ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Best DNS choice for a financial institution?

    IT Discussion
    12
    51
    2280
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dave247
      dave247 last edited by

      I work at a financial institution and am currently the only sysadmin here. I'm still green and learning as I go.
      I've been working to improve security by cleaning up firewall access rules and other things. One thing I did recently was switch our DNS from the ISP provided addresses to OpenDNS's servers. I just made the change but then I had the thought, is this ok to do? Is this secure?

      Does anyone know if it's wise for me to use OpenDNS or if I should look into any other DNS options? Any input is welcome.

      travisdh1 1 Reply Last reply Reply Quote 0
      • coliver
        coliver last edited by

        I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.

        dave247 1 Reply Last reply Reply Quote 1
        • dave247
          dave247 @coliver last edited by

          @coliver said in Best DNS choice for a financial institution?:

          I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.

          Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.

          JaredBusch coliver 2 Replies Last reply Reply Quote 0
          • JaredBusch
            JaredBusch @dave247 last edited by

            @dave247 said in Best DNS choice for a financial institution?:

            @coliver said in Best DNS choice for a financial institution?:

            I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.

            Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.

            They do no such thing.

            dave247 Danp 2 Replies Last reply Reply Quote 3
            • coliver
              coliver @dave247 last edited by

              @dave247 said in Best DNS choice for a financial institution?:

              @coliver said in Best DNS choice for a financial institution?:

              I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.

              Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.

              Not that I'm aware. IIRC they are just a DNS service unless you buy into Umbrella.

              1 Reply Last reply Reply Quote 0
              • travisdh1
                travisdh1 @dave247 last edited by

                @dave247 OpenDNS is just fine to use, like the other major DNS providers they will probably be a step up from your ISP provided service.

                What they don't do is filtering of any kind unless you add a paid service on. I've started running my own DNS server now that does block known advertising IP addresses called Pi-Hole (Yes, I've seen many names that are better.)

                dave247 PenguinWrangler 2 Replies Last reply Reply Quote 1
                • StrongBad
                  StrongBad last edited by

                  OpenDNS is part of Cisco. Far better than using your ISP.

                  1 Reply Last reply Reply Quote 0
                  • dave247
                    dave247 @travisdh1 last edited by

                    @travisdh1 said in Best DNS choice for a financial institution?:

                    @dave247 OpenDNS is just fine to use, like the other major DNS providers they will probably be a step up from your ISP provided service.

                    What they don't do is filtering of any kind unless you add a paid service on. I've started running my own DNS server now that does block known advertising IP addresses called Pi-Hole (Yes, I've seen many names that are better.)

                    Ah yes, that really makes sense now that you mention it.

                    1 Reply Last reply Reply Quote 0
                    • dave247
                      dave247 @JaredBusch last edited by

                      @jaredbusch said in Best DNS choice for a financial institution?:

                      @dave247 said in Best DNS choice for a financial institution?:

                      @coliver said in Best DNS choice for a financial institution?:

                      I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.

                      Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.

                      They do no such thing.

                      Not really helpful.

                      dbeato 1 Reply Last reply Reply Quote 0
                      • dbeato
                        dbeato @dave247 last edited by

                        @dave247 What Jared was noting is that they do not block sites or spam just because you use their DNS. You need to use OpenDNS with Content Filtering and enforce your clients to use their DNS or force all DNS queries on your firewall to go through the OpenDNS to maintain the content filtering.

                        1 Reply Last reply Reply Quote 1
                        • Danp
                          Danp @JaredBusch last edited by

                          @jaredbusch said in Best DNS choice for a financial institution?:

                          @dave247 said in Best DNS choice for a financial institution?:

                          @coliver said in Best DNS choice for a financial institution?:

                          I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.

                          Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.

                          They do no such thing.

                          How would you classify this functionality then?
                          0_1506464448584_2017-09-26 17_17_42-OpenDNS Dashboard _ Settings _ Web Content Filtering.png

                          Dashrender dbeato 2 Replies Last reply Reply Quote 0
                          • Dashrender
                            Dashrender @Danp last edited by

                            @danp said in Best DNS choice for a financial institution?:

                            @jaredbusch said in Best DNS choice for a financial institution?:

                            @dave247 said in Best DNS choice for a financial institution?:

                            @coliver said in Best DNS choice for a financial institution?:

                            I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.

                            Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.

                            They do no such thing.

                            How would you classify this functionality then?
                            0_1506464448584_2017-09-26 17_17_42-OpenDNS Dashboard _ Settings _ Web Content Filtering.png

                            is that in the free service?

                            Danp dave247 2 Replies Last reply Reply Quote 1
                            • Danp
                              Danp @Dashrender last edited by

                              @dashrender Yes it is.

                              1 Reply Last reply Reply Quote 0
                              • dbeato
                                dbeato @Danp last edited by

                                @danp That only blocks access to sites from internal to external not viceversa.

                                Danp 1 Reply Last reply Reply Quote 0
                                • Danp
                                  Danp @dbeato last edited by

                                  @dbeato Not sure I understand your point. Noone ever claimed that it was a firewall.

                                  dbeato 1 Reply Last reply Reply Quote 0
                                  • dave247
                                    dave247 @Dashrender last edited by

                                    @dashrender said in Best DNS choice for a financial institution?:

                                    @danp said in Best DNS choice for a financial institution?:

                                    @jaredbusch said in Best DNS choice for a financial institution?:

                                    @dave247 said in Best DNS choice for a financial institution?:

                                    @coliver said in Best DNS choice for a financial institution?:

                                    I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.

                                    Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.

                                    They do no such thing.

                                    How would you classify this functionality then?
                                    0_1506464448584_2017-09-26 17_17_42-OpenDNS Dashboard _ Settings _ Web Content Filtering.png

                                    is that in the free service?

                                    This is really all I was going for.. better than nothing

                                    1 Reply Last reply Reply Quote 0
                                    • Reid Cooper
                                      Reid Cooper last edited by

                                      OpenDNS is good. Or just use Google, it's not bad.

                                      Dashrender 1 Reply Last reply Reply Quote 0
                                      • Dashrender
                                        Dashrender @Reid Cooper last edited by

                                        @reid-cooper said in Best DNS choice for a financial institution?:

                                        OpenDNS is good. Or just use Google, it's not bad.

                                        For pure DNS probably so - but the OP is claiming (and JB is refuting) that OpenDNS provides filtering for free that no one else does.

                                        And from my own testing about 3 years ago, I agree with the OP, OpenDNS did provide a free level of filtering, but I don't recall what the limitations were.

                                        PenguinWrangler JaredBusch 2 Replies Last reply Reply Quote 0
                                        • PenguinWrangler
                                          PenguinWrangler @travisdh1 last edited by

                                          @travisdh1 said in Best DNS choice for a financial institution?:

                                          @dave247 OpenDNS is just fine to use, like the other major DNS providers they will probably be a step up from your ISP provided service.

                                          What they don't do is filtering of any kind unless you add a paid service on. I've started running my own DNS server now that does block known advertising IP addresses called Pi-Hole (Yes, I've seen many names that are better.)

                                          I like Pi-hole because they tell advertisers to shut their piehole.

                                          1 Reply Last reply Reply Quote 1
                                          • PenguinWrangler
                                            PenguinWrangler @Dashrender last edited by

                                            @dashrender said in Best DNS choice for a financial institution?:

                                            @reid-cooper said in Best DNS choice for a financial institution?:

                                            OpenDNS is good. Or just use Google, it's not bad.

                                            For pure DNS probably so - but the OP is claiming (and JB is refuting) that OpenDNS provides filtering for free that no one else does.

                                            And from my own testing about 3 years ago, I agree with the OP, OpenDNS did provide a free level of filtering, but I don't recall what the limitations were.

                                            IIRC the filtering was free for home use only.

                                            coliver Danp 2 Replies Last reply Reply Quote 0
                                            • First post
                                              Last post