[OPLINLIST] OpenDNS

Chad Neeper cneeper at level9networks.com
Fri Jan 25 15:22:53 EST 2013 

Personally, I find it to be good...and bad, depending on what you're
looking for.

As good, reliable DNS servers, OpenDNS seems to be as good as they come.
I've found them to be very reliable and fast.

As content filters, I find they pretty much stink. The caveat to that is:
 It's marginally better than no content filter at all, I suppose. As an
eval, I use the free version here at home as a content filter for my kids'
Internet use. Mostly, I did it to prove/disprove a theory I had that a
DNS-based content filter couldn't possibly ever be all that functional, no
matter how good the administrative interface is. Unfortunately, while I was
really hoping otherwise, I found my theory to be correct:

1) A DNS-based content filter can only prevent browsing to ENTIRE web
domains. For instance, if you have a generally good website that happens to
have a section that is not so good, the site can only be blocked entirely
or not blocked entirely. Blocking only
www.marginalsite.com/badcontentwhile permitting
www.marginalsite.com/goodcontent isn't possible. Take a blog or Facebook,
for example. Lots of people probably post text you would prefer to block.
With a DNS-based filter, you have to decide:  Block ALL of Facebook...or
allow it. No middle ground.

2) In the Internet world, a URL domain (marginalsite.com) resolves to an IP
address. A DNS-based content filter "blocks" by simply refusing to resolve
a "bad" URL to an IP address. It can't prevent you from going DIRECTLY to
that IP address, if you happen to know it. For instance, you might have my
house address plugged into your GPS and have it labeled as "Chad's house".
You don't need to remember my address, because your GPS can resolve "Chad's
house" to my address and direct you there. However, if your GPS is blocking
you from getting to my house by failing to resolve my name to my address,
you can still get to my house if you have another means of knowing my
address.


To date, the best content filter I've found (especially considering the
price) is dans guardian. It's an open source (free to use) content filter
that, among several other methods, rates the text of EACH web page and
assigns a score to that page on the fly. If the score hits a threshold you
specify, the page is considered bad enough to block and is blocked
accordingly. I've been using it for years at many of my libraries and we've
found it to work quite nicely. The downside is...it's not for the
technically faint at heart to set up. If you don't have linux experience,
you'd probably need some help. Once it's set up, though, it tends to "just
work".

When it was first announced that the grant money was going to be used to
fund a single content filter that would be available for all Ohio public
libraries to make use of, I was excited. It meant that we no longer needed
to maintain numerous individual content filters. I was very disappointed,
however, to find that what was funded was a DNS-based "content filter". I
find that to be just half a step above "no content filter at all."

(FWIW, I would *love* to be proven wrong about OpenDNS. I'm all-for putting
the grant money into a single content filter available to any Ohio library
that wants to implement it.)

hth,
Chad


______________________________
*Chad Neeper*
Senior Systems Engineer

*Level 9 Networks*
740-548-8070 (voice)
866-214-6607 (fax)

*Full LAN/WAN consulting services -- Specialized in libraries and schools*


On Thu, Jan 24, 2013 at 3:19 PM, Michael Limer <limermi at oplin.org> wrote:

> Greetings:
>
> I am looking into OPLIN's OpenDNS and was hoping to get some feedback from
> current users. Any insights would be greatly appreciated.
>
> Regards,
>
> Michael Limer
> Kaubisch Memorial Public Library
> _______________________________________________
> OPLINLIST mailing list -- OPLINLIST at lists.oplin.org
> http://lists.oplin.org/mailman/listinfo/oplinlist
>
> http://aboutbooks.info -- Search for author, title, subject... anything
> about books.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplinlist/attachments/20130125/6783e83c/attachment-0001.html>

More information about the OPLINLIST mailing list