Expert Texture Home Contact me About Subscribe Digipede Connect on LinkedIn rwandering on Twitter

Expert Texture

The blogged wandering of Robert W. Anderson

Dynamic IP and OpenDNS? Watch out.

February 27, 2008 at 12:31 pm · Filed under Web 2.0

OpenDNS is a cool service.  I use it.  It basically provides two kinds of services:

  • Better DNS Servers: to get this service, you just switch your DNS settings to their servers.
  • Extended services:  various typo-correction features, domain shortcuts, domain blocking and anti-phishing, and domain usage tracking.  To get these services, you create an OpenDNS account.

I use their servers, and while I do have an OpenDNS account, I don’t use any of the extended services. 

At least, I don’t intentionally use them.

The problem is that the services are applied based on the IP source address used in DNS queries.  IP addresses change.  IP addresses are not secure.  For most people they are dynamic.

This impacts the reliability of the service . . . 

  • For example, User A defines OpenDNS extended services associated with their IP address.
  • IP address changes.
  • User A either doesn’t have the services they are relying on, or gets services they never signed up for. 

. . . and has privacy implications . . .

  • User A changes their DNS settings, signs up for the additional services, and starts tracking domain queries.
  • User B never signs up, but just changes their DNS settings to the OpenDNS servers.
  • At some point (before or after A signs up), B gets A’s old IP address.
  • A is tracking B’s queries.

Unlikely?  Maybe.  Possible to exploit?  Definitely.  Expected by users?  I doubt it.  In fact, User B probably didn’t think this was possible. 

This is such an obvious issue that I went looking on the OpenDNS site for answers.  I expected a big warning like this:

Warning: Using OpenDNS with dynamic IPs is an advanced use case.  To use OpenDNS with dynamic IPs, you must sign up for an OpenDNS account and reliably update us with your IP address when it changes.  If you do not, other users may track your DNS queries and extended services may get applied even though you did not sign up for them. 

Expecting I must just be missing something, I posted on the community, and got an unconvincing . . .

not a major issue…and we won’t let it become one

Sounds like stonewalling to me.

So, why do I care?  User contracts 101 says if you don’t like the service, don’t use it.  OK.  I might just quit the sevice.  That is fine.

But, the user contract of “just use our DNS servers and everything is better” does not include these major caveats.  I think it is misleading.

What do I think they should do about this?  I dunno, but here is an idea:

  1. Split their DNS servers into 2 (Primary / Secondary) pairs.  This eliminates the problem for the users who use the OpenDNS servers without signing up for an account.
    • First pair doesn’t enable any extended services (except for the OpenDNS Guide).
    • Second pair is required for the extended services.  This pair is provided to users only after sign-up. 
  2. Promote a warning like the one I give above. 

These solutions don’t make the problem go away, but they make sure users are informed about what is actually going on.  And they make for a sensible user contract.

 trackback

Tags: , , , ,

    Trackback

4 Comments »

    John Roberts wrote @ February 27th, 2008 at 12:43 pm

Robert, sorry you felt like I was stonewalling.

Here’s the situation:
1. It can happen as you describe.
2. It has not happened very often.
3. As OpenDNS grows, we can expect it to happen more often IF we don’t do anything. So… we’re doing several things.

I don’t like to talk about stuff we haven’t delivered yet (anti-vaporware), but here’s an example of one of those steps.

Many of the dynamic IP pools have been flagged as such in various ways. When you add a dynamic IP as an OpenDNS network, we’ll recognize that and give you next steps accordingly (checking the box for dynamic by default, lead you to the software downloads required, etc.).

You’re talking about a rare problem now, which we’re aware of, and which we’ll address before it becomes a real issue instead of a “what if” situation.

I’m glad you’re using our service, and I hope you’ll continue. And the feedback is helpful, even if we disagree about the scope of the problem.

Regarding privacy, I’d point out the OpenDNS privacy policy at http://www.opendns.com/privacy/ and underline that network statistics are OFF by default for anyone with an account and network.

John Roberts
OpenDNS

    Robert W. Anderson wrote @ February 27th, 2008 at 1:19 pm

John,

Thanks for your comment.

I do wonder when you say “not happened very often”. Is this statement based on user complaints (which we would expect to be minimal) or internal data that show that different accounts have rarely shared IP addresses? Either way, this doesn’t begin to deal with the issue of the user who just uses your servers nor how visible you make this issue to prospective users.

Knowing when IPs are dynamic can mitigate this issue, but without a warning like the one I proposed, I don’t think you are being clear enough to your users. Even with a warning, the user who just uses your servers is counting on your extended services users to update IPs correctly. This is why I suggested the two server pairs.

Statistics being off by default is neither here nor there, it only reduces the likelyhood that it doesn’t happen. That doesn’t make the service more secure or “private”.

Regarding stonewalling, it was not just your response in the forums, but also my collective experience at the OpenDNS that makes me feel this is being swept under the rug. For example, why doesn’t your privacy policy point out the vulnerability?

Robert

    Van Glass wrote @ August 31st, 2008 at 4:13 pm

Hi Robert,

I’m glad that I’m not the only person who is concerned about this. I first looked to OpenDNS as a way to use a more reliable DNS service since my ISP DNS servers are always going down. When I tried to register my IP address I got the message “Network already registered” which means that someone already registered this dynamic IP address even though I am the one that owns it now. It immediately got me thinking “So someone is possibly tracking me?”.

My concern is over privacy in that if someone else tracks the stats, they can easily begin to see what sites I am visiting and build a profile on my IP address and identity. For example, they can see what bank I use, what company I work for (while checking my email) etc. etc and start to build a profile on an IP address.

    Robert W. Anderson wrote @ August 31st, 2008 at 8:18 pm

Van, thanks for the comment. Last I checked, OpenDNS has done nothing to improve this situation. And of course, the more successful they are the more this problem does happen. Pretty disingenuous.

The “gift of safe”? More like the “gift of pseudo-random”.

Your comment

HTML-Tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>