Recommend DNS services to fight against malware

Discussion in 'other anti-malware software' started by Kernelwars, Aug 17, 2010.

Thread Status:
Not open for further replies.
  1. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    I really like DynDns when it comes to protecting against malware but I would not be surprised if OpenDNS win all other comparisons. "Old" company, must have be big ass database and expirience in categorizing. Tons more to block than just "malware" so if used for other purposes than yet another layer of direct malware defense more testing should be done. Of course DynDns will look better when it seems to be the only service offering "spyware" protection. OpenDNS can still be the better choice.

    They all, including Google, promise more "speed" but unless your ISP truly suck I doubt you will notice much when not using benchmarks. If you can get away with using perhaps far away dns-servers without noticing strange routing messing up or slowing down sites like Youtube, Google stuff be happy :) World is kind of big so this about better performance could be more relevant in areas with less optimal ISPs.
     
  2. guest

    guest Guest

    This is because the namebench testing method is much better and accurate.

    Which are the DNS numbers of DynDNS? I cant find them in their website.
     
    Last edited by a moderator: Aug 20, 2010
  3. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    http://www.dyndns.com/services/dynguide/

    Advanced Users

    For DNS veterans, switching to Internet Guide is easy. Simply replace your current recursive resolvers with:

    resolver1.dyndnsinternetguide.com - 216.146.35.35
    resolver2.dyndnsinternetguide.com - 216.146.36.36
     
  4. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
    Namebench measures the speed only... IMO Security is much more important

    Use this to test your DNS Nameserver Spoofability:
    DNS Nameserver Spoofability Test

    I use this DNS from my ISP: 58.69.254.45 (It's damn good and fast)
    and my alternate DNS is Norton DNS :thumb:

    both are DNSSEC supported both ignores External Query and...
    my ISPs DNS ignores External Ping which all of the free Public DNS posted here does not.
     
    Last edited: Aug 20, 2010
  5. guest

    guest Guest

    But the alternate DNS is only used when the primary DNS is not responding, no?
     
  6. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
    I don't know... but once in a while I can see Norton DNS block page even when my ISP's DNS is working.
     
  7. guest

    guest Guest

    So each time the address is checked with both DNS's? I dont think so, this is probably because your primary DNS is down or it's slower

    EDIT:
    http://en.kioskea.net/faq/904-primary-dns-and-secondary-dns

     
  8. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
  9. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,264
    Location:
    USA
    DynDNS also has defense strategies for home environments with children or work environments.
     
  10. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    If you use Acrylic DNS proxy, it will send requests to as many as 3 DNS servers and use the reply that comes in first.
     
  11. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Is noresult a good or bad result (was tested with Proxomitron disabled)?

     
  12. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    FYI, OpenDNS has 0 (zero) malware protection for free (only paid), it has "botnet protection". DynDNS has both malware and "botnet" protection for free.

    I believe someone said NortonDNS uses DynDNS hardware, but DynDNS doesn't use Norton's DB, they use the Barracuda hardware filtering.

    Both Norton and Dyn are fully secure according to the GRC test, obviously Norton is as secure as Dyn is, and as you'd expect since Dyn has DNSSEC support, so does Norton, unlike OpenDNS.

    It brings me to the conclusion that if malware filtering is the most important to you, you will prefer Norton, but if fine grain control over blocking sites such as advertising, gambling, etc and turning off invalid domain redirects is more important to you, you'd prefer Dyn.
     
  13. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    That was really helpful elapsed.Thanks.
     
  14. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    elapsed, Your statements about OpenDNS are untrue. This image is from a free OpenDNS account.

    [​IMG]
     
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    But read to the right of your circle. I BELIEVE it is meaning that you will be protected from the, how do I put this "news makers", meaning the big worms, massive well known botnets. That's all well and good, but those "big timers" make up a small percentage of the threats. Correct me if I'm wrong?
     
  16. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    Hi cgeek. Have you tried both OpenDNS and DynDNS? If yes please let us know about your experiences.Thanks.
     
  17. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    http://www.opendns.com/start/

    Scroll down to malware protection my friend and notice the lack of a tick. I've seen what you attached in the config, but I've never seen OpenDNS block any type of malware site.


    You're very welcome!
     
  18. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    @dw426
    I don't know since I no longer use OpenDNS. They do have a community based domain tagging similar to WOT or MDL. See here.

    @datarishik
    Both are very good. But I would not count on a DNS provider to prevent me from getting infected. It is like any other security product "It can't be 100%". You should still consider a layered approach! I obtained a free DynDNS Pro account through my employer. They use Dyn and they gave us three free Pro accounts.

    @elapsed
    It must be a misrepresentation cause, when I was using OpenDNS and trying links in MDL some were blocked.
     
    Last edited: Aug 20, 2010
  19. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    911
    Inspired by the ongoing discussion I decided to try out Norton's

    /registered for OpenDNS in April but completely skipped my mind!/

    and got this:

    http://www.bild.me/bild.php?file=2498347Capture.PNG

    My sytem is in ENGLES, but location: Poland

    is there a workaround?
     
  20. Morro

    Morro Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    355
    Location:
    Netherlands
    You do not need to download the client to use Norton DNS, you can set it manually...it is what i did. :)

    http://www.nortondns.com/windows.html

    Scroll down a bit to the instructions for setting it manually.
     
  21. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    911
    Morro, God bless you

    I don't know what what possessed me to try using the client//
     
  22. Barthez

    Barthez Registered Member

    Joined:
    Apr 28, 2010
    Posts:
    113
    Location:
    Poland
    I used NortonDNS, but it blocked to many good websites. media.tumblr.com was blocked, i.wp.pl and m.gazeta.pl too (pictures/media/file hosting servers for two of major Polish news portals) and that's just couple of them. It's certainly a good product, but relaying 100% on Norton Safe Web automatic system is not a best choice imo.

    I just changed my DNS to Sunbelt's ClearCloud and it seems to be a better choice for me. Time will tell :)

    DynDNS internet guide has big potential, but needs more work. Some routers for example are bundled with ability to login to DynDNS in order to update IP when using their free personalized URL future. Creating a internetguide.dyndns.com address that could handle all profile updates might be a good idea. When i used their service, there was no easy way to update profile with new IP address, their client didn't work to good in my case, and manually changeling it every 24 hours is too much hassle for me. I liked that they allowed to change how NX domains are handled, so i could opt-out form ad/search site :)
     
  23. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    There was a forum post on the Norton forum I believe, something about a malicious ad, then the website(s) were removed from the list later. Seems like a good thing to me if they are protecting you for the duration the ad is being hosted?

    Yup it's awesome. I have my router set to update DynDNS with my IP so now I can enjoy no redirects, blocked advertisements & blocked malware (to an extent that has room for improving) without needing to run anything!
     
  24. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    Kind of off topic but I believe you may find it interesting. I've been using OpenDNS for years. I surf sandboxed mostly and use a router, plus OA, anti-spyware and virus apps and pay attention to WOT symbols so I'm not real concerned about changing DNS service for security reasons. To my point: If any of you use Firefox (perhaps the other browsers too) and Sandboxie on a Pent4 XP machine you are aware of the 15 to 20 second lag time starting a new browsing session. It seems to vary depending on MS Hot Fix and/ or Sandboxie versions. There have been times when the lag has even been longer than 20 seconds. This thread prompted me to log into my ODNS account where I haven't been for who knows how long and I end up installing the Updater (which monitors your IP) and suddenly new sessions start in about nine seconds. I don't know why, but I wish I'd have done this years ago! By the way, I don't consider the load time finished until the extension gmail notifier loads my two accounts, which does add a few seconds.
     
  25. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    How bad is this??

    "Other information beyond basic DNS information may be collected from the search engine. To provide Norton DNS, we partner with Ask.com. Like other search engines, Ask.com uses cookies set to your computer or browser to remember your preference settings. For more information on the data Ask.com collects, see the Ask.com privacy policy."

    http://www.nortondns.com/privacy.html
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.