I was asked the question, "Is OpenNIC a reliable DNS service?" As a systems administrator on a private network, being able to create and customize a DNS server adds some management features that would not apply to the average home based web surfer.
This question was asked with the reason for using OpenNIC is to add an extra layer of privacy to your web browsing. The belief, or perhaps paranoia, is that DNS servers are able to log your requests, and by doing so they have a record of sites you have visited. The question is asked in the context that your DNS provided by your ISP is a source to track where you have been on the internet, and by using an alternative DNS service that eliminates that extra potential layer of tracking, thereby creating more privacy.
If you want to start playing around with alternative DNS solutions you need to understand the risks as well as the benefits.
First let's take a quick look at the definition of DNS (Domain Naming Service)
- DNS is a distributed database of Domain Names and their corresponding IP Addresses.
- DNS makes it possible to attach hard to remember IP addresses to easy to remember domain names
- DNS translates between meaningful host names and IP addresses. It is a hierarchical naming system used to give each server on the Internet a unique name.
- DNS keeps a complete listing of all FQDNs (Fully qualified domain names) and their associated IP address.
What is OpenNIC?
OpenNIC, an open source DNS provider, an organization of hobbyists who run an alternative DNS network.
Is OpenNIC a reliable DNS service?
A quick look at some data found in the links below tell me that OpenNIC, an open source DNS provider, does not appear to be as efficient as other DNS providers.
Comparing the performance of popular public DNS providers -|- Recommended Public DNS Servers
Based on the data in those two articles, and my personal experiences with open source, I would ask, why bother to use OpenNIC?
I have volunteered my time and have been an advocate of open source solutions for more than 20 years. I am happy to use and test open source solutions if I see a benefit in using them. If I felt the need to pursue an alternative DNS solution I would do more research, but based on what I see here, I just don't see a compelling reason to jump on the OpenNIC bandwagon.
The importance of DNS
As an IT professional I have often used the analogy that talking to business managers about maintaining a computer network is like talking about the plumbing. Many cost cutting managers see technology infrastructure as an expense to be reduced, rather than a resource to be managed. The need to replace the pipes is not something that gets discussed. That is, until the morning when there is no water coming from the pipes, and no one can flush the toilets, then it becomes mission critical.
Computer network services such as DNS are like the plumbing below the surface, as long as it is running and everything is working, no one gives it much thought. That is until you type in the name of a website into your browser, and you get the message: dns_unresolved_hostname The requested site could not be found in DNS.
This article puts DNS into perspective: Plan to transition Internet management sparks censorship fears
Quoting from that article: *"The importance of DNS cannot be overstated. It is the Internet’s phonebook, connecting bizarre-looking IP addresses to the domain names with which all Internet users are familiar. When someone types **Google* (http://google.com)* into their browser, their request goes through a DNS server, which understands that the user is looking for one of Google‘s many servers, including 184.108.40.206. If that routing information were compromised or corrupted, whether intentionally or accidentally, it could severely disrupt the basic flow of traffic over the Web."*
Digging deeper with DNS
Sounds simple on the surface, but when you look at DNS as a tool to deceive and mis-direct people, it gets a little deeper.
Over the years I've written quite a bit about internet laws and proposed legislation. In 2011 the world was up in arms about PIPA (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act.) The well meaning and good intentions of the US Congress was to shut down rogue websites and reduce the sale of counterfeit goods.
One of the provisions of the proposed law PIPA was allowing the government to remove rogue websites from the Domain Name System (DNS). Of course the internet purists were screaming about too much government control of the internet. (Ironically these same groups are now screaming for more government control of the internet with net neutrality regulations.)
Digging through some old notes I found this article explaining PIPA: DNS filtering: absolutely the wrong way to defend copyrights
I have digressed a bit from the context of the original question, but I wanted to try to explain why the question might matter to someone beyond the simple answer, and why changing your DNS server is not something to be taken lightly.