Expert Texture Home Contact me About Subscribe Digipede Connect on LinkedIn rwandering on Twitter rwandering on FriendFeed

rwandering.net

The blogged wandering of Robert W. Anderson

Dynamic IP and OpenDNS? Watch out.

February 27, 2008 at 12:31 pm · Filed under Web 2.0

OpenDNS is a cool service.  I use it.  It basically provides two kinds of services:

  • Better DNS Servers: to get this service, you just switch your DNS settings to their servers.
  • Extended services:  various typo-correction features, domain shortcuts, domain blocking and anti-phishing, and domain usage tracking.  To get these services, you create an OpenDNS account.

I use their servers, and while I do have an OpenDNS account, I don’t use any of the extended services. 

At least, I don’t intentionally use them.

The problem is that the services are applied based on the IP source address used in DNS queries.  IP addresses change.  IP addresses are not secure.  For most people they are dynamic.

This impacts the reliability of the service . . . 

  • For example, User A defines OpenDNS extended services associated with their IP address.
  • IP address changes.
  • User A either doesn’t have the services they are relying on, or gets services they never signed up for. 

. . . and has privacy implications . . .

  • User A changes their DNS settings, signs up for the additional services, and starts tracking domain queries.
  • User B never signs up, but just changes their DNS settings to the OpenDNS servers.
  • At some point (before or after A signs up), B gets A’s old IP address.
  • A is tracking B’s queries.

Unlikely?  Maybe.  Possible to exploit?  Definitely.  Expected by users?  I doubt it.  In fact, User B probably didn’t think this was possible. 

This is such an obvious issue that I went looking on the OpenDNS site for answers.  I expected a big warning like this:

Warning: Using OpenDNS with dynamic IPs is an advanced use case.  To use OpenDNS with dynamic IPs, you must sign up for an OpenDNS account and reliably update us with your IP address when it changes.  If you do not, other users may track your DNS queries and extended services may get applied even though you did not sign up for them. 

Expecting I must just be missing something, I posted on the community, and got an unconvincing . . .

not a major issue…and we won’t let it become one

Sounds like stonewalling to me.

So, why do I care?  User contracts 101 says if you don’t like the service, don’t use it.  OK.  I might just quit the sevice.  That is fine.

But, the user contract of “just use our DNS servers and everything is better” does not include these major caveats.  I think it is misleading.

What do I think they should do about this?  I dunno, but here is an idea:

  1. Split their DNS servers into 2 (Primary / Secondary) pairs.  This eliminates the problem for the users who use the OpenDNS servers without signing up for an account.
    • First pair doesn’t enable any extended services (except for the OpenDNS Guide).
    • Second pair is required for the extended services.  This pair is provided to users only after sign-up. 
  2. Promote a warning like the one I give above. 

These solutions don’t make the problem go away, but they make sure users are informed about what is actually going on.  And they make for a sensible user contract.

[tags]OpenDNS, Exploits, Dynamic IPs, DNS, User Contracts[/tags]

 trackback

Tags: , , , ,

    Trackback

11 Comments »