Why OpenDNS is bad

  1. It fails-unsafe. If your external IP changes and not immediately updated in OpenDNS then all previously blocked sites become available
  2. It logs all your DNS requests by default.
  3. It can be easily circumvented, by simply setting a different static DNS server on a box instead of using one provided by DHCP
  4. It’s owned by Cisco. Cisco is known to care very little about your security

A better alternative is to have an internal DNS blackhole, like pi-hole

Tags: NetSec