I assume you are talking about DNS for your computers, not hosted DNS (like a nameserver for your domain). I rely on OpenDNS almost exclusively with the occasional failover to Google's DNS when I need to do some testing.
OpenDNS has some great features when you create an account. On even a medium-bandwidth connection, I have basically stopped using a local DNS server (aka BIND on a router or something). I have the DHCP server pass OpenDNS to the machines and go from there. Got a Mac? They have DNS over (a protocol like) SSL to prevent MitM attacks on DNS: https://www.opendns.com/technology/dnscrypt/ *4. Is this using SSL? What's the crypto and what's the design?* > > We are not using SSL. While we make the analogy that DNSCrypt is like SSL > in that it wraps all DNS traffic with encryption the same way SSL wraps all > HTTP traffic, it's not the crypto library being used. We're using > elliptical-curve cryptography, in particular the > Curve25519<http://dnscurve.org/crypto.html> eliptical > curve. The design goals are similar to those described in the DNSCurve > forwarder <http://dnscurve.org/out-implement.html> design. > For DNS service for my domains, I use my awesome registrar's DNS service ( http://uf.register4less.com , Link using referral to give credit to the awesome webcomic, userfriendly.org) I have also begun to use CloudFlare.com, as they have some fancy-pants features and a fancy new-style AJAX-based control panel. R4L's is basic HTML (which I like in most cases). Michael Potts GV: (904) 638-2914 | Gtalk: [email protected] @HMHackMaster | http://about.me/MichaelPotts On Mon, Feb 13, 2012 at 3:08 PM, inkrypto <[email protected]> wrote: > What external DNS do you use? I use comcast, my ISP's, and run a lil > webserver but don't want to get spoofed and don't know enough about bind to > harden it so . . . > > OpenDNS? >
