Re: [Full-disclosure] OpenDNS is acting improperly !!!

[bk <chort0@xxxxxxxxx>]

On Aug 2, 2010, at 7:59 AM, Paulo Cesar Breim (PCB) wrote:

> Are you OpenDNS partner ?
> 
> I am telling about a security problem. You are so stupid to understand.
> 
> 
> On 02/08/2010, at 11:47, bk wrote:
> 
>> On Jul 31, 2010, at 10:03 AM, Paulo Cesar Breim (PCB) wrote:
>> 
>>> NSLookup has the same problem. Always return opendns IP.
>>> 
>>> paulo
>> 
>> 
>> Quit being so dense:  http://www.opendns.com/solutions/household/guide/ -- 
>> While you're at it, read up on how DNS works.
>> 
>> If you don't like that, don't use OpenDNS.  This has been known for years.
>> 
>> --
>> chort
> 

a) Stop top-posting, it destroys the thread

b) It's not a security issue, that's how it's designed to work.  How else are 
they going to "correct" typos, make suggestions, and block "bad" sites all just 
through DNS?

Personally I don't like how their service changes responses, and I'm smart 
enough to know how to setup my own DNS servers safely, so I don't use OpenDNS.  
I also tell all my corporate customers not to use it for their servers due to 
afore-mentioned issues.  Just because I don't like how it works doesn't make it 
a "security problem".

So once again my advice is:

a)  Don't use it if you don't like it

b)  Learn how DNS works.  "ping" is not a DNS utility.  Except for very few 
edge cases, anything that makes a DNS resolution call (ping, dig, nslookup, 
host, telnet, curl, whatever) are all going to get the same results (um, that's 
what DNS is designed to do), so posting follow-ups such as "dig has the same 
problem" only prove you're too dumb to understand DNS.

Next you're going to claim every MTA is insecure because they allow you to send 
an e-mail with a different "From: header" sender than the "MAIL FROM" envelope 
sender.

--
chort
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/