[ale] OpenDNS (was: Re: Comcast DNS)

Michael B. Trausch mbt at zest.trausch.us
Wed May 27 18:09:56 EDT 2009


On Wed, 27 May 2009 17:37:55 -0400
William Witt <william at witt-family.net> wrote:

> At least in Miami, Comcast's DNS server's are awful.  If you do decide
> to use them, ensure the IPv6 is turned off or you'll only get valid
> responses 50% of the time.  When I was with Comcast, I used OpenDNS.

I would love OpenDNS if only they didn't return "valid" information for
sites which do not (and in some cases, will never) exist:

==========
Wednesday, 2009-May-27 at 18:04:23 - mbt at allspice - Linux v2.6.28.7
Debian Lenny:[0-14/4678-0]:~> for opendns in 208.67.222.222
208.67.220.220; do nslookup linux.fsck $opendns; done
Server:		208.67.222.222
Address:	208.67.222.222#53

Non-authoritative answer:
Name:	linux.fsck
Address: 208.67.217.132

Server:		208.67.220.220
Address:	208.67.220.220#53

Non-authoritative answer:
Name:	linux.fsck
Address: 208.67.217.132
==========

It'd be fine if it didn't break things, but if you try something like
"telnet linux.fsck" on a network with sane DNS servers, you get:

Wednesday, 2009-May-27 at 18:04:43 - mbt at allspice - Linux v2.6.28.7
Debian Lenny:[0-15/4679-0]:~> telnet linux.fsck
telnet: could not resolve linux.fsck/telnet: Name or service not known

Whereas with OpenDNS you get:

Wednesday, 2009-May-27 at 18:05:56 - mbt at allspice - Linux v2.6.28.7
Debian Lenny:[0-16/4680-1]:~> telnet linux.fsck
Trying 208.67.214.132...
telnet: Unable to connect to remote host: Connection refused

Now, this is clear with this fictitious domain, but if you typed what
LOOKED like a correct domain name, you have the same issue.  For
example, "alslpice.trausch.us" on OpenDNS also resolves to
208.67.217.132, instead of NXDOMAIN as it should.  So if you make a
typo, the "connection refused" message is *not* what you expect to
see.  You expect to see "name or service not known."  And if you use
scripts which have resolution provided by OpenDNS, and one of the
systems goes away, that can alter what the script does.  (It'd be
pretty weird to take a machine off a network, remove it from DNS, and
have a monitoring script still say "host's alive, but all these
services aren't running on it!")

	--- Mike

-- 
If you are a professional writer ... Emacs outshines all other editing
software in approximately the same way that the noonday sun does the
stars. It is not just bigger and brighter; it simply makes everything
else vanish.                --- Neal Stephenson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/ale/attachments/20090527/56dce7a8/attachment.bin 


More information about the Ale mailing list