OpenDNS Privacy

Discussion in 'privacy general' started by Grassman20, Aug 15, 2015.

  1. Grassman20

    Grassman20 Registered Member

    Joined:
    Jul 14, 2013
    Posts:
    26
    Location:
    USA
    I need to set up content filtering on my DD-WRT router and it seems the best way to do this is using OpenDNS Family Shield. However, I wonder about their attitude toward my privacy. I've read a few things including their privacy policy and terms of service, but I'm still a bit unclear on what using their service really means for my privacy.

    I currently have my router configured with an always-on connection to a PIA VPN server and am using their DNS service as well. If I use the OpenDNS servers instead, would this be a gaping hole in my overall privacy, or is it pretty safe to use? Do you trust them?

    Note: I just learned that Cisco purchased OpenDNS a little over a month ago. Not sure what that will mean for their future privacy policy.
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,872
    Location:
    Australia
    If you are after family friendly filtering perhaps you could also consider Norton ConnectSafe.

    I use OpenDNS myself but not the Family Shield component.
     
  3. Grassman20

    Grassman20 Registered Member

    Joined:
    Jul 14, 2013
    Posts:
    26
    Location:
    USA
    Ah, Norton ConnectSafe looks interesting. Is it better than the OpenDNS solution? I suppose my same concerns would apply with either solution.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,872
    Location:
    Australia
    Norton ConnectSafe slows my internet here in Australia but your mileage may differ. I was using my ISP DNS servers for a good while but I thought I'd try OpenDNS and it seems as quick as my ISP servers, plus it is way more configurable than Norton ConnectSafe. You can block individual sites as well as many different categories. I block all Social Networking sites for example. Norton only offers three categories (Security, Security + Pornoraphy, Security + Pornography + Others).

    https://connectsafe.norton.com/faq.html

    I use Norton Security so I would not really gain much by using their DNS servers as they use the same database but they are amongst the best in protecting against phishing & malicious sites.

    Privacy? Which is better in that regard I just don't know, others will have to answer that question for you. It's not hard to change your DNS preferences anyway.
     
  5. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I would trust your VPN's DNS server(s) foremost over all else. If they don't provide you a secondary one, and/or you're looking for servers to use when you're not using your VPN I recommend "Swiss Privacy Foundation": 77.109.148.136 , 77.109.148.137 - and Chaos Computer Club: 81.91.162.5 , 81.91.161.2

    Last I checked that's what they were anyway. They update periodically so you may wanna check.

    One thing I always recommend doing is using an outbound firewall and create rules to effectively block DNS leaks. Allow those IP single addresses for your LAN over destination port 53 (write separate rules for both DNS addresses), and then add a block rule underneath it to Block IP In/Out, All, All, All. That way in the event it doesn't use those specified DNS addresses and/or your VPN's connection drops your internet connection will drop altogether and no DNS leakage.

    I personally don't trust DNSCrypt. Just my prerogative.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I recently read credible criticism of DNSSEC by tptacek on Hacker News:
    https://news.ycombinator.com/item?id=10059308

    But then:
    https://www.opendns.com/about/innovations/dnscrypt/

    Just to clarify a little :)
     
  7. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    Which one you dont trust? DNSCrypt from OpenDNS or the open source project?
     
Loading...