Alternate DNS server security questions

Discussion in 'other security issues & news' started by scott1256ca, Nov 24, 2010.

Thread Status:
Not open for further replies.
  1. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    I have some questions regarding DNS servers which claim to block malware sites. In particular

    OpenDNS
    NortonDNS (same servers as dynDNS??)
    ClearCloudDNS
    Comodo SecureDNS

    I'm not personally interested in googleDNS, but since others might be I guess we can include it here.

    My first question is do these sites do anything other than block access to known malware sites? By that I mean will any of them allow you to navigate to the site, but then block malware? Or do they all act pretty much the same?

    For the rest of this post I am assuming that they do their work by blocking access to "evil" sites, not just blocking downloads.

    I have seen posts which claim that OpenDNS and ComodoDNS are not intended to block access to malware sites, but both OpenDNS and Comodo claim they can do that. Perhaps it is recent changes to the server setups.

    i.e. from Comodo
    And from OpenDNS
    So both of those claim some blocking of malware sites.

    Do Norton or clearcloud go futher than these two for blocking malware? Please note that question is not "do they do better" but do they do more?

    I have found a couple of youtube things (by languy99) which do some comparisons, but he implies Comodo SecureDNS doesn't block malware and the links he tests against are to exe downloads, not just navigating to the site.

    I tried the using the 4 dns servers I listed (not google) and navigated to the bad sites languy99 was trying to download from. I didn't try to download any executables. 3 of them blocked at least one of the sites. Clearcloud was the only one that seemed to block them all. Clearcloud had them all as valid, but blocked. The other dns servers seemed to think at least one of the urls was invalid. OpenDNS had 3 of them invalid but didn't block 2. Norton and Comodo each blocked at least 1 site. Comodo blocked more than Norton, but Norton reported more as invalid url's.

    I'm not sure how to interpret that. Maybe it means clearcloud does the best blocking but is the worst at keeping it's dns servers up to date for valid urls? Maybe OpenDNS does the worst at blocking but the best at keeping up to date on valid urls? You decide.

    Anyway, does anyone know of any good comparisons on how much bad stuff gets by any of these sites? Related to that, how many valid sites get blacklisted?

    Thanks
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    To my knowledge the current level of protection is all on IP-addresses. Which is logical since the DNS service functions like the old fashioned switchboard operator of an ancient telephone operator.

    Consider it a phising filter like/url reputation listing which runs in the cloud and does not eat CPU cycles of your PC.

    regards Kees
     
  3. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I am using NortonDNS for past 2 months. It prevents navigation to malware site and hence no chances of drive-by-downloads/exploit/phishing etc. from that site. Moreover, it does not give you a link to bypass blocked link.
     
  4. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    Thanks, while I couldn't find anything to suggest otherwise, I didn't want to just assume they don't do more.

    This is what I like about them. Some extra protection with none of my resources being eaten. I've been using OpenDNS for a while and don't notice any slowdown vs. my ISP's DNS. I will probably try Norton though. I think OpenDNS blacklists based on what the community reports, but that community isn't geared toward looking for malware, whereas Norton is. So I think they might find and blacklist those sites more quickly.
     
  5. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    Well, that didn't last long. Norton's DNS is blocking my ISP's IP for outbound email. I see no way of disputing it with Norton unless I am the site owner, which of course I'm not. There seems to be no way to email someone about the problem or leave feedback etc. Shaw cable is fairly large, so this surprises me somewhat.
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Another reason you might want to switch to an alternative DNS is because their servers are generally more secure than your ISP's. Vulnerabilities in the DNS server enable potential attackers to execute MitM attacks through DNS poisoning.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    DNS services cannot block IP addresses. Are you sure it wasn't a domain being blocked? I believe they have a forum for False Positives.
     
  8. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    I think you know what I mean. Regardless of how you want to describe it, my email client requests an IP address for a particular name and does not get back any IP address.

    I did send them the information, but the "feedback" area I used is for rating the site and for commenting on that. I'm not going to hunt for the proper way to send them feedback and I don't feel like signing up to a forum just for this one issue. If they can't make it easy to alert them to problems like this, then I don't see why I should be expected to go out of my way.

    I decided I'd try clearcloud. It doesn't block my outbound email, and I did find an easy place to make them aware of issues like this if I do come across them. If they don't update there servers to remove stale urls and I'm not saying they do, just speculation based on my first post, I don't really care that much because I'll probably never run into it anyway.
     
Loading...
Thread Status:
Not open for further replies.