowdowns, then caching can appear to make a pretty noticeable difference. Sure, it's usually a matter of milliseconds, however, a cache lookup is always much faster than an ISP or OpenDNS lookup. So, in summary, whether you actually benefit from the cache service (or other ones like Treewalk) depends on how well your DNS servers respond normally. Also, at times when DNS servers are under peak loads, it can also make a noticeable difference if you are caching..

 

Unless you clear your index.dat as well, they can still get a list of the sites you visit.

That sounds like an issue with the dns cache (or more likely your dns server), not the browser cache.

 

So I gather the pc's DNS is probably a good thing and it's flushed during boot. So, could someone write a batch file to run ipconfig /flushdns so if you want to periodically clean it without a reboot? I'm 60 and found instructions for writing a batch file some what confusing or I'd try it myself. Thank You!

 

You don't really need a batch file, just run your command from the Start Menu -> Run prompt.

 

Hi Bellgamin,

If your using a router, place OpenDNS setting in it.

Take Care
Rico

 

Using a third party DNS is far more of a privacy issue !