When we released the Mac-only preview of DNSCrypt, we knew it was a game changer. The revolutionary piece of lightweight software encrypts all DNS traffic between you and our servers. We also knew it was our responsibility to get this fundamental improvement to Internet security ready for the masses as quickly as possible. That’s why last week we announced that we’re searching for a rockstar win32 hacker to build a Windows release. But the blog post catalyzed a frenzy of responses from Linux users asking when a version would be available for them.

The good news, is that the wait is over for Linux users. In fact, there was never a wait at all. We published the code for DNSCrypt on GitHub when we released the preview, so although there isn’t a user interface built just yet, Linux users can still experience the benefits of DNSCrypt in just a few steps. Here are simple step-by-step instructions for setting up DNSCrypt on your Linux machine:

1. Download the right package for your Linux distribution:
   • 64-bit DEB package (Debian, Ubuntu, other .deb-based distributions)
   • 32-bit DEB package
   • 64-bit RPM package (Openwall, CentOS, Fedora, other .rpm-based distributions)
   • 32-bit RPM package
2. Install the package using your package manager
3. Open a terminal. Enter: sudo /usr/sbin/dnscrypt-proxy –daemonize
4. Set your DNS settings to 127.0.0.1. Confirm you’re using OpenDNS here.

Now that you’re using DNSCrypt, you can spread the word to other Linux users. We’d love to see your blog posts, videos and social media posts so don’t forget to tag @OpenDNS on Facebook and Twitter. If you want to help build a GUI to make this process even easier for Linux users, we’d be happy to work with you to get it right. If you’d like us to review your work, email us at dnscrypt at opendns dot com.

Additional instructions and compilation instructions for other operating systems can be found here.

Editor’s note: Leonie Smith is social media advisor, cybersecurity advocate, educator and mom to four kids. In the 15 years she’s been participating in online communities, gaming, and social media to connect with other parents and grow her businesses, she has become an expert in social platforms. We asked Leonie to share her wisdom with the OpenDNS users who want improved security at home and the parents who want to better understand online risks like cyber bullying.

OpenDNS: What do you think are some of the most pressing threats to kids’ online safety?
LS: One of the biggest threats I see is that kids run across unsavory or adult content without really trying. Beyond that, kids can unknowingly interact with adults and cyber bullies through chat rooms, social media and online gaming social media. Many parents don’t know the extent of communication that’s available online today, and this lack of understanding makes their families more vulnerable. The most important thing to realize, is that there are simple steps parents can take to educate themselves and improve the odds of keeping their kids safe online.

OpenDNS: What can parents do to better understand the threats their kids are facing?
LS: The first parents can take is to get involved early. I’ve met lots of parents that think their kids are too young or don’t use computers. But, I’ve seen plenty of toddlers playing with an iPhone or iPad to keep them entertained at a cafe or on an airplane. Parents should change they way they think about “computers” and start thinking about protecting all Internet-connected devices. The next step is to find out what their kids love about computers share the online experience with their kids. They can play games or do research on interesting topics online together. It’ll help parents understand what they don’t know about the Internet, so they can do their homework. It’s also completely okay to acknowledge that the Internet is complex and even home IT security may require the help of an expert.

OpenDNS: If you could only give parents one piece of advice for protecting their kids online, what would you tell them?
LS: Start talking to your kids while they’re young so that you have an open dialogue happening about the Internet before your kids are teens. It’s important that they know they can come to you if they’re being bullied online, if they download a virus, or if someone is making them uncomfortable online so you can stop it before something bad happens. Help them understand that you’re there to help.

OpenDNS: On your website families can find information on how to deal with cyber bullying. How serious has cyber bullying become and what can parents do?
LS: Teachers and school administrators I talk to tell me it’s the number one problem they face on a daily basis, and unfortunately, cyber bullying is much worse than even statistics reveal. That’s because so many kids don’t report it out of fear that their Internet/phone/computer will be taken away or that their parent will go to the school or the bully’s parents and make the situation worse. Parents need to ensure their children feel safe to tell them about any cyber bullying they experience. Parents can get started by carefully explaining to kids what Cyber Bullying is, and that it is not the fault of their child. It’s also very tough to say this to parents, but it’s important that they keep an eye on their kids to ensure they are not bullying others.

OpenDNS: Why do you suggest OpenDNS Parental Controls and OpenDNS Family Shield to families and parents over other available options?
LS: I suggest OpenDNS to families because its the only way I know to protect your Internet from unsavory and suspect sites on all devices that are accessing the Internet from your home Wi-Fi. You  can certainly put parental controls on all devices at home to restrict children from accidentally or purposely accessing inappropriate sites, but that will fall down as soon as a guest comes into your home with a device like a laptop or iPod or tablet that doesn’t use your preferred settings. OpenDNS protects your phones, your iPad, your iPod, and all your computers from accidentally accessing Adult or unsavoury sites. You can set the filter according to your needs, and allow certain sites through if you wish. I recommend OpenDNS in conjunction with open dialogue, education, awareness and supervision.

Want to answer five questions for OpenDNS? Email us!

A few months ago we shared with you a compelling statistic. OpenDNS is present on a whopping 50% of U.S. college campuses. As we continue our Field Reports series, we thought it would be a great time to take a look at why OpenDNS Enterprise is the choice of colleges and university network administrators.

Like most colleges and universities, Southwestern Michigan College had minimal filtering needs. Aside from keeping the real unsavory aspects of the Web off of public workstations, the school’s real goal was preventing access to sites that hosted malware or other Internet threats. However, the school was paying a high price for Websense content filtering appliances and more bells and whistles than they could use. The community college with two campuses, hundreds of wired workstations, and countless student-owned Internet-connected devices wanted to add an extra layer of defense against today’s malicious Internet climate, but protecting student-owned devices wasn’t something they could do with their Websense appliances.

As Internet-connected devices continue to proliferate, it’s no longer uncommon for students to take notes on their laptops, iPads or even their Android phones. Because these devices are used both for work and for play, and roam off and back on to the school’s secure network, they are at a much higher-risk of malware infection. This makes the job of the school’s IT team — protecting the network from malware, and keeping students safe — much more difficult. That’s why the college’s IT team turned to OpenDNS Enterprise.

Aside from providing straightforward and easy-to-manage Web filtering, OpenDNS Enterprise is uniquely capable of both preventing access to sites that host malware, and ensuring devices that are already infected can’t communicate back to their online hosts.

The good folks who managed the set up of OpenDNS Enterprise for Southwestern Michigan College explained: “Our filtering requirements are minimal so we could no longer see the value in paying for a product like Websense. OpenDNS Enterprise not only meets our filtering needs in a straightforward way, it gives us an added layer of protection for our students by blocking malware. That makes it a much better value than anything we’ve used in the past.” You can read more about how Southwestern Michigan College is using OpenDNS Enterprise here.

If your company is using OpenDNS Enterprise to solve an interesting problem, give us a shout at Success@OpenDNS.com. We’d love to share it right here.

We first announced DNSCrypt in December. And the response to the new service, which is a first-of-its-kind way to easily secure all of your DNS traffic, was inspiring. Within just days, thousands of people came forward to beta test DNSCrypt. IT security professionals, academics, remote and traveling workers from all walks of life and people who simply connect to the Internet at a coffee shop or airport from time to time. Since our launch, 10′s of 1000′s more have downloaded DNSCrypt for Mac and are running it today. The wide-scale embrace and enthusiasm affirmed what compelled us to build DNSCrypt in the first place: that there’s a gaping hole in security today that DNSCrypt can fill.

But we’ve only scratched the surface of what we want to do, and we’ve not yet delivered a version to our friends running Windows.

We first released a version for Mac, and that prioritization decision was met with many questions about our logic. I’ll shed some light here. Simply put, we’re almost exclusively a mac and unix shop here at OpenDNS and our developers were most comfortable building for what they know. But most of the world still runs Windows, and in order for DNSCrypt to have the greatest global impact and really, really increase privacy and security on a massive scale, a Windows version must be built.

That’s where you come in. We’ve ported the core DNSCrypt code over to Windows, but we’re not a Windows shop. We aren’t .NET hackers. And we need some help to get there. In fact, (literally) millions of Internet users want to use DNSCrypt on Windows today. The work we need help with will be felt by millions of people.

It’s not often in your career that you’ll be extended an opportunity like this. As a matter of fact, this could be the only opportunity you’ll ever have to make this sort of impact. You build this software, and you’re a hero.

It’s OK if you have another full-time job. We’re happy to have you on a contract or part-time basis. Or if you don’t have a full-time job and want one at OpenDNS, we’d like to talk about that opportunity, too. Because you’re a world-class developer. And because like us, you truly care about making the Internet a better, safer place and being a part of one of the greatest innovations Internet security has seen. Ever. Our compensation, benefits, and perks are first class. And, whatever development environment you need, you got it.

So email me. david at opendns dot com. Do it. Point me toward your credentials and tell me why you’re the man or woman for the job. Show me what you’ve built.

I look forward to hearing from you.

The Domain Name System was developed more than 30 years ago as a way to ensure that the brilliant network we now know as the Internet could scale and see adoption. Before the DNS existed, Internet users would need to remember the IP address for every website on the Internet. Research has shown that seven digits tends to be the capacity for human memory (think phone numbers, sans area code) and IP addresses can be twelve — more now with IPv6. The DNS is part of the Internet’s infrastructure, earning it the somewhat unflattering analogy of the plumbing of the Internet. But in truth, its primary role has traditionally been that.

Recently ICANN, the global body that oversees the Internet and authors its policies, announced a plan to make available a throng of new top-level domains. Preexisting TLDs include .com, .net, .org, .co.uk, among many others. Twenty-two in total. The new ones are seemingly designed primarily to help businesses and spur economic activity. The new domains can be grouped into two classifications:

- .xxx: Designated for websites that include pornographic content as a way to easily differentiate them from non-pornographic sites.

- Generic TLDs, or “gTLDs”: Basically turns any brand or term into its own TLD. .Pepsi, .Apple, .Football or .Money, for example.

The release of both new groups of TLDs raises interesting issues for OpenDNS. Today we are the largest recursive DNS provider in the world, with more than 30 million people using our service. (Nearly doubling our traffic in the past 1.5 years.) We’re the innovator in the DNS space, as we introduced the concept of building security directly into the Domain Name System. Phishing protection came first, followed by typo-correction that helps people route around typo-squatting. Then Conficker protection and most recently, the most game-changing malware-blocking service, available to users to OpenDNS Enterprise.

But as we’ve seen countless times, with more ground to cover comes more fraud and crime. Many critics of ICANN’s move to add more domains see the potential for more:

- Cyber squatting, which is the practice of registering a domain using a trademarked brand that doesn’t belong to you. Highly annoying to Internet users and costly to brands.

- Typo squatting, which is like cyber squatting, but using a typo’d variation of the trademarked brand. Also highly annoying to Internet users and costly to brands.

- And generally more cyber crime and confusion among Internet users created by a change to the way domains are structured.

We’ve often said that the bad guys on the Internet tend to be one step ahead of the good guys, making the task of delivering an effective security service both very challenging and in a constant state of evolution. So when supporters of ICANN’s move argue that ICANN has no intention of allowing the new domains to act as a platform for crime, we can appreciate the perspective, but have little confidence that will ultimately be the case. Cyber squatting and cyber crime account for more than $1B in revenue annually, and when that kind of money is at stake, the bad guys find a way to be effective. Scott Pinzon, director of marketing and outreach at ICANN offers the perspective that, “new gTLDs represent a platform for innovation.” And goes on to say, “no one can predict what smart people will do with them. Lots of new business models will be invented. Some will work. Some won’t.” We agree with Scott, but also have a front row seat to the counterpart, sophisticated criminal activity that follows innovation.

Some of you will remember when the country of Cameroon was opportunistically assigned the .cm TLD and wildcarded all .cm domains. The country made a nice profit, but it confused masses of Internet users who’d accidentally made a typo when trying to get to a .com. We acted swiftly and delivered a feature that automatically redirected you to .com when you typed .cm.

In relation to the recent ICANN changes, there’s a great deal we can do as your DNS service to help ensure the Internet remains a safe place for you and yours to browse. It’s unclear at this point how successful these new domains will be and how much traction they’ll see, especially because at an upfront fee of $185k, the new gTLDS are not accessible to everyone.

Have thoughts on the topics above? Agree, or passionately disagree? Predictions for what kind of repercussions the Internet will see? We’d love to hear them in the comments.

How to Block .xxx Using OpenDNS:

In the immediate term, users of OpenDNS services with content filtering that want to block all .xxx domains on their networks can follow a few simple steps. Simply locate your “always block” or blacklist and add “xxx” (without the dot). Hit save and the change will take effect.

We don’t often take to the blog to talk about some of the more advanced OpenDNS Enterprise security features, like our malware and botnet protection, but we know a lot of organizations rely on them to keep their networks secure. Today, I’d like to talk a little more about how our malware and botnet protection works, and why we’ve started seeing so many organizations move to OpenDNS Enterprise primarily for that added layer of internet security.

As with all of the advanced functionality OpenDNS has built atop our superfast recursive DNS service for businesses and schools – like the Web content filtering, phishing protection, and stats available in OpenDNS Enterprise –  our malware and botnet protection innovates on traditional offerings, and it works on any device connected to the network (including, say, an iPad that an employee brought from home).

OpenDNS blocks malware and botnet attacks before they can infect a network. We aren’t terminating an existing malicious connection, or cleaning up a breach that’s already occurred; as soon as OpenDNS sees an attempted connection to a malicious domain or IP address, we block it. A side benefit is that if an infected device is brought on to a protected network, OpenDNS can make sure that the infection doesn’t spread to other connected devices on the network if they do so via external command and control.

OpenDNS Dashboard Malware Notice

If you’re wondering why this matters: when Vanderbilt University switched to OpenDNS Enterprise in 2010, they blocked 1.5 million malware attacks in the first four months following the deployment. That’s 1.5 million potential data leaks thwarted, and 1.5 million device cleanups avoided.

It’s certainly something to think about, as the threat of malware and botnet attacks continues to escalate.  If you don’t have any malware or botnet protection for your organization, or you’re thinking about adding another layer of protection to your network, consider trying out OpenDNS Enterprise as your first line of defense.

We’ve been hearing some pretty exciting stories from our customers lately and (though we’d love to share them all with you) we’ve selected some of the most interesting to showcase right here on the blog. We’ll be sharing these unique use cases of OpenDNS Enterprise with you over the next few months in a new series we’re calling Field Reports.

We couldn’t wait to share the story of Shafer’s Tours, which flexibly accommodates custom charters and tours for nearly-endless East Coast and Mid-Atlantic destinations. Operating more than a dozen luxury motor coaches, and serving a wide variety of groups that charter the buses and join the tours, the Safer’s Tours IT team was faced with an interesting challenge: How do you secure the Wi-Fi hotspot on a moving target? The team exhausted countless ideas for how they could conserve precious bandwidth onboard the buses, and prevent malware from being downloaded over the network, but they continued to encounter the same two issues: Installing appliances on every bus is cost prohibitive, and no adjustments or monitoring could be made to the network while the buses were in motion.

As luck would have it, Tim Watson, IT manager and safety director for Shafer’s Tours, was separately evaluating OpenDNS Enterprise for use on Shafer’s Tours corporate network. He quickly realized that the unique way OpenDNS Enterprise handles content filtering and malware protection makes it the ideal solution for securing his moving targets, too. In no time, his team was able to set up OpenDNS on both Shafer’s Tours’ corporate network and the individual WI-Fi hotspots for the buses without installing any appliances or provisioning any software. And, because OpenDNS Enterprise settings can be changed remotely, and updates are delivered in real-time in the cloud, they don’t have to worry about waiting for buses to return to home base to make changes.

Since setting up OpenDNS Enterprise, the Shafer Tours IT team hasn’t looked back. But don’t take our word for it. The Shafer’s Tours IT team tells us, “OpenDNS Enterprise is the only service that makes sense.” You can read more about how Shafer’s Tours is using OpenDNS here.

If your company is using OpenDNS Enterprise to solve an interesting problem, give us a shout at Success@OpenDNS.com. We’d love to share it right here.

Technology user groups are awesome. That’s why OpenDNS is announcing a new program dedicated to celebrating the innovation and education taking place at user groups everywhere, and making life a little more delicious for their members. Even though programmers, engineers, IT professionals and SysAdmins are notoriously over worked and under appreciated, many still somehow find time to gather together, share insight and explore new tech tips on a regular basis. There are thousands of user groups around the world that are independently organized and run where people join to share hard-won knowledge and experiences and have a blast doing it.

Each month, OpenDNS wants to buy dinner for a different user group that’s focused on technology. It makes no difference to us whether your group discusses hardware or hacking, speaks JAVA, PHP or Ruby, prefers servers or the cloud, or is a Mac or a PC (or Linux/Unix/Other for that matter). All we care about is that you’re well-fed while you’re talking tech and that you’ve got plenty of caffeine to keep the discussions lively. And, we’ll provide plenty of sought-after OpenDNS stickers to pass around and a few t-shirts to give away!

If you’d like OpenDNS to help feed the hungry crew at your next meeting, just give us the basic details - how often you meet, how many members, focus for the group, helpful links, etc. – and we’ll take care of the rest. In addition to providing some hearty chow, we also want to feature your user group in an upcoming issue of the OpenDNS newsletter, so we can highlight your awesomeness for the masses. This is your chance to share details of your group with millions of OpenDNS users so go ahead and boast.