Recommend DNS services to fight against malware

Nice little article about changing your DNS servers and how and why it can affect performance.

Before You Change your DNS Server, Read this!

 

First of all, thanks for posting the article.

I have a hard time believing that a public DNS service (ClearCloud and Norton DNS) can be slower than my ISP's DNS server because, the article states, the Content Delivery Network may not get to know my accurate location as my address is masked by the public DNS Service (Clear Could or Norton DNS). If this is the case, I'd like to ask someone in the know why my address is masked by ClearCloud and Norton DNS? (I'm not saying that it shouldn't be, I'd just like to know why it is.)

Norton DNS is supported by 15 data centers across the world. Maybe my close proximity to three of those data centers is affecting my speeds for the better, but I have experienced faster speeds since switching to ClearCloud and Norton DNS. (I can't produce statiscal evidence because I am too lazy, or not sufficiently motivated, to perform those tests and record the results.)

As I read the article more carefully, however, I begin to see that it differentiates between faster lookups and faster download speeds. Maybe I am focused on lookup speeds, and not download speeds. Hmmmm. So, when ClearCloud makes the claim that, "in general, you can expect that ClearCloud will perform as good as or better than your current DNS provider", ClearCloud is limiting their claim to lookups and not referring to download speeds at all? I'll have to pay more attention to that... though I'll undoubtedly be too lazy to record any statistical data resulting from tests.

Edit: typo

 

I would just like to add the obvious to the conversation. How many additional Micro seconds is a public taking over your ISP? Probably not enough that your going to notice. If we were talking about seconds then maybe it would be an issue.

 

Just a guess, but I think the impact will depend on where you live in relation to the public DNS and CDN server locations.

I can see it being an issue if you happen to live near to a CDN server but there isn't a public DNS server nearby (or you live in between far away public DNS and CDN servers). Then using your local ISPs DNS service would probably result in faster CDN downloads if the distances involved were large.

However, where I live, the nearest public DNS server, CDN servers and my ISPs DNS server are all relatively close by. I don't think it's going to make any difference which DNS service I use.

 

Article is correct and it can be an issue if whatever CDN is so fine grained that distance/routing becomes an issue. Must have to do with server balancing/scaling or other network nonsense. Search on Opendns forums for "Youtube slow". I am sure there will be hits. Problem might not be so noticeable during normal browsing because of dns-prefetching and the small amount of data that is requested. Unless result of DNS benchmarks is horrible they are of little importance for same reason. What really matters is if those major CDNs X person use can deliver now they think you live in another country.

I think situation is fluid. Not long ago I could not go to deviantart.com, for many months! (I use dyndns). Now no problem. Could always go there using ISP dns. They change and fix stuff I bet there are many hopeless routing issues for me but as long as I don't experience them they are irrelevant. I know using local ISP is only fool proof solution when it comes to getting through. They don't stink at all with dns servers. The speed claims OpenDns and others make must be mirroring them self in hopeless ISPs or worst case.

 

You can setup the internet guide with DynDNS with a free account correct? Im trying to set this up and it does not seem to be working. Did I miss something or do I need to go to sleep for the night?

I click on Add New, then create a new defense plan, click add, then nothing happens. What gives?

 

I doubt you missed anything, I think that's about as far as I ever got with them as well, after multiple attempts.

 

So I guess you just have to spring for the 10 or 15 dollar per year plan?

 

I had the same experience. I just couldn't make it to work.

I did contact their support, back then, and they asked me if I was using a web browser other than IE, and to try with it instead. I didn't bother. It could be it, though, for all I know.

 

Yeah its strange. From what Im seeing, it appears that you need to buy the 10 or 15 dollar plan. By default, it just does not seem to work. Strange. I use OpenDNS and was wanting to just compare the two products.

Will keep you all posted with my findings if I can get this to run.

Cheers.

 

I had the same issue as some of you. What I did was log in to internet guide account at https://www.dyndns.com/account/services/dynguide/
and select the network you have in use, under ip address make sure that you are using your current locations ip, once I did this it worked out ok for me. Not sure how good it would work on a dynamic ip if you don't have a router with ddns update or the dyndns update client.

 

How do you even select the network in use? I don't even have an option for that.

 

Well... so - until these services stop hijacking NXDOMAIN responses for their advertising landing pages, they are plain unusable for me. I need to resolve local zone addresses as well, have my own DNS server for this - and as long as they return their advertising crap for everything nonexistent, it just breaks.

As an example, lets take ClearCloud:

Code:

# nslookup asdfgh.jkl 74.118.212.1
Server:         74.118.212.1
Address:        74.118.212.1#53

Name:   asdfgh.jkl
Address: 66.129.99.88
Name:   asdfgh.jkl
Address: 50.22.232.18

WTF?!

Norton DNS:

Code:

# nslookup asdfgh.jkl 198.153.192.1
Server:         198.153.192.1
Address:        198.153.192.1#53

Non-authoritative answer:
Name:   asdfgh.jkl
Address: 198.153.192.3

T3h sigh again. And what it should look like? Yeah, Google:

Code:

# nslookup asdfgh.jkl 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find asdfgh.jkl: NXDOMAIN

Wonderful. Sadly, Google public DNS is not really usable for the purpose of this thread's subject.

The only one that allegedly makes it configurable and offers filtering is DynDNS, but sadly - as a couple of people noted above - the setup is about next to impossible to get working.

So much for these DNS services.

 

I guess if the option isn't there for you, you could try adding one at https://www.dyndns.com/account/services/hosts/add.html

I hope this works for you.. maybe it was just fluke that mine started to work by doing the above.

 

Thanks man. This is all I see though. Not sure how you got the Network to appear from you. If I click on the link you posted, it takes me to a page where I have to setup a hostname (which states its pay for only). So guess there really is no free DynDNS Internet Guide.

 

Perhaps you should really use IE. I have tried w/ Iron and even this simple page is totally messed up there - the left description column is missing altogether.

http://www.dyndns.com/services/wizard/

Oh wow, now looking at it, there is no free service for IE users?

 

It's free to add 2 hosts, even though it does try to sell you the paid option.

Just fill the form out selecting the hostname of your choice, select Host with IP address for the Service Type and enter your current IP address and add to cart.

 

I tried with IE as well, still no go. Strange indeed.

 

The site is absolutely whacky. Why cannot I subscribe to free at all via IE?

 

Thanks will try that as soon as I get home tonight. Cheers.

So I need to actually add a hostname? Wow.

As a sidenote, but still on topic, how do you like DynDNS? Is it fitting to stop malware effectively as well as providing good content filtering?

 

I like it. I have the defence strategy set to low, blocking ads and pop ups, con-flicker worm, spam, spy-ware and phishing which I find to be quite effective for my needs, although I do think the phishing filter could do with more work as when I tested some domains at phishtank it did let a lot through.

I had dyndns guide set up on our home router until we recently upgraded our broadband. The new router doesn't allow custom dns servers, however, I still use dynguide on the pc I use most and while I haven't had any slow, failing dns issues myself, others on the network using our ISP dns have. So, for me, it gets the thumbs up

 

I find ClearCloud's Google search landing page useful for finding the right address.

 

That may be useful for you, however it totally breaks local zones resolution for me, among other things. That requires that all the forwarders return standard, proper NXDOMAIN reply. Other things it will break are antispam filters using DNS-based blacklists, mailserver checks using DNS to reject mail, etc. etc. This is a serious problem.

 

Just wanted to say thanks so much. Got it setup last night. Gonna see how it is and try to find out if its any better than OpenDNS.

One thing I miss off the bat is the lack of logs vs. OpenDNS. Minor issue I know but time will tell.

EDIT: Does DynDNS prevent zero day attacks as OpenDNS claims too?

 

OpenDNS Free sucks at zero day. DyDNS does a better job, but I still think ClearCloud and Norton are the best at malware filtering.