Using OpenDNS to block Torrents

Forums › New Zealand Broadband › Using OpenDNS to block Torrents

th3r3turn

258 posts

Ultimate Geek
Inactive user

#95882 15-Jan-2012 23:55

SO cause of the "Skynet" law, i wanting to know if anyone has moved to OpenDNS and blocked torrent sites and trackers within it. This would stop random people who gain access to your server from downloading torrents.

kyhwana2

2566 posts

Uber Geek

#569273 15-Jan-2012 23:57

You mean to your wifi? Which should be encrypted. (Using WPA2 using a decent passphrase)

Anyway, you can get around that easilly enough just by changing the DNS servers you use.

th3r3turn

258 posts

Ultimate Geek
Inactive user

#569278 16-Jan-2012 00:08

kyhwana2: You mean to your wifi? Which should be encrypted. (Using WPA2 using a decent passphrase)

Anyway, you can get around that easilly enough just by changing the DNS servers you use.

No im talking about family coming around to use my internet, like my sister and her laptop, or my sisters kids bring there friends over and them jumping on torrent sites. I'm also looking this for family & friends that have kids that want to download torrents. As for changing the DNS server i didn't think of that one, but these people are not the greatest computer users so i dont think this would be a issue?

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#569290 16-Jan-2012 05:57

Changing to OpenDNS or Google DNS or any 3rd party DNS servers will break lots of things on the internet, particularly around CDN caching. Web browsing speeds will also be significantly slower due to every DNS lookup having to go to the US and back before to be processed.

You reaklly should not use anything but you're own ISP's DNS servers unless you're fuilly aware of the consequences.

th3r3turn

258 posts

Ultimate Geek
Inactive user

#569292 16-Jan-2012 06:02

sbiddle: Changing to OpenDNS or Google DNS or any 3rd party DNS servers will break lots of things on the internet, particularly around CDN caching. Web browsing speeds will also be significantly slower due to every DNS lookup having to go to the US and back before to be processed.

You reaklly should not use anything but you're own ISP's DNS servers unless you're fuilly aware of the consequences.

Yea i was wondering this. thanks for the input people

lostangel

163 posts

Master Geek

#569300 16-Jan-2012 07:44

Another(probably easier) way would be to use a firewall to disallow access to the sites or even the ports used by the bit torrent protocol(although this can be many).

If you have only one computer this could be a software firewall(free one even like Comodo or Zone Alarm) or for many compters you will need to use some filtering at your router if it's so equipped, and most are.

garvani

1873 posts

Uber Geek

Trusted

#569315 16-Jan-2012 08:47

lostangel: Another(probably easier) way would be to use a firewall to disallow access to the sites or even the ports used by the bit torrent protocol(although this can be many).

If you have only one computer this could be a software firewall(free one even like Comodo or Zone Alarm) or for many compters you will need to use some filtering at your router if it's so equipped, and most are.

Unfourtently when it comes to blocking torrents its FAR easier said than done. Blocking ports is particulary difficult, you would have to use a white list instead of a blacklist, and most torrent clients will use port 80 anyway. Blocking the sites themselves would be a viable idea if there wasn't easily accessible open proxy sites that will bypass your site block list. To do it properly your looking at a dedicated hardware UTM unit (Unified threat management) that is going to run you a few hundred deniro's.

freitasm

BDFL - Memuneh
79288 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#569321 16-Jan-2012 09:12

It doesn't matter - they may not be savvy enough to for example use a different DNS on their laptop (or some friend might've told them), but if they come to visit and they are already downloading a torrent it will continue to download, regardless of having access to the trackers.

Most trackers are moving to Magnet Links, and DHT. It makes a lot harder to block now.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

1080p

1332 posts

Uber Geek
Inactive user

#569335 16-Jan-2012 09:38

sbiddle: Changing to OpenDNS or Google DNS or any 3rd party DNS servers will break lots of things on the internet, particularly around CDN caching. Web browsing speeds will also be significantly slower due to every DNS lookup having to go to the US and back before to be processed.

You reaklly should not use anything but you're own ISP's DNS servers unless you're fuilly aware of the consequences.

Nopenopenope, "significantly" is too strong a word to be used here. I have used both ISP and OpenDNS and didn't notice an iota of difference when browsing. CDN content is fine too, I haven't seen any issues there.

As for blocking torrents, OpenDNS is (as the same suggests) only a DNS solution. Anyone with a little nous will simply edit their local hosts file and be on their merry way.

freitasm

BDFL - Memuneh
79288 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#569339 16-Jan-2012 09:48

CDN breaks in many ways:

1.Instead of getting a NZ-based server address you may get a US-based address and things get slow. This happens a lot with services using Akamai for example: Windows Update, Apple iTunes, etc.

2.For ISP hostings its own instance of Google Servers you will bypass those as OpenDNS and other services don't know about these private instances. In this cases your YouTube enjoyment will be crap, because instead of getting videos from inside the ISP network, it goes to the US to get the content

3.For some content providers using CDN and ISPs with transparent proxies and firewalls you will find that content will not load. This happens because your PC resolve one server, the proxy resolve another and the firewall will block responses since the IP addresses don't match and they think it's unsolicited.

So you should ALWAYS use your ISP DNS. That's why when people complain about websites not loading or loading slowly the first thing we ask around here is "are you using your ISP DNS?"

1080p

1332 posts

Uber Geek
Inactive user

#570248 18-Jan-2012 08:55

My argument is simply that the difference between NZ based and a US content is not large enough to significantly impact the browsing experience. Sure, the numbers might look better but for the typical user it isn't a big deal. This is the same as the whole hosting websites in NZ as opposed to the US: the user does not ever notice the difference.

In all instances of me using OpenDNS vs. ISP DNS servers I have not ever run into any issues with YouTube or other video streaming sites. I have always been able to stream 1080p/720p with zero issues. So, no, using other DNS servers does not mean your YouTube experience will be "...crap...", that all depends on the bandwidth situation of your ISP and always will.

The third point is something that the ISP can control, putting transparent proxies in place is entirely unnecessary and will actually hinder some of their customers' enjoyment of the internet.

freitasm

BDFL - Memuneh
79288 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#570255 18-Jan-2012 09:09

1080p: My argument is simply that the difference between NZ based and a US content is not large enough to significantly impact the browsing experience. Sure, the numbers might look better but for the typical user it isn't a big deal. This is the same as the whole hosting websites in NZ as opposed to the US: the user does not ever notice the difference.

It all depends how you see it. For yourself it may not be a problem. But if you are using the Internet mainly or solely for Facebook for example then you will see either

a) significant slowdown at peak times or
b) site not loading at all or partially loading if ISP runs a transparent proxy.

You can't generalize the results based on your experience, because it may not be typical and will depend on your location (a user in Christchurch or Wellington may see it slower than a user in Auckland, because these locations have additional hops to reach the exit to international servers), time of the day and mainly the ISP.

Ragnor

8222 posts

Uber Geek

Trusted

#570448 18-Jan-2012 15:41

1080p:

The third point is something that the ISP can control, putting transparent proxies in place is entirely unnecessary and will actually hinder some of their customers' enjoyment of the internet.

What ISP are you on?

Telstraclear and Telecom both run transparent caching of overseas web content and have proven to have issues when you use 3rd party dns servers.

Also both the above run akamai and google caches locally that you won't be able to access is you are not using their dns servers.

If you combine Telecom and Telstraclear market share that's probably 80% of the residential Internet market.

So for the majority of people using 3rd party dns is not advisable.

To block torrents...

Layer 7 filtering in 3rd party router software (like Tomato, DD-WRT, pfsense, Gargoyle router etc) is probably a more effective way to go.

Coupled that with a) Don't let untrustworthy people use your internet... and b) give family members/relatives a short lecture about not getting your in trouble... is probably the best approach.

th3r3turn

258 posts

Ultimate Geek
Inactive user

#570479 18-Jan-2012 16:37

Ragnor:
1080p:

The third point is something that the ISP can control, putting transparent proxies in place is entirely unnecessary and will actually hinder some of their customers' enjoyment of the internet.

What ISP are you on?

Telstraclear and Telecom both run transparent caching of overseas web content and have proven to have issues when you use 3rd party dns servers.

Also both the above run akamai and google caches locally that you won't be able to access is you are not using their dns servers.

If you combine Telecom and Telstraclear market share that's probably 80% of the residential Internet market.

So for the majority of people using 3rd party dns is not advisable.

To block torrents...

Layer 7 filtering in 3rd party router software (like Tomato, DD-WRT, pfsense, Gargoyle router etc) is probably a more effective way to go.

Coupled that with a) Don't let untrustworthy people use your internet... and b) give family members/relatives a short lecture about not getting your in trouble... is probably the best approach.

Hey thanks, i have a DD-WRT installed onto my router, i need more testing. with telstra clear and had some issues with openDNS. move away from that and looking at DD-WRT.

Zeon

3916 posts

Uber Geek

Trusted

#570491 18-Jan-2012 16:52

1080p: My argument is simply that the difference between NZ based and a US content is not large enough to significantly impact the browsing experience. Sure, the numbers might look better but for the typical user it isn't a big deal. This is the same as the whole hosting websites in NZ as opposed to the US: the user does not ever notice the difference.

In all instances of me using OpenDNS vs. ISP DNS servers I have not ever run into any issues with YouTube or other video streaming sites. I have always been able to stream 1080p/720p with zero issues. So, no, using other DNS servers does not mean your YouTube experience will be "...crap...", that all depends on the bandwidth situation of your ISP and always will.

The third point is something that the ISP can control, putting transparent proxies in place is entirely unnecessary and will actually hinder some of their customers' enjoyment of the internet.

That's nonsense. Apart from the increase in latency which alone has a big impact on the experience of many things including web browsing the numbers speak for themselves. We have 100mbps national and 10mbps international and that international costs us 10x more than our national yet it is only 1/10th the speed.

This is the same with most ISPs and as you can imagine, their access to national content is far faster on a bandwidth level alone. Apart from the fact the further through the internet you go the lass control you have on interconnection and the speed/load that exists at every part of your path to your destination.

Also, because of the latency to the US I seldom get more than 3mbps in a single TCP stream.

And lastly, reliability. What if your ISP has an international issue to the US? At least using their DNS servers you can still get to NZ.

I'm wondering if ISPs will start a transparent proxy for port 53 and just redirect DNS requests tot heir own servers. Yes it would be annoying testing nameservers but who does that anyway?

Speedtest 2019-10-14