I’m a little late to the blogging phenomenon, but here we go. I started working on OpenDNS last November to create a new kind of DNS service that can be used by anyone to make their Internet experience better. Since then I’ve been working hard to bring this to fruition by assembling a fantastic team, developing some really great software and deploying a world-class network. Now I’m thrilled to introduce the free service we’ve been building. It’s ready, and I want you to try it. You will love it.
DNS in two (or three) sentences
DNS is what allows you to type in a web address and end up at a website; DNS is transparent and yet fundamental to the operation of the Internet. There are two sides to DNS, the authoritative side which give out answers and the recursive side that ask questions on your behalf and holds onto them in case you ask again.
OpenDNS provides the latter, the world’s first highly-available, high-performance recursive DNS service customized with features to make the Internet safer, faster and smarter for you. (Clearly, I belong in Marketing.)
Some background
To understand why I created OpenDNS requires a little background. I’d moved to San Francisco after graduating from Washington University in St. Louis, and was managing EveryDNS, a popular and reliable DNS management service which I started five years ago. While helping scale and run operations for a startup run by a friend of mine I watched EveryDNS continue to grow and do well on its own and I missed it. Running a world-class DNS service for five years taught me a lot not only about DNS and networks but also about the people who use them. As a result of all this work I discovered ways to make DNS better by making it more resilient, safer and faster. I also began to see and understand how a lot of spam, spyware and phishing sites abused DNS to operate.
Not everyone on the Internet is as nice as you are
Spammers, Phishers, Botmasters and other Internet Bad Guys use DNS as a vector for running their attacks and schemes to send spam, spread malware and operate phishing sites. Some of these Bad Guys used EveryDNS to manage DNS nefariously. When I found out about this, I took action and cleaned up EveryDNS. We wrote code to filter out the Bad Guys and began collaborating with other DNS providers to share information on bad users and bad domains so that these bad actors would be unable to jump from service to service. The Bad Guys went away and my part of the Internet was clean (and still is). The problem was that the Bad Guys just moved onto easier targets — other DNS services that didn’t care as much as I did and didn’t collaborate with the major DNS players. The abuse continued to be levied on the Internet and I was unable to stop it. By cleaning up my neighborhood all I had done was drive the abuse into another one. So I created OpenDNS to deal with this and many other limitations of the existing DNS.
OpenDNS is a DNS service designed for you: instead of relying on all the unknown DNS providers out there to clean up their act (more on this in a future post), we act like a crossing guard in front of your house. We direct the good stuff towards you and send the bad stuff away.
Improving the DNS
DNS — the Domain Name System, a foundation of the Internet for 20 years — has loads of room for improvement. Most people don’t realize the possibilities, but the DNS software most of us are using (via an ISP or corporate server) hasn’t evolved fast enough or far enough from the software written in the 1980s. There’s a huge opportunity to learn from the past and address and fix some of the problems that crop up at the scale of today’s Internet. I decided that adding security features, performance improvements (we all want a faster Internet, even with broadband), and some smarts (fix typos for me… that’s what computers are supposed to do) would evolve the existing DNS without breaking the old. Don’t worry about us hijacking your traffic like one of the many browser toolbars that get automatically installed — having had my first tastes of unix and networking at a mom-and-pop ISP, I was schooled with the importance of making things interoperate nicely and not messing with peoples’ computers or Internet.
Improving the Internet
What do I mean by “improve the Internet”? If you’ve read ”The Tipping Point” by Malcolm Gladwell you know the story about how New York City made the subways safer by focusing on the fundamentals rather than trying to catch every criminal. By cleaning up subway graffitti and catching fare-cheaters the law-abiding citizens of New York returned to using the subways and to taking pride in their clean city. These small changes led to a massive downturn in crime numbers in New York. We’re applying the same techniques to the Internet and cleaning it up.
- We’re blocking phishing sites that are set up to steal your banking and other sensitive data.
- We’re impacting the ability for botnets to organize and disrupt networks.
- We’re improving the collective intelligence of the DNS to provide insights into many forms of Internet abuse and fraud.
More than five years running EveryDNS showed me a lot of the shady practices by the folks who have made phishing, pharming, botnets, spamming, and other nefarious practices something we all contend with every day. (Who thought phishing would be a widespread term?) They do this because it’s easy for them and there are no counter-measures. Now there’s OpenDNS. Of course, we’ll also speed up your Internet without changing your ISP, computer, or browser and perform some simple but useful tweaks like fixing typos. A barrage of testing and feedback has told us that people really notice a faster Internet experience, and that they appreciate getting an intelligent search results page rather than a “page not found” error. That is just the beginning.
EveryDNS
The primary service of EveryDNS is free authoritative DNS. Not registering domains, not hosting websites, not doing anything more than let people with domains administer their own records in the global Internet “white pages” known as DNS. Nearly 100,000 individuals, organizations and companies depend on this free resource and have for many years. EveryDNS is supported by donations and advertising, and has always been profitable. I have automated nearly ever aspect of EveryDNS and along with the help of a fantastic team of volunteers, I am free of day-to-day involvement. You can find more information at EveryDNS.
Personal history
You can read more about me on my corporate bio or check out my personal website at david.ulevitch.com. I’m a DNS expert and I live in San Francisco. If you have any questions, please get in touch.
DylanJay
I think your philosophy is truly original and I can very clearly see you succeeding. I’ll be doing as much as I can to help get the OpenDNS name out around my area and I wish you all the best!
posted on July 10th, 2006 at 5:39 am
mmieriii
This is an idea that could work. I look forward to trying it!
posted on July 10th, 2006 at 12:10 pm
Fran K Baby
Dear David,
People like you make this world a better place…
I started using opendns, this looks like one gr8 idea which everyone should subscribe to. I’ll do my best to make you popular.
Wish you all success!
Regards,
Fran
posted on July 10th, 2006 at 10:44 pm
Jerry Hung
Wow, a new true idea, that actually benefits us (instead of million-dollar-whatever)
I’m gonna give it a try, and spread the words around.
posted on July 11th, 2006 at 9:06 am
peetm
Reminds me of the day I got an email from Steve Gibson telling me try out this new search engine, it was called Google. Anyway - great idea, best of luck.
posted on July 11th, 2006 at 9:34 am
idl3mind
I just read the wired article (via slashdot via google rss reader) today.
I’ve set it up as a DNS forwarder in my head linux server. my linux server is a dns cache/forwarder for my 5 windows DNS/domain controllers.
this is a great idea and thanks very much!!!
posted on July 11th, 2006 at 10:18 am
Andre Heller
Where does the “open” comes from in openDNS? Where is the open part?
posted on July 11th, 2006 at 1:16 pm
Andy
Just wanted to say thanks. Even from the UK this has sped up my browsing a lot.
posted on July 11th, 2006 at 1:46 pm
Doug
What a great idea. Its about time someone cared to try and make the net a better place! Any efforts going to be made to block add sites? E.G. http://www.mvps.org/winhelp2002/hosts.htm . It would truely be wonderful if spyware could be rendered useless through DNS as well ;-). The hosts file attack while effective is not quite so elegant.
You hiring?
posted on July 11th, 2006 at 6:09 pm
Hendra Kieran
OK, I bought it. I’ve reconfigured my office network to forward to openDNS, looking good so far.
I kinda agree with they guy who asked, “Where does the ‘open’ comes from in openDNS?
posted on July 12th, 2006 at 1:27 am
Nick
This is truly incredible. I’ve noticed dynamic speed increases in browsing. No other “internet accelerator” of any kind has ever worked for me, but this does, and without requiring any software installations. Everyone should use this, period.
posted on July 12th, 2006 at 3:56 pm
William Childress
David,
Several questions.
1) Will your system eventually cache all publicly available zones?
2) Are you prefetching zones / records or waiting until they are initially requested?
3) How fast should one expect a record change to be updated in your cache? Are you following TTLs?
4) If a record is not in your cache won’t the initial request take longer than normal?
5) As your usage grows will you be using a global management system so that every system will use the 2 IPs provided in your “Get Started” or will each continent have different cache servers?
Thx,
Will
posted on July 13th, 2006 at 1:00 am
William Childress
David,
Will you be making an appliance that could be deployed in a enterprise environment?
thx,
Will
posted on July 13th, 2006 at 1:20 am
zemei
That\’s great!
I think first that a new dns program, but not !!!
I have read first about it on http://hup.hu !
I will help to spread that!
Thanks a lot!
posted on July 13th, 2006 at 5:39 am
John Roberts
To William Childress: some answers, in reverse order.
RE: #5
The IP addresses given will always be the same, the world over. We’re anycasting (David will blog about that in more detail in the future).
RE: #4
If a domain is not in our cache, we’ll make a request to authoritative servers, just like other recursive DNS services. We’ll do what we can do to make that speedy.
RE: #3
We are following TTLs. Absolutely. If you come across anything that seems counter to that, let us know. It would be a bug.
RE: #2
Not yet prefetching. Stay tuned.
RE: #1
We’ll cache everything that makes sense. I’ll wait for David to give a more specific technical answer re: zones.
John Roberts
OpenDNS
posted on July 17th, 2006 at 3:04 pm
Newcybertech Weblog » Blog Archive » OpenDNS
[…] The OpenDNS team is improving the safety and speed of the Domain Name System, a fundamental building block of the Internet. Led by David Ulevitch, a DNS expert, we are creating a vibrant business by making the Internet a better place. Meet the team… […]
posted on July 18th, 2006 at 2:40 pm
folken
How do you make money?
posted on August 5th, 2006 at 5:54 am
goodspeed
Fantastic service!
I recommend pre-loading OpenDNS server DNS entries (Primary: 208.67.222.222 / Secondary: 208.67.220.220) in all new computers (OEM-style).
Mac, HP-Compaq, Dell, IBM, etc. lookie here.
…and the world becomes a safer place. cheers!
posted on August 21st, 2006 at 6:41 pm
Buzzlair
Well, im so sure that what you have done had give lots of benefits to internet surfers. For me, following a steps of people like you is something “interesting” and i would like to say, i hope someday ill be like you! (im still 17). Ill spread OpenDNS “service” to the cafes around my area…. Thanks for everything.
posted on August 26th, 2006 at 11:58 pm
Maggard
So far. so good.
After a few days of switching over to OpenDNS everything is working, seems faster then using the Comcast & Verizon Business DNS servers, and a few typos have been caught. And, happily enough, when web addresses aren’t responding the Firefox extensions have still worked to offer cached versions of the sought pages.
However, a few questions:
Echoing above, what about this is “open”? Will the code & techniques be documented? That’d be a great service to everyone, allowing DNS administrators everywhere adopt some of the features here, invite greater feedback, suggestions, and confidence, etc.
What is the mechanism for identifying phishing sites? I respect that some ambiguity might be desired to prevent their attempting to game OpenDNS but is it from 3rd party lists, individual reports, somehow automated, what? And, the obvious question must be, how to handle false-positives, is there any recourse?
What is the disaster planning? Are there backup servers in place? Are they geographically distributed? Before putting all of our eggs in your basket this needs to be addressed.
Again, so far OpenDNS is serving me well, and I appreciate the service. But before committing to it in a big way I’m interested in hearing some of the answers. The blog is a good start, lets see how it works out for OpenDNS as a two-way communications mechanism.
posted on September 2nd, 2006 at 7:43 am
John Roberts
Maggard, open = available to all. Anyone can use our DNS; it’s not restricted to customers of a single ISP or organization or country. It’s not a reference to open source, though we use a lot of open source code, and we do (and will) continue to offer more technical details of what we do. Read the post from a few days ago about how we handle DNSBLs, for example: http://blog.opendns.com/2006/08/31/typo-correction-dnsbls-work-together/
About phishing… I answered all your (very reasonable) questions in our FAQ and in this blog post from July 24th: http://blog.opendns.com/2006/07/24/opendns-phishing-sites/
There are multiple servers in multiple locations (see the network map here: http://www.opendns.com/what/#network-map ), with more locations planned (see http://blog.opendns.com/2006/08/28/london-servers-coming-soon-still/). We know uptime for DNS is non-negotiable. See http://system.opendns.com (linked at the top of every page) for more details.
Thanks for choosing OpenDNS.
posted on September 2nd, 2006 at 1:49 pm
timofonic
Hello,
I really like this service, but afraid of the capitalist background. I mean… where’s the business? How you pay the bills and get the salary? There are people working on this, but not sure if OpenDNS is doing not moral things (spying users and selling that info to others…) for getting the money.
It could be nice to explaining this info on the main page, I’m and other people are quite paranoid. Google is the Big Brother and still using it, but we’re afraid of others too.
Best regards,
timofonic
posted on September 5th, 2006 at 4:49 am
John Roberts
Timofonic, we’ve stated all along that we are a business and how we make money… it’s in our FAQ at
http://www.opendns.com/faq/#how_does_opendns_make_money
We don’t sell data. Read our privacy policy:
http://www.opendns.com/privacy
posted on September 5th, 2006 at 3:18 pm
rifin
can i use this dns if my ip is static? please let me know…
posted on September 11th, 2006 at 7:37 am
prfunky
re: rifin
Sure you can use this DNS with a static IP. I used to manually change my DNS entries all the time to the fastest DNS servers I could find. Then, I always had a static IP.
posted on September 18th, 2006 at 10:38 pm
Priyan
Really a great service, realy David Ulevitch & his team made a great thing, and me personaly very happy of ur FREE service, Thank You All
posted on October 18th, 2006 at 10:22 am
Joel Guzman
I just want to say that your service is great and i’ve noticed the difference while surfing the internet.
Thanks,
And yes i’ll definitely spread the word about your site.
posted on November 1st, 2006 at 7:05 am
don montalvo
opendns is awesome. is there a plan to beef up the back end so we can roll this out to our corporate clients? also, is there a list of blocked domains we can look at? or a way to adjust for business need?
ps, i applaud your “free” service…but it would be entirely reasonable to charge an annual fee for businesses, IF we could manage blocked domains on the admin side (those of us who admin small/medium shops).
don
posted on November 6th, 2006 at 6:53 am
E.Dehoyos
For a simple minded guy like me, What can I do with this site?
Simple terms please.
And what is in it for you and the staff you have to pay?
posted on November 13th, 2006 at 12:30 pm
John Roberts
This site tells you how to change your DNS (Domain Name Server) settings over to those of OpenDNS. No software to install, and it’s free. OpenDNS gives you faster DNS, which can mean a faster overall Internet experience.
As we say in our FAQ, we make money from advertising.
http://www.opendns.com/faq/#how_does_opendns_make_money
posted on November 13th, 2006 at 3:56 pm
SonnoProfondo
Il mago dei DNS…
David Ulevitch è un simpatico ragazzone americano cresciuto a Del Mar, California (vicino San Diego, ai confini col Messico), che sin dai tempi delle scuole superiori ha un chiodo fisso, i DNS, una tecnologia sconosciuta ai più ma alla base di tutte …
posted on December 8th, 2006 at 5:48 am
fabio
just thanks for this great job!
posted on December 11th, 2006 at 1:55 pm
MarieLu
Just started to use your great service out here in Italy. You guys are really offering a great service. Just a quick question; will you become subscription only or create revenue another way? i’ll be recommending you to everyone.
posted on December 27th, 2006 at 5:31 pm
Enrico Miguel E. Ong
I salute you and your team for the endeavors to improve the operation of the internet. A good seeds will always produces goods fruits. I hope that your team will find more new good innovations to improve the internet.
posted on February 11th, 2007 at 5:29 pm
Aashish
Congrats !!
On serving 1 billion DNS entries in a day. Guys keep up the great work
posted on March 20th, 2007 at 5:25 pm
David Ulevitch
Aashish,
Thanks so much!
posted on March 21st, 2007 at 6:48 am
OpenDNS Blog » Shadowserver add EveryDNS to Hall of Fame for fighting botnets
[…] his June post Why I Started OpenDNS, OpenDNS founder and CEO David Ulevitch explained how running EveryDNS taught him a lot. Spammers, […]
posted on April 4th, 2007 at 2:01 pm
Rick
Just started using this and it’s working great on my dual boot!
thx…I’ll be passing this info on as well!
posted on April 17th, 2007 at 7:52 am
Chris Hesselrode
David,
First and foremost, I want to say THANK YOU, for making this a better place to enjoy. The Internet has so much wealth and opportunity for us all, and you just make it worth so much more. I have been an avid fan of your EveryDNS product for a few years now, and I can’t even begin to tell you just how much I rely on it.
The only suggestion I have, is I hope that if people have issues with OpenDNS, as they may with EveryDNS, that the response times are much faster. I sent in a support ticket to the EveryDNS team, and have yet to get a reply — 3 weeks later.
Keep up the great work, and I look forward to the many years of great service from OpenDNS.
Godspeed.
posted on May 12th, 2007 at 12:37 pm
David Ulevitch
Chris,
I apologize for the delay in responding to your EveryDNS question. You are right when you say it’s ridiculous. We have dedicated people at OpenDNS who do support, which makes our response times super quick. EveryDNS isn’t at that point yet, but will soon be.
I will personally resolve your EveryDNS issue within the next 12 hours.
posted on May 13th, 2007 at 9:58 pm
Peter Jarvis
Hmm - so tell me gain why your doing this, and how you make money?
I am sure your not that altruistic
To be clear I am fine with you making money out of this, I just want to understand how you make money out of me using the service.
posted on May 23rd, 2007 at 6:26 am
Dan
I’ve found that OpenDNS is set up on my laptop seemingly automatically in the last few days without me (knowingly) doing it. Is that possible?
posted on August 10th, 2007 at 10:58 pm
securology
Excellent service. Innovative and closer to the source of the problem than your competitors. Keep up the good work. Search for more ways to integrate into consumers’ lives; enterprises will naturally follow the economic incentives.
http://securology.blogspot.com/2007/12/opendns-i-think-i-like-you.html
posted on December 12th, 2007 at 7:19 pm
Keenpath
How OpenDNS Can Benefit You…
Why Would You Care about DNS?
Anyone using a networked device (computer, smart phone) on a local network or Internet rely on DNS (Domain Name System) to make life a lot easier, whether they know it or not! Could you imagine memorizing hundreds of numb…
posted on December 22nd, 2007 at 10:03 am
Mark Mathson
Thanks for providing such a useful service! I have been recommending it to anyone I can.
http://keenpath.com/archives/2007/12/how-opendns-can-benefit-you/
Regards,
Mark Mathson
posted on December 22nd, 2007 at 10:07 am
Alvaro Gilabert
Of all the things you say, I can for sure say that one is true: you have a wonderful team around you.
For the rest… time has already said they are true, too.
posted on March 3rd, 2008 at 9:11 am
Kenneth
thank you!
posted on April 20th, 2008 at 10:02 pm
Mark A. Urquhart-Webb
David,
It was great talking to you today in Sacramento. I’m amazed I hadn’t heard about the concept before, but I think it’s a great idea. I’m going to tell all my site visitors (to Scamdex) to switch to using openDNS as soon as I get home.
Keep up the good work!
posted on May 15th, 2008 at 12:45 pm
Kenbellars
Hi David,
It has been wonderful using everyDNS so when i heard about openDNS, i configured my office network to use it. Its interesting to know that even here in Nigeria, where Internet can be relatively slow, there is a considerable improvement when openDNS is used.
Have fun!
posted on June 11th, 2008 at 2:57 pm