I need to set up content filtering on my DD-WRT router and it seems the best way to do this is using OpenDNS Family Shield. However, I wonder about their attitude toward my privacy. I've read a few things including their privacy policy and terms of service, but I'm still a bit unclear on what using their service really means for my privacy. I currently have my router configured with an always-on connection to a PIA VPN server and am using their DNS service as well. If I use the OpenDNS servers instead, would this be a gaping hole in my overall privacy, or is it pretty safe to use? Do you trust them? Note: I just learned that Cisco purchased OpenDNS a little over a month ago. Not sure what that will mean for their future privacy policy.
If you are after family friendly filtering perhaps you could also consider Norton ConnectSafe. I use OpenDNS myself but not the Family Shield component.
Ah, Norton ConnectSafe looks interesting. Is it better than the OpenDNS solution? I suppose my same concerns would apply with either solution.
Norton ConnectSafe slows my internet here in Australia but your mileage may differ. I was using my ISP DNS servers for a good while but I thought I'd try OpenDNS and it seems as quick as my ISP servers, plus it is way more configurable than Norton ConnectSafe. You can block individual sites as well as many different categories. I block all Social Networking sites for example. Norton only offers three categories (Security, Security + Pornoraphy, Security + Pornography + Others). https://connectsafe.norton.com/faq.html I use Norton Security so I would not really gain much by using their DNS servers as they use the same database but they are amongst the best in protecting against phishing & malicious sites. Privacy? Which is better in that regard I just don't know, others will have to answer that question for you. It's not hard to change your DNS preferences anyway.
I would trust your VPN's DNS server(s) foremost over all else. If they don't provide you a secondary one, and/or you're looking for servers to use when you're not using your VPN I recommend "Swiss Privacy Foundation": 77.109.148.136 , 77.109.148.137 - and Chaos Computer Club: 81.91.162.5 , 81.91.161.2 Last I checked that's what they were anyway. They update periodically so you may wanna check. One thing I always recommend doing is using an outbound firewall and create rules to effectively block DNS leaks. Allow those IP single addresses for your LAN over destination port 53 (write separate rules for both DNS addresses), and then add a block rule underneath it to Block IP In/Out, All, All, All. That way in the event it doesn't use those specified DNS addresses and/or your VPN's connection drops your internet connection will drop altogether and no DNS leakage. I personally don't trust DNSCrypt. Just my prerogative.
I recently read credible criticism of DNSSEC by tptacek on Hacker News: https://news.ycombinator.com/item?id=10059308 But then: https://www.opendns.com/about/innovations/dnscrypt/ Just to clarify a little