Re: OpenDNS is acting improperly !!!

[bk <chort0 () gmail com>]

On Aug 2, 2010, at 7:59 AM, Paulo Cesar Breim (PCB) wrote:

> Are you OpenDNS partner ?
>
> I am telling about a security problem. You are so stupid to understand.
>
>
> On 02/08/2010, at 11:47, bk wrote:
>
> > On Jul 31, 2010, at 10:03 AM, Paulo Cesar Breim (PCB) wrote:
> >
> > > NSLookup has the same problem. Always return opendns IP.
> > >
> > > paulo
> >
> >
> > Quit being so dense:  http://www.opendns.com/solutions/household/guide/ -- While you're at it, read up on how DNS 
> > works.
> >
> > If you don't like that, don't use OpenDNS.  This has been known for years.
> >
> > --
> > chort

a) Stop top-posting, it destroys the thread

b) It's not a security issue, that's how it's designed to work.  How else are they going to "correct" typos, make 
suggestions, and block "bad" sites all just through DNS?

Personally I don't like how their service changes responses, and I'm smart enough to know how to setup my own DNS 
servers safely, so I don't use OpenDNS.  I also tell all my corporate customers not to use it for their servers due to 
afore-mentioned issues.  Just because I don't like how it works doesn't make it a "security problem".

So once again my advice is:

a)  Don't use it if you don't like it

b)  Learn how DNS works.  "ping" is not a DNS utility.  Except for very few edge cases, anything that makes a DNS 
resolution call (ping, dig, nslookup, host, telnet, curl, whatever) are all going to get the same results (um, that's 
what DNS is designed to do), so posting follow-ups such as "dig has the same problem" only prove you're too dumb to 
understand DNS.

Next you're going to claim every MTA is insecure because they allow you to send an e-mail with a different "From: 
header" sender than the "MAIL FROM" envelope sender.

--
chort
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/