Best DNS choice for a financial institution?
-
@danp We are referring to the post made by @dave247 "Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website."
-
@dave247 said in Best DNS choice for a financial institution?:
@jaredbusch said in Best DNS choice for a financial institution?:
@dashrender said in Best DNS choice for a financial institution?:
@reid-cooper said in Best DNS choice for a financial institution?:
OpenDNS is good. Or just use Google, it's not bad.
For pure DNS probably so - but the OP is claiming (and JB is refuting) that OpenDNS provides filtering for free that no one else does.
And from my own testing about 3 years ago, I agree with the OP, OpenDNS did provide a free level of filtering, but I don't recall what the limitations were.
OpenDNS does provide a free service. But that is not what was stated, nor what I refuted.
What was stated was to simply put the OpenDNS servers in as your DNS. That does nothing. It is a public DNS service. To make use of the basic filtering you have to create an account and link everything up.
But all of that said, you are also using the service against the ToS. There is no free service available for commercial use. There is only a trial for Umbrella.
For OpenDNS Home, it specifically states that it is for home use in the ToS.
Still not really helping the convo..
How, You are using a home service in a business right? I completely am helping you learn that you need to find a new solution.
-
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
I just reverted my DNS settings to what they were before. Screw it.
That's the one thing I would not do. If you are concerned about speed or security, you never use ISP DNS. That's been a best practice for over a decade (since the advent of free, enterprise DNS options like Google.) The one option that should never get considered is ISP DNS.
Why is that?
Because ISPs have these issues:
- It is not a service that they make money or clout on. They provide it because they have to for consumers. They don't care about making it good or safe, this is not in their interest. So it makes no business sense for them to do it well, or for customers to expect it to be a good service.
- ISP DNS is famously slow and risky, for exactly the reasons above. It is where attacks happen because ISPs aren't DNS specialists, they just throw up free DNS servers and ignore them. So DNS Injection attacks happen here. That entire, and very major, attack vector exists solely for companies that use ISP DNS. Google and Cisco have never been hacked like this, it's not a realistic attack on them.
- Propagation is notoriously problematic and unknown. Causing delays in failover or outages as other services change and you do not.
- You are unnecessarily tied to the ISP, even in a very trivial way.
- You make things non-standard for no reason. Why make things extra hard for negative benefits?
- You will have to have discussions like this every time you talk about DNS internally or externally. Making it a financial loss without benefit. Just use Google like everyone else and be done and eliminate having to explain the use of ISP DNS anytime someone looks at the system.
- Multiple sites can share configuration.
- Services like Google and OpenDNS take pride in their high availability, your ISP does not.
- If you switch ISPs, have an outage, etc. you get to keep configuration instead of needing to manually change anytime anything else changes.
-
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
I just reverted my DNS settings to what they were before. Screw it.
That's the one thing I would not do. If you are concerned about speed or security, you never use ISP DNS. That's been a best practice for over a decade (since the advent of free, enterprise DNS options like Google.) The one option that should never get considered is ISP DNS.
Why is that?
Because ISPs have these issues:
- It is not a service that they make money or clout on. They provide it because they have to for consumers. They don't care about making it good or safe, this is not in their interest. So it makes no business sense for them to do it well, or for customers to expect it to be a good service.
- ISP DNS is famously slow and risky, for exactly the reasons above. It is where attacks happen because ISPs aren't DNS specialists, they just throw up free DNS servers and ignore them. So DNS Injection attacks happen here. That entire, and very major, attack vector exists solely for companies that use ISP DNS. Google and Cisco have never been hacked like this, it's not a realistic attack on them.
- Propagation is notoriously problematic and unknown. Causing delays in failover or outages as other services change and you do not.
- You are unnecessarily tied to the ISP, even in a very trivial way.
- You make things non-standard for no reason. Why make things extra hard for negative benefits?
- You will have to have discussions like this every time you talk about DNS internally or externally. Making it a financial loss without benefit. Just use Google like everyone else and be done and eliminate having to explain the use of ISP DNS anytime someone looks at the system.
- Multiple sites can share configuration.
- Services like Google and OpenDNS take pride in their high availability, your ISP does not.
- If you switch ISPs, have an outage, etc. you get to keep configuration instead of needing to manually change anytime anything else changes.
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
-
@dave247 said in Best DNS choice for a financial institution?:
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.
-
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.
rips hair out google it is then
-
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.
rips hair out google it is then
LOL, remember it is IT, "keeping it simple" is often the right answer.
-
For home, I use a Pi-Hole DNS cache in front of Google. Gives me some filtering and monitoring that Google does not.
-
@scottalanmiller said in Best DNS choice for a financial institution?:
For home, I use a Pi-Hole DNS cache in front of Google. Gives me some filtering and monitoring that Google does not.
For home you can use a free OpenDNS account and get filtering.
-
@jaredbusch said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
For home, I use a Pi-Hole DNS cache in front of Google. Gives me some filtering and monitoring that Google does not.
For home you can use a free OpenDNS account and get filtering.
Probably only if not a home office
I didn't look much at the ToS, maybe that is okay.
-
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.
rips hair out google it is then
LOL, remember it is IT, "keeping it simple" is often the right answer.
Yeah I can't remember why, but for some reason I remember changing my thoughts about "just setting DNS to google" ... like it wasn't the best thing to do or something.
-
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.
rips hair out google it is then
LOL, remember it is IT, "keeping it simple" is often the right answer.
Yeah I can't remember why, but for some reason I remember changing my thoughts about "just setting DNS to google" ... like it wasn't the best thing to do or something.
I made a DNS change on our domain a few weeks back that took almost 24 hours to propagate through Google DNS for some reason. Even the ISP DNS updated in less than 2 hours. But aside from that one instance, I have generally had better results with Google DNS servers than anyone else.
-
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.
rips hair out google it is then
LOL, remember it is IT, "keeping it simple" is often the right answer.
Yeah I can't remember why, but for some reason I remember changing my thoughts about "just setting DNS to google" ... like it wasn't the best thing to do or something.
Best thing is likely a service like Umbrella. But for free, nothing will touch Google.
-
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.
rips hair out google it is then
LOL, remember it is IT, "keeping it simple" is often the right answer.
Yeah I can't remember why, but for some reason I remember changing my thoughts about "just setting DNS to google" ... like it wasn't the best thing to do or something.
Best thing is likely a service like Umbrella. But for free, nothing will touch Google.
An alternative to Umbrella is Strongarm.io. They have recently added content filtering options to their service which was originally only designed to interrupt connections to malicious sites.
-
@jaredbusch said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.
rips hair out google it is then
LOL, remember it is IT, "keeping it simple" is often the right answer.
Yeah I can't remember why, but for some reason I remember changing my thoughts about "just setting DNS to google" ... like it wasn't the best thing to do or something.
Best thing is likely a service like Umbrella. But for free, nothing will touch Google.
An alternative to Umbrella is Strongarm.io. They have recently added content filtering options to their service which was originally only designed to interrupt connections to malicious sites.
Yes. Probably much cheaper than Cisco, too. OpenDNS was great before Cisco bought them. I'd personally be pretty wary of using a Cisco service, my interactions with Cisco are pretty consistent that they lack integrity and so I don't see them as a company I would trust in any situation where they were involved in security. They don't seem to have a lot of ethics and that is a big deal when talking about security products - what good is their security if you can't trust the people who are the security people!
Definitely check out Strongarm.io. If you are going to be in Austin in two weeks, Strongarm will be hanging out with us on Sixth!
-
@scottalanmiller said in Best DNS choice for a financial institution?:
@jaredbusch said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.
rips hair out google it is then
LOL, remember it is IT, "keeping it simple" is often the right answer.
Yeah I can't remember why, but for some reason I remember changing my thoughts about "just setting DNS to google" ... like it wasn't the best thing to do or something.
Best thing is likely a service like Umbrella. But for free, nothing will touch Google.
An alternative to Umbrella is Strongarm.io. They have recently added content filtering options to their service which was originally only designed to interrupt connections to malicious sites.
Yes. Probably much cheaper than Cisco, too. OpenDNS was great before Cisco bought them. I'd personally be pretty wary of using a Cisco service, my interactions with Cisco are pretty consistent that they lack integrity and so I don't see them as a company I would trust in any situation where they were involved in security. They don't seem to have a lot of ethics and that is a big deal when talking about security products - what good is their security if you can't trust the people who are the security people!
Definitely check out Strongarm.io. If you are going to be in Austin in two weeks, Strongarm will be hanging out with us on Sixth!
Same impression I get
-
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@jaredbusch said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@scottalanmiller said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
So then what good/safe/secure/reliable/free DNS servers should I be using?? All I know of right now is google and DNSwatch..
Google. It's what everyone uses. Unless you are going to pay for something, which is perfectly fine as things like Cisco Umbrella really do a good job, you just use Google. Google's DNS servers are screaming fast, insanely secure, and standard the world over. Google's only competition was OpenDNS' free servers and they were only competitive when they did free filtering and other tools. Without that, Google is still the best. So no reason to look around for anything else.
rips hair out google it is then
LOL, remember it is IT, "keeping it simple" is often the right answer.
Yeah I can't remember why, but for some reason I remember changing my thoughts about "just setting DNS to google" ... like it wasn't the best thing to do or something.
Best thing is likely a service like Umbrella. But for free, nothing will touch Google.
An alternative to Umbrella is Strongarm.io. They have recently added content filtering options to their service which was originally only designed to interrupt connections to malicious sites.
Yes. Probably much cheaper than Cisco, too. OpenDNS was great before Cisco bought them. I'd personally be pretty wary of using a Cisco service, my interactions with Cisco are pretty consistent that they lack integrity and so I don't see them as a company I would trust in any situation where they were involved in security. They don't seem to have a lot of ethics and that is a big deal when talking about security products - what good is their security if you can't trust the people who are the security people!
Definitely check out Strongarm.io. If you are going to be in Austin in two weeks, Strongarm will be hanging out with us on Sixth!
Same impression I get
Have you tried Strongarm? How do you like it?
