OpenDNS Forums
The official support and discussion site of OpenDNS
Support
K-12 Forums
Categories
- Administrative
- Adult site blocking
- DNS-O-Matic / dynamic IPs
- Domain blocking
- Domain Name System (DNS) troubles
- Mobile instructions
- OpenDNS services
- Proxies, accelerators, and more
- Router instructions
- Satellite
- Shortcuts
- Wishlists and feature requests
-
Feeds
Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.
This discussion has been inactive for longer than 30 days, and is thus closed.
-
- CommentAuthorgloomrider
- CommentTimeSep 4th 2007
Hi
Right now, I have "inadyn" running on a linux node on my network. It updates OpenDNS as you would expect (I have DSL).
I was wondering if anyone knew of a way to get it working (or equivalent functionality) inside the OpenWRT system?
Thanks in advance. -
You can kindly ask the OpenWRT team to use our modified version of inadyn to support HTTPS, as all of my attempts to have our modifications merged with authors codebase have failed.
-
A little workaround : just include the following line in a script, then cron it
/usr/bin/curl -k -u LOGIN:PASS 'https://updates.opendns.com/nic/update?'
curl can be found in the backports repository. -
Oops, wrong thread...
-
The real question is can I kindly ask the OpenDNS team to support our non-HTTPS version of INADYN in DD_WRT? All of my attempts to have OpenDNS support http as well as https updates have failed. Why is this Joe? Give me the great reason why OpenDNS refuses to conform with every other Dynamic DNS service on the planet and support regular http updates? You guys go on and on about the router firmware authors not being able to add ssl support but the real problem is with OpenDNS not the router firmware authors. You think the world revolves around OpenDNS so much that authors should adjust code to support ssl for OpenDNS alone when every other similar service uses regular http?
Please explain this Joe why when we place the hostname in the DDNS gui for dnsomatic it refuses to update just 1 network, why must it update all networks? Is dnsomatic illiterate?
I am looking forward to see how much you guys really "care" about supporting http updates. I wonder if you even "care" enough to reply with decent answers to my questions. -
I have raised this issue with OpenDNS since May of 2007. Still there has not been an acceptable answer. The only (vague) response was "Apparently this is mandatory and meant to protect you. Otherwise, all of your personal info as well as control of your registered networks would be at stake."
Apparently!? Why can't OpenDNS justify their own actions in a concrete fashion? Why do "real" dDNS allow non-HTTPS logins? Isn't someone hijacking a dDNS domain more of a risk than someone potentially hijacking an OpenDNS account, i.e. *IF* someone (why would they want to) hijacked my DNS account the worst that will happen is they block sites, change settings or can see vague DNS statistics. Someone hijacks a DynDNS account they can redirect traffic, setup a honeypot, use a man-in-the-middle attack, etc.
Furthermore, those that feel that security is of the utmost importance and do not wish to take any risk can continue to use HTTPS for their OpenDNS transactions using a supported client. Those that do not feel that this "security measure" is that important, or that the cost and labour involved in changing the client for one that does outweigh the "risk," can elect to use a client that does not support HTTPS can use it in HTTP mode.
I know it sounds rather naïve, but the majority of Internet traffic is not intercepted. Especially when you have good control of your facilities (a multi-tenant building that shares a telephone closet -- which is never locked --and Ethernet internet connection are a good example of poor security at your premises, anyone can walk into the closet with a small laptop and intercept the communications.) and the remote end (datacenter) is well secured. If someone did gain access to the network, they could do just about anything possible with the control of the OpenDNS account, just without that access (capture private data, M-I-T-M attack on DNS, etc). Someone who would have the utmost concern for these activities probably would not be using OpenDNS in the first place... and if they did they would elect to use a dDNS client that supports HTTPS (which is not going to help any of the other concerns, since by design DNS is not only unencrypted, but also insecure). The availability of a dDNS server which does not require HTTPS is not at all a security risk for those that elect to encrypt their transactions. -
We do not allow you to send your login credentials over an unencrypted connection, it dosen't matter if its a Dynamic DNS update or logging into your dashboard.
You should be asking other providers to step up to the level of security provided by OpenDNS. I hope you find this to be an acceptable answer.Thankful People: chadmiller, rotblitz, rtoes, Red Prince, tom-odns, bunnicula
1 to 7 of 7
This discussion has been inactive for longer than 30 days, and is thus closed.
