I have been a long-time user of OpenDNS for my home network, and have recommend it to my friends and family. The “Home Parental Controls” allows me to easily add another layer of protection to my home network, not only to setup content filtering but also to reduce the likelihood of malware and virus infections. I must say, right up front that I have no affiliation, financial or otherwise, with OpenDNS other than a satisfied user. Your mileage may vary.
OpenDNS is just one of the tools that I use to enforce a `perimeter’ around my home network. It is just one of the many layers that I have setup to defend my network. OpenDNS is so easy to setup that I personally think it is bordering on negligent if you don’t use it.
How does DNS work?
I’m going to use the analogy of a telephone to help describe how DNS (Domain Name System), and then OpenDNS, works. Your computer, when it is put on a network, is given a ‘telephone number’ (IP address). As long as you know the ‘telephone number’ of another computer, it is possible to ‘call’ that remote computer and start a conversation. But remembering telephone numbers is difficult, and when there are millions of telephone numbers it becomes even more difficult to remember the telephone number of Google, Apple, CNN or whatever computer you need to call. You’re going to need a whitepages in order to be able to list the phone numbers of all those computers. A DNS nameserver is the ‘phone book’, and is part of the required infrastructure on a network that does the “name to telephone number” lookup each time you want to call another computer. The Internet has 13 ‘root‘ nameservers that are the top-level phone books of the Internet, and your DNS ‘lookups’ will usually have to go to one of these in order to find the ‘telephone number’ you need to connect.
OpenDNS is a different phone book
Now, continuing with the ‘phone book’ concept, imagine that each “telephone number” was listed in the “Yellow Pages” or whatever business telephone directory you are more familiar with. Imagine that your phone book knows your telephone number, and that you have registered that you don’t want to be able to call “Travel” companies. As you look up the `telephone number’ of Disney.com, the `phone book’ shows Disney is listed under the “Games”, “Television” and “Travel” categories and then changes the telephone number to go to a recorded message saying “You didn’t want to call Travel companies, and Disney is listed as a Travel company”. OpenDNS is this new and improved telephone book.
But how does that stop malware and viruses?
OpenDNS helps reduce malware and viruses by two methods.
- In the “Web Content Filtering” section, selecting the “Adware” and “P2P/File sharing” settings reduces the chances that “Unofficial” software is downloaded onto a computer in your network. Sure, these settings will also reduce the “Unofficial” sharing of other files, but aren’t there better ways to use your Internet bandwidth? As the old saying goes, “An ounce of prevention is better than a pound of cure”.
- In the “Security” section, selecting “Enable basic malware/botnet protection” disrupts the “Command and Control” connections that most malware and viruses use to “call home” to the originating server. Most malware and viruses are not programmed just to infect other computers, but are used to create a large group of computers that can be used to simultaneously attack a designated target. By blocking the “command and control” connection, you are restricting the infection to your own computers, being a good Network citizen (or Netizen) and keeping the weeds in your own yard.
How do I set it up for home?
Firstly, you’re going to need to signup for the OpenDNS service. Click here to signup – I’d appreciate it if you put “TheITJuggler.com” in the “Where did you hear about OpenDNS” section. Once you have signed up, OpenDNS provides really simple instructions on how to setup your whole network, or just an individual computer via their Support pages, and also ways for you to check that you have set it up correctly.
How do I set it up for my school or business?
OpenDNS also has full commercial services that you can purchase that extend your content filtering and security perimeter out to your users who are working from home, telecommuting, or purely mobile. This service is called Umbrella. I don’t have any ideas of the costs involved in using this service, but I am guessing it is going to be much cheaper than buying a content filtering appliance and the associated maintenance and support contracts you will have to purchase.
If you need help with setting up OpenDNS, please contact me via the Contact Us page. If you use or can recommend other services like OpenDNS, please leave them in the comments below.