News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • OpenDNS vs ISP DNS Question

    Posted on Nathan Parker Comment on the AskWoody Lounge

    This topic contains 14 replies, has 6 voices, and was last updated by

     Nathan Parker 5 days, 3 hours ago.

    • Author
      Posts
    • #1874248 Reply

      Nathan Parker
      AskWoody_MVP

      In the past when I managed my own network with Cisco networking gear, I always used OpenDNS for my DNS, and it was generally rock-solid and speedy.

      Now that my ISP cloud-manages my network with Cambium networking gear, they have everything set to their own DNS servers. There haven’t been any major issues with them (although my ISP speeds have been slow in general due to congestion they’re working to alleviate).

      However, I’m wondering if I’d still see slightly better performance, as well as overall better security (since I am not sure how my ISP handles security on their DNS servers) by going back to OpenDNS. My ISP likely won’t flip my router DNS to OpenDNS since they prefer their servers, so I’d have to make the flips at the device level. I know how to do it for Mac and iOS. Has anyone attempted to make DNS changes to devices such as: Apple TV, Fire TV, NAS devices (I have a Drobo), Amazon Echo/Alexa devices, Kindle eReaders (not the tablet but the eInk readers), etc.?

      Also, I’m a little confused on OpenDNS’s chart here: https://www.opendns.com/home-internet-security/. If I wanted to invest in OpenDNS VIP Home or OpenDNS Prosumer, would I use the standard OpenDNS servers or the Family Shield servers in my configurations, and does anyone know if the OpenDNS Prosumer $20/user is per month or per year, and had anyone tried it with iOS devices ? Has anyone signed up for either of these services using an existing Cisco ID, or does it require its own ID, and has anyone tried any of their premium services before?

      Nathan Parker

    • #1874616 Reply

      wavy
      AskWoody Plus

      The pic says it all, or at least mostly. First selection is “change adapter options”

       

      Capture-2

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
      • This reply was modified 1 week ago by
         wavy.
      Attachments:
      1 user thanked author for this post.
    • #1874734 Reply

      Nathan Parker
      AskWoody_MVP

      Thanks! I’m actually on a Mac, iPhone, and iPad, plus the other devices I’ve mentioned. I know how to change it on a Mac, iPhone, and iPad, but not sure about Apple TV, Fire TV, NAS devices, etc. I’m also curious if it’d actually benefit me to do this.

      Nathan Parker

      • #1874735 Reply

        Bob99
        AskWoody Lounger

        As you probably did at work, just change your router’s DNS settings to the numbers you may already be familiar with, 208.67.222.222 and 208.67.220.220, and let your router take it from there!

        As a non-business entity, your use of OpenDNS is completely free, of course. If you want any additional protections or services as those you’ve described, then those  come with a fee as described on their web site.

        As far as the services you describe, you would still use their standard DNS servers, but they would add those services to your connection, and you’d have to sign in to an account to manage those services to your liking.

        I’ve been using OpenDNS (completely for free by just making the change I described above) for about a decade now, ever since I heard about it and made the switch, away from my ISP at the time, Comcast. Comcast never once complained that I wasn’t using their DNS servers, and I’ve always enjoyed very fast connections to any website of my choosing, and have had NO downtime that I can recall at this moment. My current ISP, also a cable company but in a different part of the country, has also never once complained about my not using their DNS servers.

        BTW, as a “backstop”, I have not only changed the DNS settings of my router to OpenDNS, but of all my attached devices as well! That way, they should still use OpenDNS in the event the router’s DNS settings get changed somehow.

        Hope this helps you!

        1 user thanked author for this post.
        • #1874844 Reply

          Nathan Parker
          AskWoody_MVP

          Thanks for the info. In terms of changing to OpenDNS at the router level, that’s actually an issue since my router is cloud-managed from my ISP, and they haven’t provided me with the local admin password to make any changes to the configuration. I can certainly ask them about changing it to OpenDNS, but since they’re a fan of their own DNS servers, my request may go down a black hole.

          So the simplest solution would be to change to OpenDNS at each attached device level (as you did for a backup). Have you ever changed any TV streaming boxes, NAS devices, etc., to OpenDNS or just computers, smartphones, and tablets? I know how to do it on a Mac iOS devices, but I also own an Apple TV, Amazon Fire TV, Drobo NAS, multiple Amazon Echos, a Kindle eReader, a home security system, weather station, network printer, etc., so I wasn’t sure how I’d flip all of those to OpenDNS.

          Sounds good about using the standard DNS servers. Have you used any of the premium services that require a login, or have you just did the DNS flip (the DNS flip is all I’ve done in the past)?

          I too have always used OpenDNS until my ISP took over management of my router (I used it in Georgia when I had DSL and used it here with my current ISP when I managed my own network with Cisco gear), and it was always reliable. I haven’t had any major issues with my ISP’s DNS either, but I have had a few congestion issues with my ISP in general lately, so I wonder if at least taking back control over DNS would give me increased reliability in the event they’re slacking on some infrastructure upgrades. It won’t improve my congestion issue (that’s something they’ll have to do on my connection), but at least they wouldn’t have 100% control over everything (on one hand it has been nice not having to worry about managing my network, but on the other hand, I was generally more on top of network management than they have been overall).

          Nathan Parker

          • #1874846 Reply

            Ascaris
            AskWoody_MVP

            In terms of changing to OpenDNS at the router level, that’s actually an issue since my router is cloud-managed from my ISP, and they haven’t provided me with the local admin password to make any changes to the configuration.

            Wait, what?

            That’s a thing?

            I’ve never heard of an ISP issuing a router and not allowing the customer to access the settings.  It’s… weird.  I certainly wouldn’t tolerate that!  At the very least, you need to be able to change the SSID of the wifi network(s) and the password, assuming it has a WLAN function.

            If there is no other choice, I would supply my own router and daisy-chain it.  I can’t imagine not being able to control the router options!

             

            Group "L" (KDE Neon User Edition 5.16.3).

            1 user thanked author for this post.
            • #1875053 Reply

              mn–
              AskWoody Lounger

              Wait, what?

              That’s a thing?

              I’ve never heard of an ISP issuing a router and not allowing the customer to access the settings.  It’s… weird.  I certainly wouldn’t tolerate that!

              Not at all uncommon over here for certain kinds of connectivity, for business. But those usually don’t do NAT… or look like they don’t.

              This is typical if you buy redundant connectivity, as in multi-link with a single outside address.

              In that situation, the multi-link part may be implemented using any of several methods, the ISP is supposed to keep the setup updated so that at least one of the links always stays up even during routing changes, AND your external IP doesn’t drop during a changeover between links.

              (The business then usually has their own router behind that one, and it’s *this* one which does site-to-site VPNs with branch offices and such, and NAT.)

              1 user thanked author for this post.
    • #1874858 Reply

      Paul T
      AskWoody MVP

      Daisy chaining routers introduces double NAT. To get around that you need to set the primary router to use a DMZ, then set the second router internet port as the DMZ and connect your stuff to the second router – and any rubbish you don’t care about can be connected to the primary router for complete isolation.

      cheers, Paul

      1 user thanked author for this post.
      • #1874877 Reply

        Ascaris
        AskWoody_MVP

        Daisy chaining routers introduces double NAT. To get around that you need to set the primary router to use a DMZ,

        That works if you have access to the settings in the WAN-facing router, but in that case, I’d suggest bridging the modem (assuming it is a router/modem combined device like the one my ISP supplied) and letting the customer-supplied router handle DHCP, NAT, etc., if the option exists.  I have my ISP-supplied router/modem set that way, so its router portion is inactive.

        I suggested the inelegant solution of daisy-chaining in the event that I had no choice but to use an ISP-supplied router whose settings I could not change, which I would find intolerable– which is why daisy-chaining would at least be an improvement.

         

        Group "L" (KDE Neon User Edition 5.16.3).

        1 user thanked author for this post.
      • #1874886 Reply

        Paul T
        AskWoody MVP

        Bridging doesn’t allow you to control the DNS settings for clients, so it’s only of use to add wifi to a router that doesn’t have it, or to extend wifi.

        cheers, Paul

        1 user thanked author for this post.
        • #1874895 Reply

          Ascaris
          AskWoody_MVP

          I think you’re thinking of another kind of bridging.  Router/modems also have a mode called bridged mode that turns off the router functionality and allows the router/modem to function as a modem.  It does no DNS or NAT in that mode… that’s all done by the router or client, as it would be with a standalone modem.

          Group "L" (KDE Neon User Edition 5.16.3).

          1 user thanked author for this post.
    • #1875006 Reply

      Nathan Parker
      AskWoody_MVP

      Thanks everyone for the comments. Here’s some additional info…

      1. Indeed it is a thing. They installed the new equipment, but didn’t give me an admin password to check on anything since network cloud management is included in my ISP plan, and they told me to call/email in when I needed changes made, and they’d handle them all (which on one hand has the potential to be luxurious, but sometimes my email tickets go unanswered for a length of time which is problematic).
      2. My current setup is a point-to-point WISP (it’s the only somewhat reliable connection, even though lately the congestion has brought my connection to its knees, even though I live in the middle of a city, our infrastructure here is the worst I’ve seen in broadband. Instead of a modem I have a Cambium Networks antenna on the roof which hits a tower to provide the connection. Then I have a Cambium Networks router in my office which handles DHCP and the router. I have my own Cisco switch for extra ethernet ports. For Wi-Fi, there isn’t a router on the market that if installed in my office on one end of my home will cover my entire home (I tried ASUS AC1900, Cisco WAP, even mesh networking with the Linksys Velop so I could extend the range, still it was unreliable). So my ISP installed a Cambium Networks WAP in my ceiling that they also cloud-manage included in my plan.
      3. Any other router I’d install would introduce issues, as my ISP’s router also handles my phone’s VOIP ATA, plus I need a clean NAT for my work to access my weather station and HD weather camera remotely (since we have TV stations remote into them). Plus any Wi-Fi router isn’t going to give me the coverage of the WAP in my ceiling.

      So my solutions would likely be as follows:

      1. If I decide I’d want to take back control of DNS, I could ask my ISP to flip to OpenDNS and see if they’ll do it.
      2. I could ask my ISP to give me an admin password to my router and WAP so I can make management changes myself, then only bring them in for larger tasks.
      3. If 1-2 fails, I’d either then manually switch my devices to OpenDNS at the device level or just keep running with their DNS servers and still rely on them for any network management until situations change where I’d be in a position to take back over my own network management again (my router needed a firmware update recently, and my ISP forgot to apply the firmware update to the router, so my confidence in their management skills is starting to decrease).

      Nathan Parker

      • #1875075 Reply

        Ascaris
        AskWoody_MVP

        Indeed it is a thing. They installed the new equipment, but didn’t give me an admin password to check on anything since network cloud management is included in my ISP plan, and they told me to call/email in when I needed changes made, and they’d handle them all (which on one hand has the potential to be luxurious, but sometimes my email tickets go unanswered for a length of time which is problematic)

        They may have presumed that you didn’t want the burden of handling that stuff yourself, and acting under the belief that having them administer your network is a service they are providing for you, not that they are exercising authority over you.  I’d hope that they will tell you the login credentials if you asked.

        As I see it, my LAN is separate and distinct from the internet.  It’s a network of my computers in my house for my benefit, and it would be so even without internet access.  As such, it is beyond the scope (and the reach) of an internet service provider.  Everything outside the house is theirs, but the LAN is inside my house, which is my domain (no pun intended).  They have no more business managing my LAN than they do decorating my living room or selecting what I have for dinner.  All I really need from the ISP is to provide internet access to the LAN that was already here.

        If I were to come into possession of a router that was better than my existing one, I might be willing to rebuild my network around it.  Otherwise, I already have a router and a network, and if all I need is to add internet access, that’s all I’ll do.

        Group "L" (KDE Neon User Edition 5.16.3).

        1 user thanked author for this post.
    • #1875007 Reply

      Nathan Parker
      AskWoody_MVP

      By the way, I did also hear from Cisco OpenDNS on some of my questions. Here’s their answers:

      1. OpenDNS Prosumer is $20/year, so same billing as OpenDNS Home VIP.
      2. Prosumer only protects Macs and PC’s, so since I use all desktops at the moment (except for my super-old PowerBook G4 for hobbyist stuff), no sense in the extra cost for Prosumer. I’d either stick with free or Home VIP if I wanted those perks.
      3. Cisco accounts and OpenDNS accounts are under separate ID’s.
      4. Standard DNS is best way to go since Family Shield has pre-configured settings which can’t be changed.

      Nathan Parker

    • #1875318 Reply

      Nathan Parker
      AskWoody_MVP

      They may have presumed that you didn’t want the burden of handling that stuff yourself, and acting under the belief that having them administer your network is a service they are providing for you, not that they are exercising authority over you.  I’d hope that they will tell you the login credentials if you asked. As I see it, my LAN is separate and distinct from the internet.  It’s a network of my computers in my house for my benefit, and it would be so even without internet access.  As such, it is beyond the scope (and the reach) of an internet service provider.  Everything outside the house is theirs, but the LAN is inside my house, which is my domain (no pun intended).

      I’ll definitely ask, and good info. They might offer this service included in their plans for those without a lot of network management education, to ensure customers will have their issues resolved no matter what (some customers likely didn’t know the difference between WAN and LAN and kept bugging support for issues they didn’t have the ability to resolve, so now that their routers have cloud-management LAN capabilities, they threw it into the plans). For geeks like us, we’re used to managing our own stuff (I’ve worked with more complex gear than this).

      That is also how I see the LAN as well. It’s “my” network, versus the Internet is the “ISP’s” network. Some of their customers may not know the difference hence the extra service offering, but those of us who have been around tech long enough get it.

      Nathan Parker

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: OpenDNS vs ISP DNS Question

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.