They duly started using OpenDNS for internet resolution but experienced something that I also came across during my testing at home and that is to do with the typo correction feature. This works a little like Verisign’s hated "sitefinder" feature that was added to the .com domain a couple of years ago whereby if you try to resolve a domain that does not exist, you get taken to a search engine. OpenDNS is a little different in that they will try and correct any typos to try and match an existing domain, but if it ultimately can’t then it will take you to OpenDNS’s search engine. This can be very confusing because if you are troubleshooting with commands like dig and nslookup, you WILL get an IP address come back, even if you are trying to resolve a name like http://www.qjkwkwejhkjew.sdhdshjg!!!
Some applications expect a "NXDOMAIN" response if a domain does not exist, but OpenDNS will always return their web server’s IP address.
In order to get around this problem and make their DNS servers behave like any other (that is return "NXDOMAIN" when a domain does not exist) you need to log into the OpenDNS dashboard, click Settings, Typo Corrections and then untick the "Enable typo correction" box. This solved my problems and my customer is trying this out now, but he’s annoyed that I didn’t tell him this before! Oooops!
It’s kind of a shame that OpenDNS don’t disable typo correction by default, but I guess it depends on the type of person using it. For home users it’s probably quite useful, but business customers will probably want to turn it off. Maybe they should alter their setup so that if you register a network with a single IP address it turns typo correction on (typically for home users), but if you register a network containing multiple hosts then it turns typo correction off (typically for business users).
Another issue I can see happening now is that this customer is going to call me whenever he has any problems with OpenDNS, but I don’t get paid for supporting this and if he wants support he should really call OpenDNS in California (or wherever they’re based) or email OpenDNS directly. Maybe there is a germ of a business opportunity here, either I sell a UK based support service on behalf of OpenDNS for customers to use, or I set up my own recursive DNS service for customers to use. I guess the problem with the second option is the amount of investment required – I could rent a number of DNS servers with different providers but would really need to use anycast to make this work properly, so it’ll take a bit of setting up and I would still need to get customers to pay for this so I can recoup my costs. I’d also want it to be secure to stop spammers and malware authors abusing the service. Might be worth investigating though!