I'm the founder of OpenDNS. This article is not accurate. We are blocked by Sprint Wireless, not Verizon Wireless. You can't change your DNS easily when using the Verizon Wireless 3G network's provided hardware, but if you are using your device in tethering mode or a USB-connected fashion, you certainly can use whatever DNS service you want.<p>How did this happen? We have, in the past, been blocked by Verizon Wireless, either deliberately or due to technical issues, but it is not the case today. I've been a VW customer for a few years, and it's a great service. And today, Verizon FIOS service requires the user to have CPE that doesn't allow the user to change their DNS (same with ATT U-Verse). Sprint Wireless blocks us today, and always has.<p>In my phone interview, done too hastily or speaking too quickly, I misspoke when speaking about Verizon FIOS and Sprint Wireless as examples of how our customers aren't able to use our service and mixed up the companies. That or the reporter misheard. Either way, this is a good reminder of why it's always better to do email-based interviews. The reporter in this case is a very good one whom I've worked with in the past, so I'm confident the error was mine. In fact, most of the post (it's a Q&A) doesn't really capture the entirety of our discussion, which is unfortunate. My actual sentiments are far less anti-ISP and pro-Google than I think they came out. (repeat, I really dislike phone interviews)<p>It's unfortunate that I wasn't able to correct the story earlier, though we did work to get the original Washington Post blog updated right after it posted (and it was corrected). Other sites didn't quite seem to pick up the update. I've been trying to update other blogs where I can because it's not fair for VW to be painted in this light. It should have been Sprint Wireless. Some folks on my staff have also worked with Verizon Wireless to make sure that they are not blocking us, and I thank them for their efforts.
DNS redirection (and the monetization thereof) is kind of a moot point in the mid/long term in light of DNSSEC.<p>Consider the example of comcast, an ISP that uses opt-out DNS redirection advertising, but has been forced to give up the practice for its DNSSEC resolvers:<p>* We believe that the web error redirection function of Comcast Domain Helper is technically incompatible with DNSSEC.<p>* Comcast has always known this and plans to turn off such redirection when DNSSEC is fully implemented.<p>* The production network DNSSEC servers do not have Comcast Domain Helper's DNS redirect functionality enabled.<p>* We recently updated our IETF Internet Draft on this subject, available at <a href="http://tools.ietf.org/html/draft-livingood-dns-redirect" rel="nofollow">http://tools.ietf.org/html/draft-livingood-dns-redirect</a>, to reflect this.<p>-- <a href="http://www.dnssec.comcast.net/faq.htm" rel="nofollow">http://www.dnssec.comcast.net/faq.htm</a>
Most IPSs think that DNS is an afterthought, to be stuffed in an old box and forgotten. Typical scenario: wait for a request, deny that request, then cache and honor the request the second time round.
I'd like to put in a good word for openDNS. I've used them for several years and have always found David Ulevitch and the company to be friendly, helpful, and reliable.
I would not like to see ISPs block alternative DNS services.
I use OpenDNS to block distracting sites, and alias
<a href="http://block.opendns.com" rel="nofollow">http://block.opendns.com</a> to localhost, which is then
redirected to my to-do list. A web server on my machine
redirects the default page at localhost to my to-do
list on <a href="http://rememberthemilk.com" rel="nofollow">http://rememberthemilk.com</a>.<p>In addition, my /etc/hosts file includes the hosts file
from <a href="http://www.mvps.org/winhelp2002/" rel="nofollow">http://www.mvps.org/winhelp2002/</a>, which aliases
ad and tracker site domains to localhost.<p>Ad blockers suppress ads, but do not provide positive reinforcement. Site blocking software systems filter unwanted content, but do not substitute desired content in its place. It's not enough to slap the user's hand.<p>The domain name filtering service OpenDNS displays a block
page at <a href="http://block.opendns.com" rel="nofollow">http://block.opendns.com</a> if a site meets the criteria for filtering. This is negative reinforcement. OpenDNS might provide positive reinforcement if users could to substitute something else, for example, an online to-do list such as <a href="http://rememberthemilk.com" rel="nofollow">http://rememberthemilk.com</a>, for the block page.<p>Maybe OpenDNS could provide such a service.