DNS has, unfortunately, always had some inherent weaknesses because it’s transported in plain text. DNSSEC has never attempted to address that (crazy, I know). Encrypting all DNS traffic means a fundamental change to the security of the system on the whole and a strong improvement.It doesn’t work at all on my Mac connected via my Time Capsule. Perhaps it was meant to be used on public Wi-Fi hotspots? Encrypting DNS

Had a bit of a scare this morning while reading my feeds. I clicked on a link to the a New York Times article and was presented with this message:

So my first thought was I clicked on the wrong link. I tried it again and got the same message. Now I was worried. Was my MacBook hacked? Was my router compromised. I switched from NewNewsReader to Safari was able to get to the Apple web site. I then did a Google search on Patriot Media and DNS and found an entry on broadbandreports.com forum. Apparently the cable company had an issue with DNS early this morning for a short period of time. I was able to reset my router and things are now fine.

If you have a home network with more than one computer and you have kids you may want to take a look at OpenDNS. OpenDNS is a service that allow me to control what sort of web sites the computers on my network are allowed to visit.

2008-01-12_0900

OpenDNS protects millions of people a day across hundreds of thousands of schools, businesses and homes as they navigate the Internet. We block phishing sites and give you the power to block adult sites, proxies and individual domains.

There is no software to install. To use OpenDNS I configured the DNS settings in my LinkSys router to use the name servers provided by OpenDNS; ( 208.67.222.222 and 208.67.220.220 ). The web site provided detailed but simple instructions on how to do so. I could also have configured just a single computer or if I were a small business setup my internal name servers to use OpenDNS.

2008-01-12_0907

To use the web filtering features of OpenDNS it was necessary to create an account. Once my account was created I could then specify which types of site I wanted to block, create a white list of sites I wanted to allow, and also add additional sites I wanted to restrict. Filter rules can be applied to an entire network, a single computer in a network, or multiple networks. I setup my brother-in-laws home network under my account but I have applied different filter rules to each network.

OpenDNS has a lot of other cool features but my favourite is the stats page. From here I can see how much traffic flows out from my home network as well as which sites are most popular and which are being blocked. Yikes! Looks like I need to spend some more time offline.

2008-01-12_0919