Best DNS choice for a financial institution?
-
I work at a financial institution and am currently the only sysadmin here. I'm still green and learning as I go.
I've been working to improve security by cleaning up firewall access rules and other things. One thing I did recently was switch our DNS from the ISP provided addresses to OpenDNS's servers. I just made the change but then I had the thought, is this ok to do? Is this secure?Does anyone know if it's wise for me to use OpenDNS or if I should look into any other DNS options? Any input is welcome.
-
I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.
-
@coliver said in Best DNS choice for a financial institution?:
I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.
Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.
-
@dave247 said in Best DNS choice for a financial institution?:
@coliver said in Best DNS choice for a financial institution?:
I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.
Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.
They do no such thing.
-
@dave247 said in Best DNS choice for a financial institution?:
@coliver said in Best DNS choice for a financial institution?:
I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.
Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.
Not that I'm aware. IIRC they are just a DNS service unless you buy into Umbrella.
-
@dave247 OpenDNS is just fine to use, like the other major DNS providers they will probably be a step up from your ISP provided service.
What they don't do is filtering of any kind unless you add a paid service on. I've started running my own DNS server now that does block known advertising IP addresses called Pi-Hole (Yes, I've seen many names that are better.)
-
OpenDNS is part of Cisco. Far better than using your ISP.
-
@travisdh1 said in Best DNS choice for a financial institution?:
@dave247 OpenDNS is just fine to use, like the other major DNS providers they will probably be a step up from your ISP provided service.
What they don't do is filtering of any kind unless you add a paid service on. I've started running my own DNS server now that does block known advertising IP addresses called Pi-Hole (Yes, I've seen many names that are better.)
Ah yes, that really makes sense now that you mention it.
-
@jaredbusch said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@coliver said in Best DNS choice for a financial institution?:
I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.
Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.
They do no such thing.
Not really helpful.
-
@dave247 What Jared was noting is that they do not block sites or spam just because you use their DNS. You need to use OpenDNS with Content Filtering and enforce your clients to use their DNS or force all DNS queries on your firewall to go through the OpenDNS to maintain the content filtering.
-
@jaredbusch said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@coliver said in Best DNS choice for a financial institution?:
I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.
Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.
They do no such thing.
How would you classify this functionality then?
-
@danp said in Best DNS choice for a financial institution?:
@jaredbusch said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@coliver said in Best DNS choice for a financial institution?:
I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.
Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.
They do no such thing.
How would you classify this functionality then?
is that in the free service?
-
@dashrender Yes it is.
-
@danp That only blocks access to sites from internal to external not viceversa.
-
@dbeato Not sure I understand your point. Noone ever claimed that it was a firewall.
-
@dashrender said in Best DNS choice for a financial institution?:
@danp said in Best DNS choice for a financial institution?:
@jaredbusch said in Best DNS choice for a financial institution?:
@dave247 said in Best DNS choice for a financial institution?:
@coliver said in Best DNS choice for a financial institution?:
I don't see anything wrong with this. OpenDNS, Google DNS, Comodo DNS, are all big names that are very unlikely to fall victim to DNS poisoning attacks.
Yeah I was just trying OpenDNS out because someone mentioned that they seem to filter out some "bad"/spam sites and things of that nature. Example: I've had some people accidentally type the wrong URL (off by a letter) and it takes them to a malicious website.
They do no such thing.
How would you classify this functionality then?
is that in the free service?
This is really all I was going for.. better than nothing
-
OpenDNS is good. Or just use Google, it's not bad.
-
@reid-cooper said in Best DNS choice for a financial institution?:
OpenDNS is good. Or just use Google, it's not bad.
For pure DNS probably so - but the OP is claiming (and JB is refuting) that OpenDNS provides filtering for free that no one else does.
And from my own testing about 3 years ago, I agree with the OP, OpenDNS did provide a free level of filtering, but I don't recall what the limitations were.
-
@travisdh1 said in Best DNS choice for a financial institution?:
@dave247 OpenDNS is just fine to use, like the other major DNS providers they will probably be a step up from your ISP provided service.
What they don't do is filtering of any kind unless you add a paid service on. I've started running my own DNS server now that does block known advertising IP addresses called Pi-Hole (Yes, I've seen many names that are better.)
I like Pi-hole because they tell advertisers to shut their piehole.
-
@dashrender said in Best DNS choice for a financial institution?:
@reid-cooper said in Best DNS choice for a financial institution?:
OpenDNS is good. Or just use Google, it's not bad.
For pure DNS probably so - but the OP is claiming (and JB is refuting) that OpenDNS provides filtering for free that no one else does.
And from my own testing about 3 years ago, I agree with the OP, OpenDNS did provide a free level of filtering, but I don't recall what the limitations were.
IIRC the filtering was free for home use only.
