<i>So, could one really do this OpenDNS thing behind a pay-for-internet-service?</i><p>Yes but it requires the pay-for-internet provider to think about their real usage scenarios and plan for them appropriately. I'm involved in the engineering of a similar system that has nearly a million users, and we've chosen to leave port 53 wide open, even though it can theoretically be used for DNS tunneling or other nefarious use.<p>Also, I disagree with the comments on the post that claim that ISP DNS is the #1 cause of slowdowns -- DNS on an ISP scale is surprisingly easy to dimension and support in the common case. The important aspects of DNS administration center around debugging misbehaving authoritative servers and management of Denial of Service attacks.