OpenDNS typo correction

I did some work at a customer site the other day and they’ve been having a lot of problems resolving internet names via their ISP’s recursive DNS servers. They use both BT and Virgin (formerly NTL) for internet connectivity and so forward unresolvable DNS queries to both ISP’s DNS servers. I did some monitoring for the customer over a period of a few days using my Cacti DNS monitoring scripts and found that BT’s nameservers were not responding at all to any queries. I don’t know whether they were blackholing my queries or were hitting their recursive clients limits, but my monitoring reproduced the problems seen my the customer so in the end I suggested they use OpenDNS’s nameservers.

They duly started using OpenDNS for internet resolution but experienced something that I also came across during my testing at home and that is to do with the typo correction feature. This works a little like Verisign’s hated "sitefinder" feature that was added to the .com domain a couple of years ago whereby if you try to resolve a domain that does not exist, you get taken to a search engine. OpenDNS is a little different in that they will try and correct any typos to try and match an existing domain, but if it ultimately can’t then it will take you to OpenDNS’s search engine. This can be very confusing because if you are troubleshooting with commands like dig and nslookup, you WILL get an IP address come back, even if you are trying to resolve a name like  http://www.qjkwkwejhkjew.sdhdshjg!!!

Some applications expect a "NXDOMAIN" response if a domain does not exist, but OpenDNS will always return their web server’s IP address.

In order to get around this problem and make their DNS servers behave like any other (that is return "NXDOMAIN" when a domain does not exist) you need to log into the OpenDNS dashboard, click Settings, Typo Corrections and then untick the "Enable typo correction" box. This solved my problems and my customer is trying this out now, but he’s annoyed that I didn’t tell him this before! Oooops!

It’s kind of a shame that OpenDNS don’t disable typo correction by default, but I guess it depends on the type of person using it. For home users it’s probably quite useful, but business customers will probably want to turn it off. Maybe they should alter their setup so that if you register a network with a single IP address it turns typo correction on (typically for home users), but if you register a network containing multiple hosts then it turns typo correction off (typically for business users).

Another issue I can see happening now is that this customer is going to call me whenever he has any problems with OpenDNS, but I don’t get paid for supporting this and if he wants support he should really call OpenDNS in California (or wherever they’re based) or email OpenDNS directly. Maybe there is a germ of a business opportunity here, either I sell a UK based support service on behalf of OpenDNS for customers to use, or I set up my own recursive DNS service for customers to use. I guess the problem with the second option is the amount of investment required – I could rent a number of DNS servers with different providers but would really need to use anycast to make this work properly, so it’ll take a bit of setting up and I would still need to get customers to pay for this so I can recoup my costs. I’d also want it to be secure to stop spammers and malware authors abusing the service. Might be worth investigating though!

This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s