I’m a little late to the blogging phenomenon, but here we go. I started working on OpenDNS last November to create a new kind of DNS service that can be used by anyone to make their Internet experience better. Since then I’ve been working hard to bring this to fruition by assembling a fantastic team, developing some really great software and deploying a world-class network. Now I’m thrilled to introduce the free service we’ve been building. It’s ready, and I want you to try it. You will love it.
DNS in two (or three) sentences
DNS is what allows you to type in a web address and end up at a website; DNS is transparent and yet fundamental to the operation of the Internet. There are two sides to DNS, the authoritative side which give out answers and the recursive side that ask questions on your behalf and holds onto them in case you ask again.
OpenDNS provides the latter, the world’s first highly-available, high-performance recursive DNS service customized with features to make the Internet safer, faster and smarter for you. (Clearly, I belong in Marketing.)
To understand why I created OpenDNS requires a little background. I’d moved to San Francisco after graduating from Washington University in St. Louis, and was managing EveryDNS, a popular and reliable DNS management service which I started five years ago. While helping scale and run operations for a startup run by a friend of mine I watched EveryDNS continue to grow and do well on its own and I missed it. Running a world-class DNS service for five years taught me a lot not only about DNS and networks but also about the people who use them. As a result of all this work I discovered ways to make DNS better by making it more resilient, safer and faster. I also began to see and understand how a lot of spam, spyware and phishing sites abused DNS to operate.
Not everyone on the Internet is as nice as you are
Spammers, Phishers, Botmasters and other Internet Bad Guys use DNS as a vector for running their attacks and schemes to send spam, spread malware and operate phishing sites. Some of these Bad Guys used EveryDNS to manage DNS nefariously. When I found out about this, I took action and cleaned up EveryDNS. We wrote code to filter out the Bad Guys and began collaborating with other DNS providers to share information on bad users and bad domains so that these bad actors would be unable to jump from service to service. The Bad Guys went away and my part of the Internet was clean (and still is). The problem was that the Bad Guys just moved onto easier targets — other DNS services that didn’t care as much as I did and didn’t collaborate with the major DNS players. The abuse continued to be levied on the Internet and I was unable to stop it. By cleaning up my neighborhood all I had done was drive the abuse into another one. So I created OpenDNS to deal with this and many other limitations of the existing DNS.
OpenDNS is a DNS service designed for you: instead of relying on all the unknown DNS providers out there to clean up their act (more on this in a future post), we act like a crossing guard in front of your house. We direct the good stuff towards you and send the bad stuff away.
Improving the DNS
DNS — the Domain Name System, a foundation of the Internet for 20 years — has loads of room for improvement. Most people don’t realize the possibilities, but the DNS software most of us are using (via an ISP or corporate server) hasn’t evolved fast enough or far enough from the software written in the 1980s. There’s a huge opportunity to learn from the past and address and fix some of the problems that crop up at the scale of today’s Internet. I decided that adding security features, performance improvements (we all want a faster Internet, even with broadband), and some smarts (fix typos for me… that’s what computers are supposed to do) would evolve the existing DNS without breaking the old. Don’t worry about us hijacking your traffic like one of the many browser toolbars that get automatically installed — having had my first tastes of unix and networking at a mom-and-pop ISP, I was schooled with the importance of making things interoperate nicely and not messing with peoples’ computers or Internet.
Improving the Internet
What do I mean by “improve the Internet”? If you’ve read ”The Tipping Point” by Malcolm Gladwell you know the story about how New York City made the subways safer by focusing on the fundamentals rather than trying to catch every criminal. By cleaning up subway graffitti and catching fare-cheaters the law-abiding citizens of New York returned to using the subways and to taking pride in their clean city. These small changes led to a massive downturn in crime numbers in New York. We’re applying the same techniques to the Internet and cleaning it up.
- We’re blocking phishing sites that are set up to steal your banking and other sensitive data.
- We’re impacting the ability for botnets to organize and disrupt networks.
- We’re improving the collective intelligence of the DNS to provide insights into many forms of Internet abuse and fraud.
More than five years running EveryDNS showed me a lot of the shady practices by the folks who have made phishing, pharming, botnets, spamming, and other nefarious practices something we all contend with every day. (Who thought phishing would be a widespread term?) They do this because it’s easy for them and there are no counter-measures. Now there’s OpenDNS. Of course, we’ll also speed up your Internet without changing your ISP, computer, or browser and perform some simple but useful tweaks like fixing typos. A barrage of testing and feedback has told us that people really notice a faster Internet experience, and that they appreciate getting an intelligent search results page rather than a “page not found” error. That is just the beginning.
The primary service of EveryDNS is free authoritative DNS. Not registering domains, not hosting websites, not doing anything more than let people with domains administer their own records in the global Internet “white pages” known as DNS. Nearly 100,000 individuals, organizations and companies depend on this free resource and have for many years. EveryDNS is supported by donations and advertising, and has always been profitable. I have automated nearly ever aspect of EveryDNS and along with the help of a fantastic team of volunteers, I am free of day-to-day involvement. You can find more information at EveryDNS.