OpenDNS

From ArchWiki
Revision as of 19:08, 31 October 2009 by M l (talk | contribs) (→‎What is it?)
Jump to navigation Jump to search

What is it?

OpenDNS is a better DNS service. If you Internet pages are loading slow or if you want to make your Internet safer, faster, smarter and more reliable, try OpenDNS on your computer.

Your ISP provides (usually) working DNS servers; however, the router sometimes adds an extra DNS server, in case you have your own cache server (which would be slightly faster). This isn't a problem for windows users, because if a DNS server is slow or not doesn't work it will immediately switch to another one. However, Linux takes longer to timeout (which is why you are getting a delay).

To check if this is the case: Check /etc/resolv.conf for the IP address of the servers. Then type (to see how long the response takes):

ping <one of the ip addresses>

Note: this is not accurate because most of DNS servers do not respond to ping request. So, this is not reliable to test the speed response of a DNS server. Better use dig or host to query for an IP from an hostname.

Using dig before making any changes, repeat after making the changes below and compare the before and after, Query time(s):

dig www5.yahoo.com
  • you should have dig already installed, if not install dnsutils

Can also use dig with a specific nameserver:

dig @ip.of.name.server www5.yahoo.com

For example, using OpenDNS:

dig @208.67.222.222 www5.yahoo.com

Or using my router:

dig @192.168.1.1 www5.yahoo.com
  • example output after using OpenDNS nameservers in /etc/resolv.conf:
;; Query time: 40 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
  • example output using the nameservers in my router's dns settings(also using OpenDNS):
;; Query time: 100 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)

If one of the responses takes a long time (or times out), then you can just delete it from resolve.conf. However, depending on you network setup, the file may get rewritten every time you reconnect to the network (like when rebooting). In that case, you can block that ip in hosts.deny, or if you use iptables, you can add a rule to block that IP (the latter is what I did).

What do I do?

To speed things up, use OpenDNS. Edit /etc/resolv.conf and add to the top of the file, the OpenDNS nameservers so they are used first. Or remove any nameservers already listed, in order to use only the OpenDNS nameservers:

# OpenDNS nameservers
nameserver 208.67.222.222
nameserver 208.67.220.220
  • changes made to /etc/resolv.conf take affect immediately

with dhcpcd

If you are using dhcpcd, edit /etc/dhcpcd.conf and remove domain_name_servers option to make it look like this:

option domain_name, domain_search, host_name

You will also need to edit or create /etc/resolv.conf.head and add to the top of the file, the OpenDNS nameservers so they are used first. Or remove any nameservers already listed, in order to use only the OpenDNS nameservers:

# OpenDNS nameservers
nameserver 208.67.222.222
nameserver 208.67.220.220
  • dhcpcd creates dynamically /etc/resolv.conf from /etc/resolv.conf.head and the option sets in /etc/dhcpcd.conf

After editing or creating /etc/resolv.conf.head, for changes to take affect immediately without a reboot, restart networking:

# /etc/rc.d/network restart 

with a router

You may also specify these IP's in your router under the DNS tab, and merely point to your router's IP from /etc/resolv.conf.

If you have a laptop that you roam with (assuming you have iptables setup): Where the x's is the bad IP address

iptables  -A OUTPUT -d xxx.xxx.x.x  -j REJECT
iptables-save>/etc/iptables/iptables.rules

The first step tells iptables to reject connections to that nameserver. This causes the nameserver to immediately timeout. The second step saves the iptables rule.

Fixing problems with Google

OpenDNS hijacks google-searches by routing all queries through their own servers first. This can be annoying because a) google searches may slow down noticeably and b) it breaks Google's FeelingLucky feature (e.g., entering digg in your adress bar will open www.digg.com). For the latter, there is a Firefox-addon bringing back the original behaviour. A more elegant solution is to redirect all queries for google exclusively to your ISP's DNS Server. This can be done with Dnsmasq (see Speeding up DNS with dnsmasq in the wiki for more information).


More Resources