In Praise of OpenDNS and a Wii Factoid

By Chris Linfoot
Chris Linfoot

If you are not already using OpenDNS on your home network I have one question for you.

Why not?

When it debuted, OpenDNS' main advantage was speed. It is a great deal faster than the DNS operated by most ISPs so, if you configure your border router/DHCP server to use OpenDNS name servers, the t'internet magically speeds up.

OpenDNS just keeps getting better and better, though, and it now offers in addition to speed:

To use most of these features, you need to sign up for an account, but you can do this even if you have a dynamically assigned IP address as OpenDNS supports DynDNS.

Another feature of OpenDNS, for account holders, is that detailed stats are available in a private dashboard, so that you can see what has been going on DNSwise from any computer on your network over the past few days.

On looking at the stats for my home network the other day, one item gave me cause to scratch my head a little.

There was a non-trivial number of AAAA look-ups going on.

In case you don't know (and I know you do), AAAA look-ups are IPv6 address look-ups.

So, what's going on?

Fine tuning the dashboard query a little, we can see that all of the AAAA DNS queries are for hosts in the domain.

Mystery solved.

While the computers here use IPv4, it appears that the Wii at least tries to use IPv6 — it falls back to IPv4 when that fails.

So it appears that Nintendo expects you to be still using the same Wii when IPv6 becomes mandatory in 2012. 

By Chris Linfoot, IT Director @ LDV Group Limited. Visit the blog maintained by Chris Linfoot here.

Related topics: Cybersecurity, DNS, IPv6


Re: In Praise of OpenDNS and a Wii Factoid jeroen  –  Oct 23, 2007 4:14 PM PDT

That 2012 date is mentioned in an individual draft which is not even remotely going near the RFC queue. That is like me stating hear and now that you should have had IPv6 a hundred years ago… Anything can be uploaded as a draft, that doesn't though mean any consensus at all in the IETF of what kind of type. Now when it would be a workinggroup documentthen there would be a small basis of acceptance already.
From my point of view though, the IETF will never force a cut-over date and that is also what was the original premise when designing IPv6: No Flag Day.

That the Wii is doing IPv6 is of course a good thing, but so does an X360 and a PS2 and a PS3. Note that doing a query for AAAA doesn't mean that the host itself is IPv6 capable, it just means the resolver thinks it should ask for it. Clearly the implementation on the Wii is a bit weird that it it is asking for IPv6 addresses, while, according to you, there is not even a global address assigned. XP/Vista for instance don't ask for AAAA's when there is no global IPv6 address (and some other requirements).

As for "Why not OpenDNS", tell me first why I should use a resolver which is located on the other side of the planet, so that they can also mangle all the results. Really my local own or my ISP cache works perfectly fine. Especially when you consider that DNS load balancing in effect at many high profile sites (eg Google) will try to redirect you to their local cluster. This is based generally on DNS queries and asking the local (for you) DNS servers is better than having OpenDNS (who are somewhere else completely) ask it for you. The short 'improvement' in DNS query that you might (but most likely will not get) will thus only result in you being redirected to the cluster in the wrong country/region… now that is an improvement when you are going to download several megabytes from that site. NOT.

As for the other 'features'. Those are problems with websites, as such solve it in your webbrowser, not in DNS. Not only the web uses DNS, a lot of other tools also use it.

Re: In Praise of OpenDNS and a Wii Factoid David A. Ulevitch  –  Oct 23, 2007 7:07 PM PDT


You should be lobbying for us to setup a POP near you and to support the features you need.

Will you be at ICANN in LA next week?


Re: In Praise of OpenDNS and a Wii Factoid Simon Waters  –  Oct 25, 2007 2:10 PM PDT

If you are not already using OpenDNS on your home network I have one question for you.

Why not?

Simple - to avoid breakage.

Anyone who works on the Internet (i.e. Most CircleID readers) need to see what the correct responses to DNS queries are, so that they can see if what they have done is correct.

All the so called features, are effectively data corruption of the DNS. No good my updating a website link to a broken one, but OpenDNS correcting it for me so I don't see it is broken, if others will get an error (or just different results) using that link.

So I'd have to switch all those feature off.

This leaves speed and reliability as the soul criteria for switching.

Well reliability of my local DNS cache can't be beat (no WAN link dependencies over and above those that I need to get on the net), and speed to the local cache is faster than the trip to the OpenDNS cache at London (which is a mere 180 miles for me, unlike others outside the US/UK who may have a lot further to go).

Initial testing shows that whilst often OpenDNS is faster on initial lookup of a domain since it is often already cached, the responses are erratic in performance. Indeed average response is pretty similar to random UK based recursive DNS servers I tried. Sometimes the response is a lot quicker, but sometimes it is two or three times slower, so really not much different overall from any other DNS service.

If your ISPs DNS is really overworked it might be a win, but I'd suggest you probably selected the wrong ISP if they can't manager their DNS servers effectively.

Re: In Praise of OpenDNS and a Wii Factoid jeroen  –  Oct 30, 2007 7:06 PM PDT

David A. Ulevitch said:

> You should be lobbying for us to setup a POP near you and to support the features you need.

As 'near me' is quite a broad concept (I am moving around between, and quite frequently for living and work, avoiding the notion of the places I go to for a couple of days only) this won't really work, unless you are going to be present, like root-servers in every city. Or are you going to create a 'opendns.local' edition which you can run on your own server, then do P2P to fetch the results of other hosts who participate etc? Not that would help in anyway as DNS is already distributed and the nameservers of the ISP one is at already has a cache of the names that their users generally use, next to them being much closer (network wise) than you can ever be, unless you run on my host, which means that you still need to fetch queries from another hop, which is much further away than those caches.

Really, I don't see how I would benefit from such a service.

Also the main 'against' I have is that it doesn't provide me with any better service than my local ISP might, or for that matter a local DNS server running on my own local machine over which I would have full control, IPv6 and DNSSEC support and if I truly desire any support I want to code into it due to the nature of having the source and full control over it. The latter of course not something I need as any install of bind or PowerDNS does exactly what I want: resolving the names and other labels in DNS and converting them to A or AAAA and other records, this while keeping the data exactly as they are appearing on the Internet as published by the owners of those domains.

Actually to be honest, the same argument against using OpenDNS in the goes for using IPv6 tunnelbrokers: latency and too remote.
Though for a tunnel broker you actually gain a good feature: IPv6 connectivity. For me though using OpenDNS would not provide me with any feature that I currently don't have.

Note that I am not saying that OpenDNS is a bad thing; clearly quite a large number of people see a benefit to it.
For me though I really don't see any advantage.

> Will you be at ICANN in LA next week?

I don't frequent the ICANN meetings, simply as they are outside my scope of work. Commenting here and participating on mailinglists is already involving myself too much into the politics.

Re: In Praise of OpenDNS and a Wii Factoid jeroen  –  Apr 05, 2008 4:54 PM PDT

As I have a Wii, I finally checked how much "IPv6" is actually in there. The only thing I could find it doing though was that it is doing an AAAA query, though after an A query when going to eg the shopping site. But that is also the only thing it does, even when using Opera (Internet Channel). I don't see it do any IPv6 ND/RD/DAD, thus as such, I can't believe it does any IPv6 at all either.

Thus where does this "Wii Factoid" come from, as when it was a fact it should be doing IPv6 in my network. That it does DNS AAAA queries is one thing, but it doesn't mean that it actually does IPv6 at all.

Note that the Wii queries first for an A record and then an AAAA, this should be the other way around, but I guess the people who implemented it might have done this to be sure that an A query always works, especially in the light of broken DNS caches that croak when they get an AAAA record, which would mean loads of support calls.

Re: In Praise of OpenDNS and a Wii Factoid Chris Linfoot  –  Apr 07, 2008 1:16 AM PDT

> where does this “Wii Factoid” come from

Jeroen, the factoid I describe here is that the Wii does AAAA DNS lookups. This is self evidently true.

As to why?

Ask Nintendo. They have some very clever people working there and they didn't put a small piece (DNS lookups only) of an IPv6 stack into the Wii by accident.