Solving a problem you didn't know you had: OpenDNS

I ran into OpenDNS CEO David Ulevitch at the Stirr mixer a week ago, and he did a good job of pitching me on his product, an alternative DNS (domain name system) service. (News.com has covered OpenDNS before, see story.)

His pitch: The DNS your ISP uses--the box (or collection of boxes) that change domain names you type into the actual numerical IP addresses of the Web and e-mail servers you're trying to reach--is probably slow. It's definitely not as safe as it could be. And it doesn't do enough to help you find what you want when you mistype a domain name.

OpenDNS attempts to solve these problems. It claims to run better technology on its name servers. OpenDNS has databases of phishing sites and will warn or block you if you try to visit them. OpenDNS can also correct typos for you, in ways that are helpful but that run counter to the official practices of the domain name system. For example, there are only a few sites with the extension .cm, but typing .cm instead of .com is a common typo. OpenDNS doesn't stop users from going to actual (not phishing) .cm domains, but it can optionally correct the typo in other cases and send a user to the dot-com site they intended to visit. It will also make more clear-cut changes, such as correcting .og to .org, and .cmo to .com.

There's controversy around OpenDNS. OpenDNS is a for-profit service (it makes money by serving ads on the pages it displays when you make a domain name typo it cannot resolve). Overly aggressive corrections could undermine legitimate, or semilegitimate, businesses on the Web--and who's to say if OpenDNS is an appropriate arbiter of what's right and what's not? Some people also doubt that a single company can run a speedy and robust DNS service (as opposed to the distributed network of ISPs, each running its own DNS). Ulevitch maintains that if his service isn't run well and fairly, users will simply abandon it, so he has a lot of incentive to make his domain servers do the right thing, and fast.

I configured my home network to use OpenDNS and found the change largely invisible. That's fine with me. I don't make .com typos (because instead of typing .com into my address bar, I type the domain name, such as CNET, then press Ctrl+Enter, which automatically enters the www. and .com on either side), but I like knowing there's an extra layer of defense on my home network against phishing scams.

The real downside with OpenDNS is setup. You have to change settings in your router. Instructions on the OpenDNS site are clear, but this is not something I would point my parents to. It's also not something you can do unless you control your own network equipment. Also, in my case, OpenDNS didn't start working for me until some minutes after I made the changes on my router. That'd be no big deal if I was expecting it, but nothing on the OpenDNS site indicated that there would be a time lag before my changes kicked in.

I don't see any reason to go back to my ISP's default DNS, but neither has my online experience improved dramatically with OpenDNS. I recommend the service for people who find browsing the Web slow (it will help if the DNS server is the culprit) and for those who worry that people on their network might fall for phishing scams. But for many people, OpenDNS will improve the online experience only slightly.