When we launched three weeks ago, we had a reasonable cross-section of instructions for some of the most popular routers and operating systems. We knew, of course, that there are many, many different devices and scenarios, and we’d have to keep updating our instructions to match the real world.

Our customers couldn’t wait for us (good!). My thanks for these instructions go to individual customers.

• Buffalo AirStation are courtesy of Zach Marshall.
• Windows Vista (Beta) are courtesy of Colton Hilliard.
• SpeedStream 5200 are courtesy of Luis Serrano.
• IPCop (Linux firewall application) are courtesy of James Truesdale.
• BIND9 forwarding instructions (in our FAQ) are courtesy of an early customer (apologies for not remembering whom!)

We’re adding more ourselves, of course, like Windows 98.

I’m not ashamed to continue asking for help, whether corrections or new screenshots and instructions. We’re quite happy to take raw materials and clean them up (add our orange highlights, spell-check, etc.) to help get the word out to others who might have the same equipment or situation.

Email us your instructions and screenshots: contact at opendns dot com. All the credit will be yours!

Additional information about static IP addresses

We’re learning, to our dismay, that some routers will only let their owners set DNS servers if the owner has a static IP address. Most folks connecting from home (i.e., those who would use the router instructions) have a dynamic IP address.

One example, which was confirmed today to a customer by Motorola customer support is the Motorola WR850 wireless broadband router. Both models, the GP and G, only allow DNS settings to be changed for static IP addresses (PDF manual). Frustrating, but good to know. Earlier, we learned that the Linksys WRT54GC Compact Wireless-G Broadband Router (PDF manual available via this page) has the same limitations.

Fortunately, most people can simply use the operating system instructions, and the settings “closest to the customer” are the dominant ones, corporate networks excluded.

All of this information will make its way into the Get Started pages as we learn more.

For the audio-inclined, I wanted to share with you two recent clips about OpenDNS.

The first is an interview of David Ulevitch by Mark Howson of The Mac Nurse, conducted via Skype on July 20. The interview runs a bit over 14 minutes. Go listen for yourself (link is to web page, not file). Mark put together an interesting slideshow on top of the audio interview.

The second item for your listening pleasure comes courtesy of David Redekop, one of the founders of Nerds on Site. David and his colleagues join host Ryan Spence every Tuesday to talk about technology on Ask the Experts, on Newstalk 1290 CJBK, in London, Ontario, Canada. This past Tuesday, July 25, Redekop told Spence (and his audience) about OpenDNS.

Listen to the MP3 (6 minutes, 53 seconds; 1.6MB). Redekop explains DNS, explains phishing (and how DNS can help…more on this soon), and explains OpenDNS. I’m pleased to hear that he’s been using OpenDNS since he heard about it, and considers it for his clients.

I would clear up one point from the Ask the Experts segment. The search results page you see if

1. OpenDNS cannot resolve the entered domain
2. OpenDNS cannot fix a typo

has both organic (unpaid) search results and clearly labelled advertisements. Redekop says he think that OpenDNS is a service worth using even if all the results are ads on that page (thanks!), but I wanted to clear that up all the same.

Note: In describing OpenDNS, Redekop throws out what he calls “the old phrase”: “There’s majesty in simplicity and simplicity in majesty.” I didn’t recognize the phrase, but a bit of poking around leads us to Alexander Pope, the English poet.

There is a certain majesty in simplicity which is far above all the quaintness of wit.

Learn something new every day.

In his June post Why I Started OpenDNS, OpenDNS founder and CEO David Ulevitch explained how running EveryDNS taught him a lot.

Spammers, Phishers, Botmasters and other Internet Bad Guys use DNS as a vector for running their attacks and schemes to send spam, spread malware and operate phishing sites.

On Friday, July 29, Shadowserver, a public group that tracks and tries to get rid of Botnets (and other bad actors) recognized EveryDNS and David in its inaugural Shadowserver Hall of Fame. Here’s the write-up:

EveryDNS (http://www.everydns.net/) David U. and the EveryDNS team has shut down many botnets. Botnet operators who choose to run domain names provided through EveryDNS have found their net is shut down in quick order. Every abuse email is followed up on quickly and David regularly looks at botnet data provided by Shadowserver Foundation and other agencies to proactively remove abusing botnets before we can send out an abuse report! EveryDNS is responsible for the takedown of a 250k drone botnet last year!

EveryDNS is a separate company from OpenDNS, and focused on a different part of DNS (domain management), but David’s five years at EveryDNS play a large role in the intelligence we’re applying at OpenDNS. We’ve spent a lot of time and attention in talking about phishing, but OpenDNS has plans to contribute in the fight against Botnets, too. Stay tuned.

I know this isn’t the baseball (U.S.) Hall of Fame, which inducted its 2006 class yesterday, but congrats to David and the EveryDNS team, and the other inductees.

If any of you look at our stats page as often as we do you might have noticed that the weekly graph was a bit wonky today and that we (temporarily) dropped the daily graph. I put a note up on the stats page explaining it but I’m putting a note up here for posterity.

Basically, in order to keep DNS as reliable and awesome as possible we process all of our DNS stats on other machines, out of the DNS traffic’s line-of-fire to you. The machines we use right now to do stats needed some more RAM and hard drives so we paused the stats processing, had some lunch, added some disks and RAM, and then went home. Sometime this morning we decided to start up stats processing again and now it’s nearly all caught up. So there ya have it, the stats were kinda wonky, but our DNS service was hummin’ along like the well oiled machine it should be and is.

As for future changes to the stats page, I have a lot of ideas in my head but I want to know what you want. What kinds of stats are important to you? I want to be sure what’s important to me isn’t just important to me.

On on,
David Ulevitch

Update: I just got teased by some of the guys here for ‘signing’ a blog post. Well now there’s a smiley too.

Update: The position has been filled! Thanks for sending in all the resumes. Good to know lots of folks love Debian as much as we do.

Think you’re elite? Come work with some multi-talented and brilliant folks as our new Systems Administrator.

We’re looking for a really strong Debian Administrator. (in San Francisco)

I put up a post on craigslist.org today with a specific job description but I wanted to get the word out to our users who might be a good fit or know someone who is.

We run a very cool globally distributed network that’s built on Debian Linux so the person we’re looking for should have experience rolling their own packages, running their own apt repositories in addition to being a straight-up unix command-line ninja. Experience with FreeBSD and some networking understanding really helps in this job, too.

You might be wondering why we don’t have one right now and the reason is that I (yeah, a CEO with kung-fu like ops chops), along with some of the developers, all have seasoned skills in the systems and networking area. But that’s going to change when we hire you, it’s time to hand over the reins to someone dedicated to operations full time.

Sometimes people in this kind of position worry that if they do such a good job they’ll be fired because nothing ever goes wrong and it looks like they don’t do anything. That won’t happen here, we all know what it takes to be a really good operations leader.

If you’re interested in this position, just send us all a note at team (at) opendns (dot) com

Phishing prevention is not a “fire and forget” task. You have to make sure you have great data, double-check the information, and update the data to avoid “false positives.” And you have to do it all the time.

Different folks (see two below) have wondered publicly where our phishing data comes from and how OpenDNS uses the data. This post helps answer those questions, and more.

Phishing protection is a significant benefit to customers but it’s also a notable responsibility — under no circumstances does OpenDNS want to disrupt its customers’ normal Internet usage.

Note: if you just want speedy, reliable DNS without any protection from phishing, it’s available. (Not recommended, but available.) Use the OpenDNS preferences.

With that background out of the way, let me share what we added to our Frequently Asked Questions earlier this week.

How does OpenDNS decide if a site is a phishing site?

Currently, OpenDNS uses two methods for determining if a site is a phishing site:

1. Analysis of our network data, based on years of experience with DNS traffic.
2. Feeds from several network operators and others working against “Internet Bad Guys.”

There are three providers that we may identify and thank publicly for their participation:

1. Support Intelligence
2. Team Cymru
3. CastleCops PIRT

How do I report a phishing site to OpenDNS?

The fight against phishing isn’t just for the banks and big companies to tackle; you can help. Right now [July, 2006], we encourage submission of possible phishing sites via our contact form. Nothing will be blocked unless it’s verified.

How do I tell OpenDNS about a mistakenly-blocked site?

Every time OpenDNS shows the phish-blocked page (example), we offer the option to tell us to review the site. These requests are treated with urgency; we understand that false positives are painful, too.

Sites which are removed from the phishing list will be available to OpenDNS customers within one hour after review, and hopefully much sooner.

An extra detail: for the data from outside partners, we update our lists every six hours, including removing sites which no longer appear in the feeds.

PhishTank

PhishTank is a site OpenDNS will launch later this summer as a collaborative clearing house for data and information about phishing and malware on the Internet. PhishTank will be a free community site for validating and sharing this kind of data. There will be various statistics and an API, so anyone else who needs solid data to help fight Internet Bad Guys can use PhishTank as a source.

The point? The fight against phishing isn’t just for the banks and big companies to tackle; you can help. Several of you have sent us phishing URLs to add to our lists already — thank you! OpenDNS is selfishly interested in having the best, most up-to-date data available, but we don’t believe that proprietary data in this area is the answer: the API will be open to others, whether they contribute or not.

Too often now, phish reports go into a black hole where no response comes back and none of the aggregated intelligence is shared. PhishTank will be a solution to that problem.

Next steps

Yesterday, we were offered another validated feed of sites to avoid. Thanks! This looks to be a great additional resource, and once it’s confirmed and integrated, we’ll announce it here (with permission).

If you have data that will help us block the “Internet Bad Guys” from OpenDNS customers, please let me know. Use the contact form, or try me via direct email (first name at opendns.com).

p.s. As noted above, here are two blogs which took a look at OpenDNS right as we launched and wondered aloud about our phishing protection.

Another thing OpenDNS should work on ASAP is transparency. I’d really like to know the false positive rate on phishing sites. How many legitimate sites get flagged as a phishing site? (Tyler Longren, July 10, 2006)

Tyler, too early to have that specific stat, yet, but we hear you.

It looks like they are using blacklists to stop you from hitting known phishing sites. They don’t say where the list comes from or how ofter it is updated. (Mike Frank, July 11, 2006)

Mike, thanks for pushing us.

One week ago, OpenDNS opened up its free DNS service for everyone to use. It’s been a fun week, with lots of feedback. It’s great to be listening to customers, rather than predicting (guessing) what the reaction will be.

We’re reading everything and responding where possible. Probably still a few dozen of you who deserve an email response… it will come! Most of our public responses have been on individual blogs, to make sure the individual sees the response. David, our CEO, has been an active member of the NANOG and dns-operators mailing lists for years, and he’s contributed in those forums, too. We’ve heard from you over the phone, via email, via blog comment, in person and over IM (our team addresses are listed).

I’ve been flagging blog and media mentions on del.icio.us, and you can see the most recent 20 items listed in the OpenDNS press center. Or you can watch the del.icio.us page directly, if you prefer. Not every reference is positive. Fine… we learn a lot from listening to our critics. If we’ve missed a worthy reference, please bring it to my attention, either via email or even via a for:pencoyd tag in del.icio.us.

So far, we’ve been adding to our FAQ to address concerns and questions which we’ve seen come up in multiple places, whether blogs, articles, email or IM. If you haven’t read the FAQ in a while, take a look. It doesn’t shrink!

It might be more helpful for us to start responding on this blog, too. In the next few days, we’ll provide more details here about our identification of phishing sites, how we’re handling DNSBL and mail servers (hint: click on the new preferences link, top right of every page), our network buildout, additional stats and more.

Note: one of our favorites, a thorough review, with actual testing of the speed for that individual.

Tom Merritt and Veronica Belmont from CNET Buzz Out Loud took a few minutes on Monday to talk about OpenDNS.

Listen to the brief clip about OpenDNS (3 minutes, 10 seconds long; 1.5MB).

Thank you to Tom and CNET for permission to host the clip, which was pulled from the Buzz Out Loud show for July 10, 2006. They make tech pretty fun every day.

In the clip, Tom does a good job succinctly explaining what DNS is before talking about the service more broadly, rightly saying that it’s a pretty easy switch to make. Tom tried it personally, and both of them liked the idea (listen for yourself).

Tom and Veronica also discuss how OpenDNS interacts with corporate networks, and that’s something we should explain more.

Internal resources — for example, a web tool you might use for reporting vacation days — often takes advantage of local DNS resolution. In that case, using OpenDNS may prevent you from getting to those resources and you will have to turn off OpenDNS while you use them. There is no logical way for us to address internal resources, yet. On a related note, if on a VPN to a corporate network not using OpenDNS, you will be using the corporate DNS server, rather than OpenDNS, until you leave the VPN.

Of course, we encourage network admins to use OpenDNS as a forwarder, where internal requests are handled internally, and external requests are handled by OpenDNS. Happy to provide more details and help to anyone interested.