With the ramifications of the DNS cache poisoning bug beginning to sink in and the first exploit code being published today, we are anticipating an accelerating number of queries from our members about this and what they can do to ensure their own DNS caching resolvers are safe to use.
We can tell you about two public DNS resolver systems you can use. One external, one we just launched ourselves:
OpenDNS: User friendly DNS lookups – with anti-phishing protection
We’ve never been in the DNS resolution or DNS resolving business. There are companies like OpenDNS who are. We know the people who run this company, they are competent and knowledgeable and we consider their service safe. That said, they also provide protection against phishing domains and they do trap NXDOMAIN traffic. Yes, they do monetize failed lookups via a search suggestion page with PPC links, individual users do have the ability to turn this off.
easyDNS launches DNSResolvers.com: no frills, pure DNS lookups – fully patched
Some of our members have expressed reservations around using any DNS resolver that “alters” the traffic in any way, including typos and non-existent domains. Which is good news for us, because we’ve done this so fast we haven’t had time to build anything like that even if we wanted to. What we did want to do is provide a couple of DNS resolvers for use by our members (or anybody else) who just want to know they’re using a system run by people who are actively following this situation and are proactively keeping their own resolvers and caching nameservers as secure as the protocol allows.
With this in mind we’ve turned up DNSresolvers.com today. No website, no user interface, at the moment it’s just a couple of resolvers with the latest security patches in place and that will continue to do so, open to use by anybody who wants. We have no idea where this will go, and it’s not really an official easyDNS “service” per se. But we wanted to do something to give our members options.
If you want to use DNSresolvers.com, the details are as follows:
cache1.dnsresolvers.com -> 220.127.116.11
cache2.dnsresolvers.com -> 18.104.22.168