Just a quick blog post to recognize another OpenDNS milestone. On Tuesday and Wednesday we served over 7 billion queries in a single 24-hour period. That’s the first time we’ve hit 7 billion requests, and we’re happy to say we handled it with ease.

Lots of good came out of Dan Kaminsky’s discovery of a major vulnerability in most of the Internet’s recursive DNS servers. First and foremost, his responsible disclosures and efforts to work with every major vendor have saved us all from some serious headaches.

Since OpenDNS’s servers are not vulnerable - never were vulnerable, actually - lots of you switched to OpenDNS. That’s the second good thing. OpenDNS is absolutely the most secure DNS service available and the more SysAdmins who choose to use the service, the safer and more secure the entire Internet will be. We want to welcome all of you new OpenDNS users and say thanks for making the switch. You’ve made a good call and we’ll continue to work hard to ensure you enjoy our great service for years to come.

Since you’ve now seen the benefits of OpenDNS, we’d like to invite you to pay it forward by telling other SysAdmins and Internet users about OpenDNS. Please take a minute and use this form to tell your friends and colleagues about the benefits of making the switch. They’ll think you’re super smart for knowing about such a great service, and surely thank you.

Now, all of you new users: Check out this Getting Started task list. OpenDNS is a powerful service will all sorts of awesome features. Have you done all of the items below yet?

- Add a logo and custom message. We let you put your logo and message on the OpenDNS Guide and block pages. You can switch it up and put different messages in different places, where appropriate.

- Set up Shortcuts. No matter if you’re at home or at a large corporation, you can put Shortcuts to great use. They’re like AOL Keywords, but you control them, they’ll work across your entire network and they’re browser-independent.

- Set up Web content filtering. You’ll see in your account that OpenDNS has more than 50 categories to choose from. No appliance necessary and your filtering preferences will take effect in just a few minutes.

There are several more advanced features, too. Poke around in your Dashboard to see all that OpenDNS has to offer.

Again, welcome from the entire OpenDNS team.

A number of our users have written in today asking if OpenDNS is vulnerable to the recent multi-vendor DNS security issue disclosed today by my good friend and security researcher Dan Kaminsky.

I’m very proud to announce that we are one of the only DNS vendor / service providers that was not vulnerable when this issue was first discovered by Dan. During Dan’s testing he confirmed (and we later confirmed) that our DNS implementation is not susceptible to the attack that was discovered. In other words, if you used OpenDNS then you were already protected long before this attack was even discovered.

In fact, for those of you who were listening in on the Microsoft press call this morning, you’ll note that OpenDNS was suggested as the easy and simple solution for anyone who can’t upgrade their DNS infrastructure today. Pointing your DNS servers to forward requests to OpenDNS and firewalling all other DNS traffic off at your server will help mitigate this risk.

We’re going to write more about this issue in the next 24 hours to address the vulnerability in detail and explain why we aren’t affected but I wanted to get the word out now so that you know you are safe using OpenDNS.

Thanks and happy resolving…

Update: Bert Hubert, author of PowerDNS, alerted me to the fact that PowerDNS was also not vulnerable when this issue was discovered. That’s not surprising considering Bert is one of the authors of the wonderful DNS forgery resilience Internet Draft that has recently been published. I updated the statement in bold appropriately.

How do you understand big numbers?

OpenDNS does ~3 billion DNS requests daily, with around 450 billion all-time so far. Big numbers, but tough to comprehend.

Recently, we changed the stats number at the top of every page of our website from the all-time number to requests/per second. This number moves around, but recently has swung between 37,000 - 41,000 requests per second.

OK… sounds impressive, but again, what should you compare the number to?

How about the volume of transactions on the New York Stock Exchange (NYSE)?

Tuesday’s Wall Street Journal ran “After Crash, NYSE Got the Message(s)” on the front page of the Money & Investing section (C1 in print).

In reading the article (in case it’s not available when you click… WSJ.com requires payment at some point), we learn:

On Feb. 27, 2007, messages flowed in at a rate of 15,000 per second. The exchange quickly thereafter doubled its capacity to 38,000 messages a second. As markets fell in August when credit markets seized up, the NYSE was getting as many as 28,000 messages per second. This time, systems held up without a major hitch, but the volume of messages prompted [NYSE CEO]Mr. Thain to call for an increase in capacity to 64,000 by year’s end. [Emphasis added]

So, even at its top volume in August, the NYSE volume of messages wasn’t matching the volume of DNS requests our customers make each day. And its capacity currently falls short of ours.

Maybe I’m comparing apples and oranges, but we like to think that your DNS requests are as important (almost?!) as those buy-sell messages.

OpenDNS has plenty of headroom, and we’re adding more to support our growing customer base… and to stay ahead of the NYSE!

BroadbandReports.com tells us Comcast’s DNS servers had a rough weekend. According to reports from Comcast customers, instead of being able to surf freely they were confronted with this page when they attempted to visit any Web site:

It’s not clear if the problem continues today, but one thing is certain: OpenDNS fixed the problem.

Welcome to OpenDNS, Comcast customers!