March 27, 2009, 9:41 AM — If you aren't using OpenDNS to protect your small business network, now is the time to take the few minutes to set it up. It is well worth the investment, it is free, and it will protect you from any number of issues in the future. And you might get better browsing performance as a result that your users will thank you for.
Before I tell you how to do this, let's have a brief explanation of what the Domain Name System is for those of you that really want to know. Think of what a phone book does -- it allows you if you know someone's name to look up their phone number. The DNS does something similar, except for computers: if you type in "google.com" it translates that name into a sequence of four numbers, called an IP address, which in this case for google.com is 220.127.116.11.
The overall Internet infrastructure has a series of master phone books, or DNS root servers, located at strategic places around the world and maintained by a collection of public, semi-public, and private providers. They talk to each other on a regular basis; to make sure that as we add new domains they are in synch. As you can imagine, if someone wants to "poison" one of the entries, or misdirect Internet traffic to a phony domain, it can be done with the right amount of subterfuge. This is what happened last year ago when an Internet provider in Pakistan managed to block access to all of YouTube when they were just trying to keep Pakistani citizens from viewing a single offensive video.
Here is where OpenDNS comes into play. When you set up your network, typically you don't give your DNS settings any further thought. If you have a cable or DSL modem, you hook it up and it automatically gets its DNS settings from the cable or phone company's DNS servers.
What I am suggesting is that you change these settings, to reflect the DNS servers at OpenDNS. This is a free service, and in case you were wondering, they make money on serving ads when you type in a domain that doesn't exist. There are instructions on their Web site based on the router that you use on your network and the whole process shouldn't take you more than a couple of minutes to read through them and implement the changes.
There are a few nice things about using OpenDNS. First, you can set it up to block objectionable domains, so you can protect yourself from any lawsuits. They also spend time to block known exploit domains, so you have a better chance of not getting trapped by some hacker. You also get better DNS service, because they have servers that will return the domains supposedly faster than the ones for the general Internet. They also catch common typos in domains, so if you are like me and make mistakes typing in names in your browser, they can usually direct you to the place you intended.
OpenDNS is just the beginning to help secure your DNS resources. If you are interested in learning more, a good place to start is with this post from Paul Vixie here. Vixie is one of the original Wise Men of the Internet and has been involved in authoring numerous RFPs and protocols. He and others are part of a substantial effort underway to create a new series of secure DNS protocol extensions and products to support these extensions, and you can check out these products and read more on this site to understand what is involved to deploy them.
David Strom is a former editor-in-chief of Network Computing, Tom's Hardware.com and DigitialLanding.com and an independent network consultant, blogger, podcaster and professional speaker based in St. Louis. He can be reached at email@example.com.