Best DNS choice for a financial institution?
-
@danp That only blocks access to sites from internal to external not viceversa.
-
@dbeato Not sure I understand your point. Noone ever claimed that it was a firewall.
-
@dashrender said in Best DNS choice for a financial institution?:
@danp said in Best DNS choice for a financial institution?:
@jaredbusch said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@coliver said in Best DNS choice for a financial institution?:
I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.
Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.
They do no such thing.
How would you classify this functionality then?
is that in the free service?
This is really all I was going for.. better than nothing
-
OpenDNS is good. Or just use Google, it's not bad.
-
@reid-cooper said in Best DNS choice for a financial institution?:
OpenDNS is good. Or just use Google, it's not bad.
For pure DNS probably so - but the OP is claiming (and JB is refuting) that OpenDNS provides filtering for free that no one else does.
And from my own testing about 3 years ago, I agree with the OP, OpenDNS did provide a free level of filtering, but I don't recall what the limitations were.
-
@travisdh1 said in Best DNS choice for a financial institution?:
@dave247 OpenDNS is just fine to use, like the other major DNS providers they will probably be a step up from your ISP provided service.
What they don't do is filtering of any kind unless you add a paid service on. I've started running my own DNS server now that does block known advertising IP addresses called Pi-Hole (Yes, I've seen many names that are better.)
I like Pi-hole because they tell advertisers to shut their piehole.
-
@dashrender said in Best DNS choice for a financial institution?:
@reid-cooper said in Best DNS choice for a financial institution?:
OpenDNS is good. Or just use Google, it's not bad.
For pure DNS probably so - but the OP is claiming (and JB is refuting) that OpenDNS provides filtering for free that no one else does.
And from my own testing about 3 years ago, I agree with the OP, OpenDNS did provide a free level of filtering, but I don't recall what the limitations were.
IIRC the filtering was free for home use only.
-
@penguinwrangler said in Best DNS choice for a financial institution?:
@dashrender said in Best DNS choice for a financial institution?:
@reid-cooper said in Best DNS choice for a financial institution?:
OpenDNS is good. Or just use Google, it's not bad.
For pure DNS probably so - but the OP is claiming (and JB is refuting) that OpenDNS provides filtering for free that no one else does.
And from my own testing about 3 years ago, I agree with the OP, OpenDNS did provide a free level of filtering, but I don't recall what the limitations were.
IIRC the filtering was free for home use only.
https://www.opendns.com/home-internet-security/
That looks to be right. They offer a free tier for home use.
-
@penguinwrangler said in Best DNS choice for a financial institution?:
@dashrender said in Best DNS choice for a financial institution?:
@reid-cooper said in Best DNS choice for a financial institution?:
OpenDNS is good. Or just use Google, it's not bad.
For pure DNS probably so - but the OP is claiming (and JB is refuting) that OpenDNS provides filtering for free that no one else does.
And from my own testing about 3 years ago, I agree with the OP, OpenDNS did provide a free level of filtering, but I don't recall what the limitations were.
IIRC the filtering was free for home use only.
Has that always been the case or did this change with the purchase by Cisco?
-
It's always been that way. Not that it's stopped anyone from using it anyway. I 2nd local Pi-hole installation. Add OpenDNS on top and you have a nice extra layer of filtering.
-
I just reverted my DNS settings to what they were before. Screw it.
-
@dave247 Why? ISP DNS servers are the worst thing you can pick. If you don't want to mess with OpenDNS, go with Google servers.
-
@marcinozga said in Best DNS choice for a financial institution?:
It's always been that way. Not that it's stopped anyone from using it anyway. I 2nd local Pi-hole installation. Add OpenDNS on top and you have a nice extra layer of filtering.
Actually, it was free for business at one time.
-
That's 5 years ago, probably before I even bothered with DNS filtering. Squid used to do the job before. HTTPS everywhere changed all that.
-
@marcinozga said in Best DNS choice for a financial institution?:
@dave247 Why? ISP DNS servers are the worst thing you can pick. If you don't want to mess with OpenDNS, go with Google servers.
Got any good info to back that statement up? I'm not saying I don't believe you, but I've always just heard that via word of mouth.. not sure if it's really true or not
-
@dave247 said in Best DNS choice for a financial institution?:
I just reverted my DNS settings to what they were before. Screw it.
That's the one thing I would not do. If you are concerned about speed or security, you never use ISP DNS. That's been a best practice for over a decade (since the advent of free, enterprise DNS options like Google.) The one option that should never get considered is ISP DNS.
-
@marcinozga said in Best DNS choice for a financial institution?:
@dave247 Why? ISP DNS servers are the worst thing you can pick. If you don't want to mess with OpenDNS, go with Google servers.
Exactly.
-
@dave247 said in Best DNS choice for a financial institution?:
@marcinozga said in Best DNS choice for a financial institution?:
@dave247 Why? ISP DNS servers are the worst thing you can pick. If you don't want to mess with OpenDNS, go with Google servers.
Source on that?
This has been an industry best practice for so long it would be like asking doctors to provide a source on why not to use leeches any more. It's the same as any other bundling rule, we actually use this as one of the references for other things, constantly. Same as you never use email or VoIP from your ISP, no services at all from your ISP other than the ones necessary because they are your ISP.
-
@dashrender said in Best DNS choice for a financial institution?:
@reid-cooper said in Best DNS choice for a financial institution?:
OpenDNS is good. Or just use Google, it's not bad.
For pure DNS probably so - but the OP is claiming (and JB is refuting) that OpenDNS provides filtering for free that no one else does.
And from my own testing about 3 years ago, I agree with the OP, OpenDNS did provide a free level of filtering, but I don't recall what the limitations were.
OpenDNS does provide a free service. But that is not what was stated, nor what I refuted.
What was stated was to simply put the OpenDNS servers in as your DNS. That does nothing. It is a public DNS service. To make use of the basic filtering you have to create an account and link everything up.
But all of that said, you are also using the service against the ToS. There is no free service available for commercial use. There is only a trial for Umbrella.
For OpenDNS Home, it specifically states that it is for home use in the ToS.
-
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
I just reverted my DNS settings to what they were before. Screw it.
That's the one thing I would not do. If you are concerned about speed or security, you never use ISP DNS. That's been a best practice for over a decade (since the advent of free, enterprise DNS options like Google.) The one option that should never get considered is ISP DNS.
Why is that?