|This article relies too much on references to primary sources. (September 2014)|
|Type||Network Security and DNS Resolution Service|
|Headquarters||San Francisco, California|
|Key people||David Ulevitch (Founder & CEO), Dan Hubbard (CTO)|
OpenDNS is a company and service which provides network security and extends the Domain Name System (DNS) by adding features such as phishing protection and optional content filtering to traditional recursive DNS services.
The company hosts a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 60 billion DNS queries daily from 50 million active users connected to the service through 24 data centers worldwide.
Products and Services
- 18.104.22.168 (resolver1.opendns.com)
- 22.214.171.124 (resolver2.opendns.com)
- 126.96.36.199 
- 188.8.131.52 
As of July 2013, OpenDNS said that it handled over 50 billion DNS requests daily.
OpenDNS may have negligible performance gain, but may process queries more quickly than an ISP with slow DNS servers. DNS query results are sometimes cached by routers (e.g. typically local ISPs queries may be cached by ISPs home routers), the local operating system or applications, so differences in speed may not be noticeable with every request but only with requests that are not stored in a local cache.
DNS services for personal home use
On May 13, 2007, OpenDNS launched a domain-blocking service to block web sites or non-Web servers visited based upon categories, allowing control over the type of sites that may be accessed. The categories can be overridden through individually managed blacklists and whitelists. In 2008, OpenDNS changed from a closed list of blocked domains to a community-driven list allowing subscribers to suggest sites for blocking; if enough subscribers (the number has not been disclosed) concur with the categorization of the site it is added to the appropriate category for blocking. As of 2014[update] there were over 60 categories. The basic OpenDNS service does not require users to register, but using the customizable block feature requires registering.
OpenDNS supports the DNSCrypt protocol, which authenticates and encrypts DNS traffic between the user's computer and the name servers. This requires installing free software onto supported devices.
In December, 2007, OpenDNS began offering the free DNS-O-Matic service to provide a method of sending dynamic DNS (DDNS) updates to several DDNS providers using DynDNS's update API. In October 2009, OpenDNS launched premium services, called Home VIP. For a charge, the service offers increased reporting and block features, and other services.
DNS services for paid business use
In 2009, OpenDNS launched OpenDNS Enterprise, a first foray into enterprise-grade network security. OpenDNS Enterprise included the ability to share management of the product across a team, along with an audit log, expanded malware protection, daily network statistic reports, and a custom block page URL.
OpenDNS expanded on the Enterprise product in July 2012 with OpenDNS Insights. This new service featured integration with Microsoft Active Directory, which allowed admins granular control over creating policies on a per-user, per-device, and per-group basis.
In November of 2012 OpenDNS launched its network security product suite called Umbrella. Umbrella is designed to enforce security policies for mobile employees that work beyond the corporate network using roaming devices such as Windows and Mac laptops, iPhones, and iPads, and provides granular network security for all devices behind the network perimeter. IT administrators can define policies, provision devices, and view reports across users, sites, networks, groups, and devices.
In February 2013, the company launched the OpenDNS Security Graph to support Umbrella. Security graph is a data-driven threat intelligence engine that automatically updates malware, botnet, snf phishing domain and IP blacklists enforced by Umbrella. The data is sourced from the DNS requests OpenDNS receives, plus the BGP routing tables that are manages by OpenDNS's network operations center.
OpenDNS introduced the Investigate feature to Umbrella in November 2013. Investigate allows security teams to compare local traffic to global traffic to help determine the intent of an attack, and help incident response teams prioritize events. In January 2014, the Intelligent Proxy feature was added to the Umbrella product suite. The OpenDNS Intelligent Proxy only proxies connections if the requested domain is scored as suspicious or tagged as partially malicious by OpenDNS Security Graph.
One month later, OpenDNS announced a technology integration partnership with FireEye. The collaboration allows indicators of compromise to be forwarded from FireEye’s real-time notification system to Umbrella, extending FireEye’s protection to mobile employees and branch offices. In addition to FireEye, the company added integrations with CheckPoint and ZeroFOX in December 2014, announcing the OpenDNS security partner platform.
Umbrella for MSPs
There is a distinct Umbrella package for MSPs. It features the same protection as the regular business packages, but offers additional MSP features: a centralized multi-tenant dashboard, on-demand monthly licensing, and ConnectWise and Autotask PSA integrations.
In July 2006, OpenDNS was launched by computer scientist and entrepreneur David Ulevitch, providing recursive DNS resolution to homes, schools, and businesses. It received venture capital funding from Minor Ventures, which is led by CNET founder Halsey Minor. In October 2006, OpenDNS launched PhishTank, an online collaborative anti-phishing database. Before 2007, OpenDNS was using the DNS Update API from DynDNS to handle updates from users with dynamic IPs. In June 2007, OpenDNS started advanced web filtering to optionally block adult content for their free accounts. Nand Mulchandani, former head of VMware's security group, left VMware to join OpenDNS as new CEO in November 2008, replacing founder David Ulevitch, who remained as the company's chief technology officer. David Ulevitch resumed his post as CEO of OpenDNS in late 2009.
OpenDNS was funded by Sequoia Capital and Greylock in July 2009. In June 2010 OpenDNS launched "FamilyShield", a service designed to filter out sites with pornographic content. The service uses the DNS addresses 184.108.40.206 and 220.127.116.11. The World Economic Forum announced the company as a Technology Pioneer for 2011. In March 2012, Dan Hubbard, former CTO at Websense, joined OpenDNS as CTO. The OpenDNS Security Labs were founded in December 2012, serving as a hub for research at the company. OpenDNS launched Security Graph, a security intelligence and threat detection engine in February 2013, followed by a Series B funding round. In May 2014, OpenDNS announced a Series C funding round totaling $35M, with new investors Northgate Capital, Mohr Davidow Ventures, Lumia Capital, Evolution Equity Partners, Cisco, Glynn Capital Management, and Sutter Hill Ventures, as well as previous backers Greylock Partners and Sequoia Capital.
OpenDNS previously earned a portion of its revenue by resolving a domain name to an OpenDNS server when the name is not otherwise defined in DNS, or when the name had been misspelled. This had the effect that if a user typed a non-existent or incorrect name in a URL in a web browser, the user saw a search page branded OpenDNS Guide. This redirection broke some non-Web applications that relied on getting an NXDOMAIN response for non-existent domains, such as email spam filtering, or VPN access where the private network's nameservers are consulted only when the public ones fail to resolve.
Breaking local name resolution could be avoided by configuring the DNS addresses only in the forwarders of the local DNS server or router (the WAN?Internet configuration of a router or other gateway). For other purposes, or when the DNS addresses cannot be configured in a forwarder, domains for which an NXDOMAIN response is expected could be added to the Exceptions for VPN Users section of the OpenDNS Dashboard.
Advertisers paid OpenDNS to have advertisements for their sites on the OpenDNS Guide page. This behavior was similar to VeriSign's previous Site Finder or the redirects many ISPs place on their own DNS servers. OpenDNS said that the advertising revenue paid for the free customized DNS service. As of June 6, 2014, it has been discontinued.
OpenDNS said they discontinued the advertising because of their move towards a security focus in their business. The typo-correction feature was also deprecated in favor of proper NXDOMAIN behavior.
- Alternative DNS root
- DNS Advantage
- Google Public DNS
- Norton DNS
- Open Root Server Network
- No more ads as of June 6th 2014
- "Open DNS System - current status of servers". Retrieved 2013-01-18.
- July 26, 2007 (2007-07-26). "OpenDNS is a free, ad-based service". Pcmag.com. Retrieved 2011-08-21.
- Keizer, Gregg. "OpenDNS to yank ads from its free consumer services". Computerworld. Retrieved 8 September 2014.
- "A new reason to love OpenDNS: no more ads". OpenDNS. Retrieved 8 September 2014./
- OpenDNS | 0x80
- "OpenDNS adopts DNSCurve, official OpenDNS blog entry". Blog.opendns.com. Retrieved 2011-08-21.
- "OpenDNS > Support > Knowledge Base > Additional (3rd and 4th) OpenDNS Addresses". OpenDNS. Retrieved 2011-09-21.
- OpenDNS IPv6 Sandbox
- "Seven Years of Innovation, and Beyond". OpenDNS. 2013-07-30.
- "OpenDNS Review & Rating PCMag.com". pcmag.com. 2007-07-26. Retrieved 2012-02-20.
- "OpenDNS: What's Your Take?". Neowin.net. 2007-03-13. Retrieved 2010-04-20.
- "How to Protect your Kids Online using OpenDNS". PCTechNotes. 2009-03-17. Retrieved 2011-08-22.
- "OpenDNS Parental Controls". OpenDNS. Retrieved 2011-11-08.
- Family Shield Setup
- "DNSCrypt A protocol for securing communications between a client and a DNS resolver". www.dnscrypt.org. 2014-08-19. Retrieved 2014-08-19.
- "OpenDNS Announces DNS-O-Matic: Free Service to Simplify Residential ISP and Small Businesses' Dynamic DNS Service". Prweb.com. Retrieved 2010-04-20.
- "OpenDNS Deluxe and OpenDNS Enterprise have arrived". OpenDNS. Retrieved 2009-10-21.
- "Internet Security Provider OpenDNS Announces Full Availability of Enterprise Insights". HostSearch. Retrieved 2012-07-05.
- "Predictive Security Analytics ToolAvailable Free to Researchers". threatpost.com. 2013-02-05.
- "Proxy as a Platform". engineering.opendns.com. 2014-05-01.
- . securityweek.com. 2014-02-05 Teams with FireEye to Boost Threat Protection http://www.securityweek.com/opendns-teams-fireeye-boost-threat-protectiontitle=OpenDNS Teams with FireEye to Boost Threat Protection. Missing or empty
- . Network World. 2014-12-03 Reinforces Cloud Security with Ties to Check Point, ZeroFOX, others http://www.networkworld.com/article/2854602/security0/opendns-reinforces-cloud-security-with-ties-to-check-point-zerofox-others.htmltitle=OpenDNS Reinforces Cloud Security with Ties to Check Point, ZeroFOX, others. Missing or empty
- "OpenDNS Launches Platform to Ease Security Management for MSPs". CRN.com. 2013-06-05.
- "Dynamic IP: General Info". OpenDNS. Retrieved 2010-04-20.
- "VMware security chief leaves to run OpenDNS". Computerworld.com.au. 2008-11-21. Retrieved 2010-04-20.
- Frommer, Dan. "OpenDNS Founder David Ulevitch Takes Back Reins As CEO". Business Insider. Retrieved 8 September 2014.
- Arrington, Michael. "Sequoia, Greylock Take Stake In OpenDNS", TechCrunch, July 7, 2009, accessed February 4, 2011.
- "Introducing FamilyShield Parental Controls". OpenDNS. 2010-06-23. Retrieved 2010-09-19.
- Thirty-One Visionary Companies Selected as Technology Pioneers 2011
- "OpenDNS hires Websense CTO to guide enterprise DNS security services". TechTarget. 2012-03-02.
- "CrunchBase OpenDNS Series B Round". CrunchBase. 2013-02-20.
- "CrunchBase OpenDNS Series C Round". CrunchBase. 2014-05-14.
- "OpenDNS knowledge base: OpenDNS is not like Site Finder". Opendns.com. Archived from the original on March 29, 2010. Retrieved 2010-04-20.
- "OpenDNS knowledge base: How does OpenDNS make money?". Opendns.com. April 21, 2010. Archived from the original on 2011-06-06.