The world-class engineering team at OpenDNS is obsessed with inventing new methodologies to eradicate malware, botnets and phishing through DNS, and use the system to intelligently route our users around it. Not to mention speed up the Internet and move the state of the art for the Domain Name System forward. Together they’ve developed some of the foremost innovations the DNS has seen in its lifetime. See for yourself in our long list of inventions and firsts.
The first thing you should know about OpenDNS is that we value innovation above all else. And you should also know we’re committed to delivering the absolute best, smartest and safest Internet experience possible to every single one of our 50+ million users.
Check in here often to see what pioneering, needle-moving and overall exceptional technologies we’re delivering. We aim to impress. And we’re just getting started.
Background: The need for a better DNS security
DNS is one of the fundamental building blocks of the Internet. It’s used any time you visit a website, send an email, have an IM conversation or do anything else online. While OpenDNS has provided world-class security using DNS for years, and OpenDNS is the most secure DNS service available, the underlying DNS protocol has not been secure enough for our comfort. Many will remember the Kaminsky Vulnerability, which impacted nearly every DNS implementation in the world (though not OpenDNS).
That said, the class of problems that the Kaminsky Vulnerability related to were a result of some of the underlying foundations of the DNS protocol that are inherently weak — particularly in the “last mile.” The “last mile” is the portion of your Internet connection between your computer and your ISP. DNSCrypt is our way of securing the “last mile” of DNS traffic and resolving (no pun intended) an entire class of serious security concerns with the DNS protocol. As the world’s Internet connectivity becomes increasingly mobile and more and more people are connecting to several different WiFi networks in a single day, the need for a solution is mounting.
There have been numerous examples of tampering, or man-in-the-middle attacks, and snooping of DNS traffic at the last mile and it represents a serious security risk that we’ve always wanted to fix. Today we can.
Why DNSCrypt is so significant
In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone don’t work in the security world, however, so we’ve opened up the source to our DNSCrypt code base and it’s available on GitHub.
DNSCrypt has the potential to be the most impactful advancement in Internet security since SSL, significantly improving every single Internet user’s online security and privacy.
Global Internet Speedup
The Global Internet Speedup is a worldwide technology effort, led by OpenDNS and with the cooperation of Google and leading content delivery networks, to make the Internet faster. Through more transparency and collaboration OpenDNS was able to spearhead the enhancement of the Internet experience for millions of people around the world.
How it works:
Speed matters on the web and as bandwidth requirements continue to increase, the best way to make sure the web stays fast is to bring the content as close to the users as possible. This decreases latency to high-bandwidth content like video and allows for a more efficient utilization of Internet capacity world-wide.
The domain name system (DNS) plays a key role in helping make sure users get to the right resources. Often times, popular resources exist in many places. This way more people can access content at the same time, and more quickly. The Global Internet Speedup is the name we have given the numerous leading Internet companies who have agreed upon and implemented the proposed standard which enhances the DNS to improve the Internet for users around the world.
More information: http://www.afasterinternet.com
OpenDNS CacheCheck is the first-ever tool to allow Internet users insight into what is happening in their DNS and empower them to manually refresh DNS caches on their own. When a domain is failing and a website appears to be down, Internet users can simply refresh the massive OpenDNS caches and update them with the most current addresses for websites, in many cases enabling access automatically.
This innovation is also tremendously valuable for website administrators and operators, as it empowers them to enable access independently (a task previously requiring the assistance of an ISP).
OpenDNS SmartCache is the world’s most intelligent caching system. SmartCache makes Web sites that are effectively down for others accessible only on OpenDNS.
SmartCache uses the intelligence of the OpenDNS network at large, providing DNS service to tens of millions of people around the world, to locate the last known correct address for a Web site when its authoritative nameserver is offline or otherwise failing. A common occurrence, authoritative DNS nameserver outages often take major Web sites offline for hours or even days at a time, making them inaccessible on the Internet. One example of such an outage resulted in popular Web site Amazon.com inaccessible for several hours.
SmartCache changes that and renders authoritative DNS outages irrelevant for OpenDNS users. People accessing the Internet on networks running OpenDNS will be able to load Web sites while they are experiencing authoritative nameserver outages — when the rest of the Internet cannot.
The World’s First IPv6-compliant Open Recursive DNS Service
Get Your Network Ready for IPv6
The last block of IPv4 addresses have been allocated, and it’s time to get your network ready. OpenDNS now supports IPv6 addresses — meaning that, by using the OpenDNS Sandbox, you’ll be able to resolve your DNS using IPv6 DNS servers.
IPv6 supports a far larger number of addresses than IPv4, which is why the change is taking place now — since IPv4 was implemented in 1981, the Internet has grown dramatically, and there are no more available IPv4 addresses.
PhishTank is the first and most successful collaborative clearinghouse for data and information about phishing on the Internet. PhishTank is based on the idea that security researchers, exploited brands, technology developers, academic institutions and Internet users are stronger together in fighting phishing than they are on their own.
PhishTank works by allowing any individual or group to submit suspected phishes. The community votes on the accuracy of submission — is it a phish or a legitimate website? When the phish has been appropriately verified as a fraudulent and dangerous website, it is added to a feed. PhishTank makes all data about phishing open and accessible via an API so that other developers and organizations, including Yahoo!, Mozilla, Microsoft and leading academic institutions, can work together in the fight against phishing.
More information and to participate: http://www.phishtank.com
OpenDNS Domain Tagging
Domain Tagging is the first and most powerful people-powered Internet security system. It uses the intelligence of the greater OpenDNS community, which includes security researchers, academics, IT professionals and concerned netizens, to perform a security function. Community members submit domains into the system and tag them with a category such as “gambling,” “hate,” “video sharing” or “social networking.” Other community members vote on the accuracy of the submitter’s tag. Ultimately OpenDNS users can use the system to block categories of content on their networks.
The Domain Tagging community is tens of thousands of people strong, hailing from all around the world and including representation from academics, security, technology and various other disciplines.