Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


258 posts

Ultimate Geek
Inactive user


Topic # 95882 15-Jan-2012 23:55
Send private message

SO cause of the "Skynet" law, i wanting to know if anyone has moved to OpenDNS and blocked torrent sites and trackers within it. This would stop random people who gain access to your server from downloading torrents.

Create new topic
2441 posts

Uber Geek
+1 received by user: 145


  Reply # 569273 15-Jan-2012 23:57
Send private message

You mean to your wifi? Which should be encrypted. (Using WPA2 using a decent passphrase)

Anyway, you can get around that easilly enough just by changing the DNS servers you use.



258 posts

Ultimate Geek
Inactive user


  Reply # 569278 16-Jan-2012 00:08
Send private message

kyhwana2: You mean to your wifi? Which should be encrypted. (Using WPA2 using a decent passphrase)

Anyway, you can get around that easilly enough just by changing the DNS servers you use.


No im talking about family coming around to use my internet, like my sister and her laptop, or my sisters kids bring there friends over and them jumping on torrent sites. I'm also looking this for family & friends that have kids that want to download torrents. As for changing the DNS server i didn't think of that one, but these people are not the greatest computer users so i dont think this would be a issue?

27050 posts

Uber Geek
+1 received by user: 6503

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 569290 16-Jan-2012 05:57
Send private message

Changing to OpenDNS or Google DNS or any 3rd party DNS servers will break lots of things on the internet, particularly around CDN caching. Web browsing speeds will also be significantly slower due to every DNS lookup having to go to the US and back before to be processed.

You reaklly should not use anything but you're own ISP's DNS servers unless you're fuilly aware of the consequences.




258 posts

Ultimate Geek
Inactive user


  Reply # 569292 16-Jan-2012 06:02
Send private message

sbiddle: Changing to OpenDNS or Google DNS or any 3rd party DNS servers will break lots of things on the internet, particularly around CDN caching. Web browsing speeds will also be significantly slower due to every DNS lookup having to go to the US and back before to be processed.

You reaklly should not use anything but you're own ISP's DNS servers unless you're fuilly aware of the consequences.



Yea i was wondering this. thanks for the input people 

163 posts

Master Geek
+1 received by user: 1


  Reply # 569300 16-Jan-2012 07:44
Send private message

Another(probably easier) way would be to use a firewall to disallow access to the sites or even the ports used by the bit torrent protocol(although this can be many).

If you have only one computer this could be a software firewall(free one even like Comodo or Zone Alarm) or for many compters you will need to use some filtering at your router if it's so equipped, and most are.

1874 posts

Uber Geek
+1 received by user: 84

Trusted

  Reply # 569315 16-Jan-2012 08:47
Send private message

lostangel: Another(probably easier) way would be to use a firewall to disallow access to the sites or even the ports used by the bit torrent protocol(although this can be many).

If you have only one computer this could be a software firewall(free one even like Comodo or Zone Alarm) or for many compters you will need to use some filtering at your router if it's so equipped, and most are.


Unfourtently when it comes to blocking torrents its FAR easier said than done. Blocking ports is particulary difficult, you would have to use a white list instead of a blacklist, and most torrent clients will use port 80 anyway. Blocking the sites themselves would be a viable idea if there wasn't easily accessible open proxy sites that will bypass your site block list. To do it properly your looking at a dedicated hardware UTM unit (Unified threat management) that is going to run you a few hundred deniro's.

BDFL - Memuneh
61299 posts

Uber Geek
+1 received by user: 12042

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 569321 16-Jan-2012 09:12
Send private message

It doesn't matter - they may not be savvy enough to for example use a different DNS on their laptop (or some friend might've told them), but if they come to visit and they are already downloading a torrent it will continue to download, regardless of having access to the trackers.

Most trackers are moving to Magnet Links, and DHT. It makes a lot harder to block now.





1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 569335 16-Jan-2012 09:38
Send private message

sbiddle: Changing to OpenDNS or Google DNS or any 3rd party DNS servers will break lots of things on the internet, particularly around CDN caching. Web browsing speeds will also be significantly slower due to every DNS lookup having to go to the US and back before to be processed.

You reaklly should not use anything but you're own ISP's DNS servers unless you're fuilly aware of the consequences.



Nopenopenope, "significantly" is too strong a word to be used here. I have used both ISP and OpenDNS and didn't notice an iota of difference when browsing. CDN content is fine too, I haven't seen any issues there.

As for blocking torrents, OpenDNS is (as the same suggests) only a DNS solution. Anyone with a little nous will simply edit their local hosts file and be on their merry way.

BDFL - Memuneh
61299 posts

Uber Geek
+1 received by user: 12042

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 569339 16-Jan-2012 09:48
Send private message

CDN breaks in many ways:

1.Instead of getting a NZ-based server address you may get a US-based address and things get slow. This happens a lot with services using Akamai for example: Windows Update, Apple iTunes, etc.

2.For ISP hostings its own instance of Google Servers you will bypass those as OpenDNS and other services don't know about these private instances. In this cases your YouTube enjoyment will be crap, because instead of getting videos from inside the ISP network, it goes to the US to get the content

3.For some content providers using CDN and ISPs with transparent proxies and firewalls you will find that content will not load. This happens because your PC resolve one server, the proxy resolve another and the firewall will block responses since the IP addresses don't match and they think it's unsolicited.

So you should ALWAYS use your ISP DNS. That's why when people complain about websites not loading or loading slowly the first thing we ask around here is "are you using your ISP DNS?"





1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 570248 18-Jan-2012 08:55
Send private message

My argument is simply that the difference between NZ based and a US content is not large enough to significantly impact the browsing experience. Sure, the numbers might look better but for the typical user it isn't a big deal. This is the same as the whole hosting websites in NZ as opposed to the US: the user does not ever notice the difference.

In all instances of me using OpenDNS vs. ISP DNS servers I have not ever run into any issues with YouTube or other video streaming sites. I have always been able to stream 1080p/720p with zero issues. So, no, using other DNS servers does not mean your YouTube experience will be "...crap...", that all depends on the bandwidth situation of your ISP and always will.

The third point is something that the ISP can control, putting transparent proxies in place is entirely unnecessary and will actually hinder some of their customers' enjoyment of the internet.

BDFL - Memuneh
61299 posts

Uber Geek
+1 received by user: 12042

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 570255 18-Jan-2012 09:09
Send private message

1080p: My argument is simply that the difference between NZ based and a US content is not large enough to significantly impact the browsing experience. Sure, the numbers might look better but for the typical user it isn't a big deal. This is the same as the whole hosting websites in NZ as opposed to the US: the user does not ever notice the difference.


It all depends how you see it. For yourself it may not be a problem. But if you are using the Internet mainly or solely for Facebook for example then you will see either 

a) significant slowdown at peak times or
b) site not loading at all or partially loading if ISP runs a transparent proxy.

You can't generalize the results based on your experience, because it may not be typical and will depend on your location (a user in Christchurch or Wellington may see it slower than a user in Auckland, because these locations have additional hops to reach the exit to international servers), time of the day and mainly the ISP.
 




8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 570448 18-Jan-2012 15:41
Send private message

1080p: 

The third point is something that the ISP can control, putting transparent proxies in place is entirely unnecessary and will actually hinder some of their customers' enjoyment of the internet.


What ISP are you on?

Telstraclear and Telecom both run transparent caching of overseas web content and have proven to have issues when you use 3rd party dns servers.

Also both the above run akamai and google caches locally that you won't be able to access is you are not using their dns servers. 

If you combine Telecom and Telstraclear market share that's probably 80% of the residential Internet market.

So for the majority of people using 3rd party dns is not advisable. 

To block torrents...

Layer 7 filtering in 3rd party router software (like Tomato, DD-WRT, pfsense, Gargoyle router etc) is probably a more effective way to go.

Coupled that with a) Don't let untrustworthy people use your internet... and b) give family members/relatives a short lecture about not getting your in trouble... is probably the best approach.



258 posts

Ultimate Geek
Inactive user


  Reply # 570479 18-Jan-2012 16:37
Send private message

Ragnor:
1080p: 

The third point is something that the ISP can control, putting transparent proxies in place is entirely unnecessary and will actually hinder some of their customers' enjoyment of the internet.


What ISP are you on?

Telstraclear and Telecom both run transparent caching of overseas web content and have proven to have issues when you use 3rd party dns servers.

Also both the above run akamai and google caches locally that you won't be able to access is you are not using their dns servers. 

If you combine Telecom and Telstraclear market share that's probably 80% of the residential Internet market.

So for the majority of people using 3rd party dns is not advisable. 

To block torrents...

Layer 7 filtering in 3rd party router software (like Tomato, DD-WRT, pfsense, Gargoyle router etc) is probably a more effective way to go.

Coupled that with a) Don't let untrustworthy people use your internet... and b) give family members/relatives a short lecture about not getting your in trouble... is probably the best approach.


Hey thanks, i have a DD-WRT installed onto my router, i need more testing. with telstra clear and had some issues with openDNS. move away from that and looking at DD-WRT. 

3409 posts

Uber Geek
+1 received by user: 404

Trusted

  Reply # 570491 18-Jan-2012 16:52
Send private message

1080p: My argument is simply that the difference between NZ based and a US content is not large enough to significantly impact the browsing experience. Sure, the numbers might look better but for the typical user it isn't a big deal. This is the same as the whole hosting websites in NZ as opposed to the US: the user does not ever notice the difference.

In all instances of me using OpenDNS vs. ISP DNS servers I have not ever run into any issues with YouTube or other video streaming sites. I have always been able to stream 1080p/720p with zero issues. So, no, using other DNS servers does not mean your YouTube experience will be "...crap...", that all depends on the bandwidth situation of your ISP and always will.

The third point is something that the ISP can control, putting transparent proxies in place is entirely unnecessary and will actually hinder some of their customers' enjoyment of the internet.


That's nonsense. Apart from the increase in latency which alone has a big impact on the experience of many things including web browsing the numbers speak for themselves. We have 100mbps national and 10mbps international and that international costs us 10x more than our national yet it is only 1/10th the speed.

This is the same with most ISPs and as you can imagine, their access to national content is far faster on a bandwidth level alone. Apart from the fact the further through the internet you go the lass control you have on interconnection and the speed/load that exists at every part of your path to your destination.

Also, because of the latency to the US I seldom get more than 3mbps in a single TCP stream.

And lastly, reliability. What if your ISP has an international issue to the US? At least using their DNS servers you can still get to NZ.

I'm wondering if ISPs will start a transparent proxy for port 53 and just redirect DNS requests tot heir own servers. Yes it would be annoying testing nameservers but who does that anyway? 





Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.