OpenDNS – there may be trouble ahead
I think I’d heard of OpenDNS before today, but it was the announcement of their latest funding round that got me looking more closely.
There are many things to like in terms of the reliability and security aspects of the offering; though I have concerns that the filtering angle quickly runs into the censorship territory that I suffered from over the past few years stuck behind corporate net filters.
I’m working at my club today, so I was intrigued to see that they had an OpenDNS server at the top of their search list from DHCP – cool. What’s a lot less cool is that there’s nothing to stop me from signing up an account using the club IP, self certify ‘ownership’ and then turn the filters up to the max as self appointed arbiter of club decency and web surfing habits.
This probably hasn’t been much of an issue for OpenDNS yet, as I imagine that few WiFi providers are choosing to use their service; but something needs to be figured out so that users can’t pwn censorship rights over networks where the admins have been smart enough to choose a ‘better’ DNS service, but not smart enough to take active control over its management (something that will become a much bigger issue as smaller ISPs choose to give up on running their own DNS sloping shoulders in OpenDNS’s direction).
Filed under: security | 2 Comments
Tags: censorship, OpenDNS, pwnage
Subscribe
Recent Comments
Tim Coote on Ross Anderson RIP iain on Skiing in Espace Killy (Val… Chris Swan on Getting more from a British Ga… Murray Cowell on Getting more from a British Ga… JL on AI MacGuffin 
Pinboard.in bookmarks- Meta.ai Oh My!
- Looking for AI use-cases — Benedict Evans
- the biggest threat facing your team
- Why has Hugh Grant settled his phone hacking claim against the Sun?
- Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects
- AI isn't useless. But is it worth it?
- Pluralistic: The true post-cyberpunk hero is a noir forensic accountant
- Subaru battery drain due to missing 3G network
- Paying maintainers: the HOWTO
- SARS-CoV-2 airborne infection probability estimated by using indoor carbon dioxide | Environmental Science and Pollution Research
Chris Swan's Weblog 
Hi Chris. We do have some solutions for this, and it does occasionally happen where we have two people trying to claim management rights over a given IP. We don’t let ISPs typically assert their right, we tend to favor end-users. You’d be surprised though, typically there is a hierarchy of who wins (dad beats son, IT guys beats sales guys, etc.) that sorts itself out without us having to really get involved. Good feedback though, definitely something we’re working to improve and hope to avoid as an issue as we get larger.
-David
Thanks David. I’d love to hear more about the mechanisms that you use to resolve these conflicts (e.g. how does dad beats son)? The examples that you give are quite closed environments – dad knows son, IT guy and sales guy work for same firm. What happens in a more public or communal environment? In the club example that I use above then I’m sure that people would go and complain to the front desk, who probably wouldn’t have a clue what was going on. When things eventually get escalated to an IT guy who knows his DHCP from his DNS would the answer be to work with you guys (how?) or drop OpenDNS?