Today we made two announcements, each very significant to all OpenDNS users. Here’s an overview to get everyone up to speed on what OpenDNS has cooked up.

The first announcement is about the comeback – and improvement – of the much-loved and anticipated Stats System. Stats are invaluable to network administrators: they give you insight into what’s happening on your network coupled with the tools to do something about it. The old system, which was overloaded and barely processing our nearly 9 billions DNS queries per day, was down for awhile as we made improvements. Sometimes you have to take a step back in order to take three steps forward. Thanks to everyone for your patience as we got it back up and running. I hope you’ll find it was worth the wait.

New functionality in the Stats System includes the comeback of the Top Domains report. This feature gives you a list of the top Web sites visited from your network and affords you unique insight into where your resources are being consumed, and which inappropriate or unsafe websites people are seeing. Top Domains now integrates directly with our Web content filtering system. This means you can look at Top Domains, see something you want blocked and block either the site or the category it fits into with a single click. (Example: is one of your Top Domains. Without leaving that screen you can block with or “Social Networks.”) Check out this screencast, narrated by the engineer who built it, Richard Crowley, to see the new system in action.

The second announcement is significant to all OpenDNS users as well as the entire Internet community. Today we’ve rolled out a way for you to see if Conficker is living on your network. The Conficker worm, also called Downadup and Kido, is massive. Some estimates of how many PCs are compromised are as high as 10 million. What’s interesting about this particular virus is that it uses the Domain Name System in a unique way: Conficker contains an algorithm that checks 250 new domains per day for instructions on what it should do. This puts us in a unique position to keep you safe since we’re in the unique position of providing insight and intelligence into your DNS service. We’ve teamed with Kaspersky Lab to identify those 250 daily domains, and stop resolving them. This means if you’re using OpenDNS, Conficker will do your network no damage. Yet another reason for your friends and colleagues to make the switch. While OpenDNS represents just a tiny drop in the sea of the Internet users today, we think this is a smart move forward.

To find out if Conficker has penetrated your network, simply log in to your account and select Stats on the left sidebar. From there choose Blocked Domains and filter “only domains blocked as malware.” This will generate a list of malware sites your network has attempted to connect with.

This is just the beginning, folks. We’ve got a year’s worth of new features we’re cranking hard on to make your network better performing and more secure. Stay tuned…

  • Sakal77

    Great job, thank you :o)))

  • Once infected, automatic updates on Windows and from most antivirus sites no longer work no matter what DNS you use. Its blocked at the computer. Conficker / Downadup weakens the computer’s immune system even if it can’t call home. We are big fans of OpenDNS (in fact, using it is part of our downadup removal steps). Unfortunately, our own site has received email indicating that some people believe using OpenDNS protects them from the virus. It does not. While this move by OpenDNS is a fantastic one, and adds to the many reasons people should switch, the current message is confusing.

  • calvin

    After reading your blog post, I checked to see if we had any confickers running. Fortuantely, no.

    Then I wondered….if the stats for conficker would show up under “malware”, was there a “malware” category within the OpenDNS settings.

    I didn’t see one. Perhaps there should be a category for “malware” that is selected by default. That could be used not just for conficker, but for future malware of a similar nature, or malware sites in general.

    I really like OpenDNS and it definitely provides value to us, but having Conficker blocked without a category (meaning no administrator control), concerns me just a little. I’m all for blocking malware, but would prefer that I was the one that chose to block that category or had the option of not choosing it.

    Thanks for a great service.


  • Pingback: OpenDNS Helping to Shut Down Conficker | geekEleet()

  • Pingback: Web content filtering without installing any software | IT a digital life()

  • Phenomenal! You guys rock!

  • Pingback: RSS Week #42: articoli interessanti che ho trascurato - Matteo Moro()

  • NEAL

    On 2/11 at about 8 a.m., my tracking went down. OpenDNS is doing all the blocking and other assorted tasks it should do, except for tracking/stats.

  • Pingback: OpenDNS blocca conficker |

  • tekopp123

    Can you please find a way to block sites with escort girls? Such as and others i have submittet? They wount get blocked on my network.

  • xtcy

    i love opendns =)

  • 10 million affected? That’s a large infection and conficker developer might be developing or upgrading a new algorithm. I hope OpenDNS could blend with changes of OpenDNS algorithm.

  • Pingback: OpenDNS to Begin Blocking and Tracking Conficker Traffic()

  • Abbas Khan

    Well done David.
    You’re doing an awesome job!

  • Pingback: Zero Day mobile edition()

  • Pingback: Conficker Worm to attack sites this March | Mundane Scribblings()

  • Dear David,

    You have no idea how much I love your service 🙂 I’m using it here in Brazil and already told many companies about it.

    I have been having some funny problems. For example, this domains and hundred others

    are not beeing blocked, are those some other kind of malware appearing in the area ?


  • F S

    Great improvements! Keep it up.

  • Hector


    configure en mi servidor los dns de opendns.

    pero cuando mapeo los ip conectados, 2 usuarios no estan
    que ocurre pusieron un dns diferente y salen a internet burlando los bloqueos de direcciones o restricciones.

    aver si alguien puede ayudarme ..


  • lalit

    how can block websites in server 2003

  • Pingback: Vryhof Research Blog » Blog Archive » Work on Jeep, Conflicker/OpenDNS()

  • John H.

    CNN indicates that conficker.c generates 50,000 URLs a day instead of the 250 URLs a day for the previous version. Presume you are using the algorithm to block each of the 50,000 daily URLs. Yes?

  • Pingback: Conficker virus is going to activited on April 1, 2009 « Chris allen blog()

  • Pingback: OpenDNS Blog » Worried about Conficker on April 1? Setting up OpenDNS can protect your network.()

  • I created an OpenDNS account yesterday and cut my DNS server over late yesterday. We use This morning my users where not able to browse to any page of the domain. I returned the DNS forwarders to my ISP and we are now able to access salesforce. I would like to use your service as I have only a small business budget and I feel your service provides added security but my users must be able to access Salesforce. I did add to the white list after re-pointing the forwarders but I will only be able to verify this tonight after hours when everyone is gone and I can point my DNS server back to your service.

    Do you have any ideas why this problem? I had the content filtering set to minimal so as not to see problems like this and I planned on gradually increasing the level.

    The path to’s login is [ ] . Is there an issue with a https secure socket layer with OpenDNS?


  • Pingback: Conficker Virus - Quick Update « Steve Moncaster()

  • @john – sorry for the late response. It’s possible – if you use UltraDNS – that this was related to their outage, and not an OpenDNS issue at all. It’s still unconfirmed, but there’s buzz that an outage took down Salesforce temporarily.

  • Pingback: Conficker: The Neverending Story | Patrick Mylund()

  • Pingback: Zero Day mobile edition()

  • Pingback: Conficker’s $9.1 billion estimated economic cost | Poc Network - Blog()

  • Pingback: ¿Costo estimado de Conficker? u$s 9.100 millones | Shadow Security()

  • akshay dogra

    i am very keen to use open dns services.but my concern is that i want to block sites from 17:00 to 8:00.. and i want to allow only certain sites after that.
    example:i want to block certain sites(example: youtube) in office hrs and after office hrs and on weekends youtube should be accessible.
    the usual content filtering should happen round the clock.
    is it possible to do that if a use open dns?
    please reply soon

  • Pingback: Conficker Virus – Quick Update « Fivenines UK Limited – IT Support and Solutions Leeds()

  • Pingback: Conficker Virus – Quick Update « Fivenines UK Limited()