Changing Nameservers to OpenDNS

Lately I’ve noticed that Streamyxs DNS Server is over crowded and poorly maintained. This is the reason why it takes such a long time for the DNS servers to lookup the proper IP address for my domain and such. This is why it takes couple of minutes to load the page. The problem lies within their DNS Server. You may be thinking what is this DNS server that you keep on hearing. To translate it , it simply a yellow pages of the Internet. The concept is similar on how you would lookup for phone numbers in white pages or yellow pages. That’s how DNS works (you can take a look at this video to get the idea on how actually it works) 
httpv://www.youtube.com/watch?v=je2LeiQ-4sg
 
Firstly when you key-in a web address , your Web Browser would send to the DNS server to be ‘translated’ into IP address so that it can connect to the server directly and fetch the content of the site for you. This is what DNS Server does , generally it translates domain names into IP Address. Now imagine this , what if its overloaded. Suppose if a DNS Server is able to handle 100 requests a day and all of a sudden surge in number of users who are using Internet – Bam the DNS server tears itself apart. That is why you have 2 DNS servers (one is a backup) and suppose if both fails . Then my friend , you’re in big trouble. This is what exactly happened to TM’s DNS Server couple of days ago. The server just wasn’t able to handle large number of requests and not to mention poor maintenance  by TM folks. Anyhow , the best remedy that I can think is by changing DNS Server. This usually solves the issue of not able to connect to a certain site , as generally some DNS servers only keep track of 1-2 IP address for a server whereas the server could have to 5 IPs . This is where OpenDNS comes into play. Its a way better managed DNS Server by people who do know how to manage. 
 


pharming-diagram
How Pharming Works (Credits : plynt.com) - Generally this is how users are "tricked' thinking that they are actually accessing a genuine banking website whereas he is actually accessing a fake/trap site


 
Not to mention that it has additional features that allows you to block certain sites (i.e pornographic , gambling sites) for free as opposed to using ISP’s filtering services which they charge you (In Malaysia , TM rips its customer by offering this service for a “nominal fee”) and not to mention OpenDNS  also alerts if the site is potentially dangerous or a fake site (i.e fake banking site) as we all do know that scammers and losers are on the lose trying to bait people to click sites which can potentially harm your PC or to collect your personal information. 
So what’s the catch you ask – If you’re Malaysia – chances are it takes a bit longer for you to load a site. However its a fair trade off , to speed , stability and not to mention additional things that OpenDNS has to offer. Setting up OpenDNS is fairly straight forward and their web-site offers on how to set it up for all platforms including mobile phones such as Windows Mobile powered phones , iPhone and even on how to set it up in your router !

MCMC is on the fast lane & What is DNS Blacklisting

Wow this is something shocking , MCMC has managed to block malaysia-today through DNS null routing (I’ll explain on DNS null routing later). Its a very shocking news and it shows that MCMC is capable of anything (who knows , they might even block p2p protocol one day or better yet block all those file sharing sites – We might never know). Anyhow , what concerns me is the method that they used to block it , currently all 3 ISPs in Malaysia obeys this rule (that is by null-routing). I’m here to explain on null routing and how it works rather then just talking crap. These ISPs use a method called DNS Blacklisting , they black list the domain name , in other words – When you load your web-browser and type a blocked address in this case – Malaysia Today’s Address , your browser quires the DNS Server which acts as the phonebook and then provides the computer back the IP address it should retrieve data from. But then now the DNS entry has been altered in the DNS server , when your computer quires for the IP Address , the DNS server simply replies it with localhost/127.0.0.1 , which results in a page could not be found error (It says , eh that site is in your PC !). Its a neat way to block sites,  but however its still possible for users to access the web-site if they key-in the Ip address of the site manually , as it would bypass DNS servers directly and connects to the server. Although this method isn’t efficient but its pretty good to keep folks out of the site , thinking that its down for good or there is no way to bypass it.
Here is an example , two screenshots which I’ve taken .

As you see above (my Local connection) , it shows the address of malaysia-today.net as 127.0.0.1 and compare it with the screenshot below (my SSH conncetion – a server located in the states) it replies me back with the name server , the ip addresses of the server and other useful information. This shows that the DNS query has been blacklisted in my remote server. Usually , ISPs will black list certain sites to prevent users from visiting it or to block spammers , there are even several other reasons as well 

Dig Query (on a Remote Server)
Dig Query (on a Remote Server)

So that is how they do it , basically its done in the DNS entry. Oh yeah , you may be asking me what is dig and what does it do , dig(which is an abbreviation for Domain Information Groper)  is a unix tool to query the DNS Server , in other words it looks up for the IP address of the adress that you have entered. For all *nix based operting system such as MacOSX and Linux , this tool comes along with your distribution , as for windows if you want to get it , you may download it from this site (Bear in mind , its bit complex to set it up)  If you’re looking for a good DNS Server that provides more control over your DNS control and if you would like to block certain sites in your college or university , do consider trying OpenDNS. Its a pretty good alternative to your ISP’s Default DNS Servers ! – Once again you may never know whats going to hit next. All of a sudden they might block Torrent trackers or worst – They might even censor certain sites. Keep in mind , there is no such thing as 100% anonymity once you’re connected to the World Wide Web !