Avoid OpenDNS Free DNS Service Like The Plague [ Updated ]

I was a big fan of OpenDNS dns service, but recently I found few bad things about their offerings. I strongly recommend to stay away from OpenDNS service.

All your search queries belongs to OpenDNS

OpenDNS redirects all your Google search queries though their servers. They captures your search query data and they forwards to real google.com domain. Here is a quick DNS lookup:
$ host www.google.co.in
Sample output:

Using domain server:

www.google.co.in is an alias for www.google.com.
www.google.com is an alias for google.navigation.opendns.com.
google.navigation.opendns.com has address
google.navigation.opendns.com has address

They may also do same for your email and other search engine.

Update: Dave has pointed out the reason why OpenDNS forwards google through their server. You can also turn on or off this feature from OpenDNS control panel.

OpenDNS is bad for server

Don’t use them on your colocated server or vps server. They redirect web browser users or scripts accessing nonexistent domains to a page containing sponsored search results, ads, and a search form. The DNS protocol requires that a query for a nonexistent domain must return the “NXDOMAIN” error response. Here is a sample output:
$ host abcabcxyzxyz.com
Sample output:

Using domain server:

abcabcxyzxyz.com has address
Host abcabcxyzxyz.com not found: 3(NXDOMAIN)

This encourages spam as you will not able to filter out spam queries using their dns servers.

OpenDNS caching sucks

I contacted their support about my problem but never got any reply. Their server always returns two IP address for my nameserver:
$ host ns2.nixcraft.net
Sample output:

Using domain server:

ns2.nixcraft.net has address
ns2.nixcraft.net has address

I don’t have 2 IP address for ns2.nixcraft.net.

I strongly recommend running your own dns cache server along with your ISP forwarding nameservers.

Thanks to ricko for pointing out OpenDNS issue in a chat room and elsewhere on the Internet.

Update: Fri Nov 5, 2010 by Vivek: OpenDNS no longer redirects Google search queries though their servers:

$ host www.google.co.in
Using domain server:

www.google.co.in is an alias for www.google.com.
www.google.com is an alias for www.l.google.com.
www.l.google.com has address

Updated for accuracy.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 35 comments so far... add one
CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
35 comments… add one
  • Andrew Sep 8, 2008 @ 15:40

    The Google search redirection is a feature (which they used to advertise very clearly – not so anymore) that you can turn on and off in the OpenDNS dashboard. It’s meant to be a proxy so that OpenDNS shortcuts entered into the address bar won’t be caught by Google toolbar’s “Search from the address bar” feature. Essentially, they still are, but OpenDNS recognizes the search request and takes you to your shortcut anyway.

    To change it, log in to your OpenDNS dashboard and click the Settings tab. Then, on the left, click Advanced Settings. Scroll to the bottom and uncheck Enable OpenDNS Proxy and click Apply.

    As far as using it for servers, I would agree for a server doing any sort of security tasks that involve verifying domains (like a spam filter). Other than that, I don’t see the harm.

  • Dave Sep 8, 2008 @ 16:25

    I agree with you on one point – you should not use OpenDNS for web, email, or other servers. Traditional DNS is best for that.

    OpenDNS can/should be used for consumer DNS services.

    If you want to see the reason why OpenDNS forwards google through their server, see this.

    I’ve never had a caching problem with OpenDNS nor have I heard of any widespread issues with it. I don’t think this would impact resolution.

  • Maski Sep 8, 2008 @ 17:16

    Mmmm… damn.. I was in love with their service. I guess that by redirecting the queries to any ad service will be a way for them to make some profit. In your opinion, can this lead to an ip spoofing?

  • Raj Sep 8, 2008 @ 18:32

    Thanks for pointing out. I’ve just changed my dns to airtel that respect my privacy without configuration and software installation.

  • Anonymous Visitor Sep 8, 2008 @ 18:37

    They redirect web browser users or scripts accessing nonexistent domains to a page containing sponsored search results, ads, and a search form. The DNS protocol requires that a query for a nonexistent domain must return the “NXDOMAIN” error response.

    You can disable the “OpenDNS Guide” in the OpenDNS website. Also, the NXDOMAIN response is only obligatory for authoritative DNS servers, which OpenDNS isn’t.

  • Joe Baker Sep 9, 2008 @ 16:28

    Interesting points. I’ll have to look into this further. But for the moment, I have been using OpenDNS for quite a while and have been generally quite pleased with all they do. I hope to hear their response to this. In the mean time I think it is important to use alternate dns servers other than AT&T’s. AT&T has cooperated so fully with government easedropping requests that they have lost my respect and trust. I would love it if DNS providers like OpenDNS.com would provide an ssl wrapper for their DNS queries. I am trying to bring an end to the Federal Reserve act so I am somewhat concerned about being snooped on by an organization which makes over a trillion dollars a year in profit and pays no taxes on it. Nor is it accountable to any government agency – it has never been audited.

  • Sweta Sep 9, 2008 @ 18:14

    URL http://google.navigation.opendns.com/ opens google home page but IP address belongs to opendns:

  • David Ulevitch Sep 10, 2008 @ 23:59

    Is there a reason you keep deleting my comments from this post?

    -David Ulevitch (CEO of OpenDNS)

  • 🐧 nixCraft Sep 11, 2008 @ 4:46


    This is only comment I see in queue and it is approved. Comment is only get deleted if it is offtopic or spam. Some time comment may be placed in Akismet spam queue and I might have missed them. I see only this comment from your IP…

  • David Ulevitch Sep 11, 2008 @ 23:49

    This isn’t true. You even replied to my email when I was telling you the CAPTCHA was broken. I notice you’ve now removed the CAPTCHA.

    Can you put back my deleted posts or just make your article accurate?

  • 🐧 nixCraft Sep 12, 2008 @ 4:08

    I’m sorry for CAPTCHA issue but you’ve to write your post again. I never deleted your comment as it was never stored in a queue due to technical problem. When you post reply I will update post to point out your comment.

  • Dotan Cohen Sep 12, 2008 @ 4:31

    My comment regarding the relevant post on /. that this page is almost a complete copy of got deleted too. Search recent /. entries for an Ask Slashdot title similar to “Why is the internet so slow?”. I suppose that the spam filter automatically drops anything with a url, as opposed to the admin deliberately removing unfavorable comments.

  • 🐧 nixCraft Sep 12, 2008 @ 4:49


    I’ve not delete any comment but there was a problem with capatcha and wp-cache. Also I’ve already pointed out:

    Thanks to ricko for pointing out OpenDNS issue in a chat room and elsewhere on the Internet.

    If you google for the same you will get 100 of other posts with almost same info and same commands.

    It was unfortunate that I had upgrade to WP 2.6.2 which was released almost same time. It was causing some problem so I had to disable plugin.


  • Dotan Cohen Sep 12, 2008 @ 18:05

    I figured that it was a filter and not deliberate, that’s why I mentioned it. Thanks!

  • Anon Sep 12, 2008 @ 20:29

    They showed your IP address twice because when you query the main server it checks it against the secondary , which shows up the same entry twice. If it had two different entries for you they would have to be different, but as you posted them they are identical, which can only mean that they are showing the query from both the primary and secondary dns servers.

  • Nahum Sep 14, 2008 @ 22:45

    Recently i have found that my ISP does the same… somehow it is working only on Windows machines so the only one suffering from that rude behavior is my wife using an 8 years old OS called windows XP. The rest of the machines at home run modern OS such as Fedora 9, Ubuntu and CentOS so they are protected 😎

  • 🐧 nixCraft Sep 15, 2008 @ 8:04


    You can use,, and on Windows Xp. They seems to doing okay and not capturing data.

  • commonsense Apr 6, 2010 @ 9:01

    When you use an external DNS service you are often making money for them… either paying them (paid service) or letting them collect from advertisers on mistyped URL’s (free service). The latter is far more lucrative. Nothing wrong with any of this, but let’s not obscure the facts. The “reliability” (uptime) statement of the DNS service providers are misleading. And “Open” does not really mean anything in this context. If users knew how easy this whole business of DNS lookups is, they would undoubtedly not let someone else process their DNS lookups (i.e. telling someone else what sites you want to visit). Users are privacy conscious.

    Neither option, whether paid DNs or “free” DNS gives you more reliability. Your computer is quite capable of performing lookups by querying the DNS on its own. It does not need a “middle-man”.

    The most reliable way to query DNS is to query the system yourself and keep your own cache. Dump the cache to /etc/hosts periodically.

    Then you will only be dependent on the root servers and TLD servers, and only for sites you’ve never visited (see below).

    Needless to say, the root and TLD servers are the most important servers on the internet. They are looked after with great care. If they fail, “the internet fails”… for *everyone*. They are the authoritative source for lookups. If a DNS provider such as OpenDNS fails, then only it users suffer.

    By doing your own lookups, then for sites you have visited, you will have your own cache; so you don’t need DNS for those sites. The whole DNS system could fail and you’d still be able to work using those sites. Because you already have the IP’s in your cache. If you visit the same sites repeatedly, this will also be faster than any “DNS service”. If your computer is reading the local file /etc/hosts for IP’s this is always faster than sending out a query over the wire and waiting for a response.

    Run pdns_recursor listening on port 53. Run rec_control to dump the cache to /etc/hosts periodically. These are two very easy to use, small command line programs.

    The DNS is similar to a telephone book. And there is nothing stopping any user from keeping his own copy… just in case “directory assistance” (DNS) is not available, or just too slow.

  • Hermes Machado Apr 11, 2010 @ 1:43

    How do I get rid of them ..one day openDNS just started coming up onto my screen and they are a pain.. how do i diactivate them would someone give me some instructions on how to do it ??

    • 🐧 nixCraft Apr 11, 2010 @ 7:07

      Edit your /etc/resolv.conf and replace OpenDNS ip with ISP dns.

  • David Ulevitch Nov 4, 2010 @ 16:48

    It’s worth pointing out that we discontinued proxying requests to Google quite some time ago. Please update the article. 🙂

  • Roger Jun 14, 2011 @ 2:06

    OpenDns’s technical team and support team is terrible. I am a basic user and have referred them to many other people but just recently I tried to use their parental controls on a recommended Netgear router, that they recommended behind a U-Verse router so that we could isolate traffic control on specific terminals. At first I tested the setup at my residence before moving it to the site of service. Worked great until I moved it and then it wouldn’t let me reassign the router to a different account, they didn’t help with that issue. And then I went and purchased the same router again thinking that the new router would be “open”. Not at all, still came up as being registered to my account, they still didn’t help. Went as far as requesting that my account be closed completely thinking that it would release the router, and at first it was still showing as being registered to my account which doesn’t even exist anymore, then it did something crazy and said that a new device had been detected and started to go through the registration process again, got the client’s registration installed up to the point of actually signing in to the OpenDns page and then it defaults and say’s the device is already registered to a different account. What account? My account is dead and the it doesn’t accept the client’s account. OpenDns support has stopped responding to the inquiries and I’m stuck with 2 routers and an angry client because their terminals are still not being controlled as I promised.
    Time to focus this client and all my other clients to a more supportive service. Thankfully we did not start using the deluxe version this time yet. But you can bet the other 17 client’s that I have using their paid version will be transferring with me.

  • David Ulevitch Jun 14, 2011 @ 14:03

    Roger — That sounds like a problem, and one that’s easy to fix. Support knows how to deal with that issue quite easily, so I am sorry your issue wasn’t resolved quickly. Just shoot me an email, my email address is on our management page and I’ll get it sorted out.

    • Roger Jun 15, 2011 @ 0:44

      Well I have to say, that despite the somewhat disinterested support team as a whole, Mr. Ulevitch responded very quickly to my post and took the necessary steps to resolve our issue.
      I can only guess that the rest of the team must be on some type of commission structure or they just didn’t find our problem as important as one of their large accounts.
      Nonetheless, I definitely retract any negative thoughts I had exhibited towards this company. The product is exceptional for what we are using it for and I will continue to use their services.

  • John Dodrill Jun 16, 2011 @ 16:40

    After having read articles on how much better OpenDNS was than Verizon’s, I switched, in part because I’m not in love with Verizon. The article offered little more information than “Verizon DNS sucks”.

    If Verizon DNS sucks, OpenDNS is a black hole.

    I’d really like to find a reliable DNS and I’m willing to pay for the services but OpenDNS is one of the worst experiments I’ve every undertaken. I agree, at least with the topic of this article, “OpenDNS sucks”!!!

    Now I expect some responses which are both vile and inane. I don’t care. I would advise anyone that wants to try OpenDNS for any reason to do so with caution and if you can’t reach a site, trace it down. If it ends up at an IP that belongs to OpenDNS, then lose OpenDNS, unless that’s exactly the response you’re looking for, in which case you’ll be in censorship heaven.

    Good luck!


    • M. Alexander Jun 23, 2013 @ 8:42

      I had problem after problem with OpenDNS’ cache, and their replacing a website’s SSL certificate with their open, etc. Support kept telling me “that’s the way it’ supposed to work”, which obviously is complete garbage. A few years ago I switched to Google DNS, and haven’t had one single issue, period. I hate sounding like a Google shill, and have in fact been moving away from using most of their other services, but their DNS rocks.

      I certainly hope the DNS service they provide to users is configured better than their own (I assume for the website only) DNS: http://www.intodns.com/opendns.com If there’s recently been a DNS records change then the serial number mismatch will clear in time. But only 2 nameservers? (3, but 2 point to the same IP…)

    • roflsnake Jan 31, 2014 @ 19:19

      As someone that does tech support for an isp, verizon’s dns does indeed suck, they are extremely slow to update their dns cache servers so if at any point the ip address of one of your servers changing, say hello to people on verizon’s network not able to access it for a goddamn month /rant

  • Irene Jan 13, 2012 @ 9:49

    Hi there!

    Thanks so much for the article…
    I’ve got a problem, I can’t go into some social networks in my computer or in my kindle because I think there’s parent’s control on it… can you help me?

    Thanks so much… I really need it.

  • Mirth Aug 27, 2013 @ 18:40

    I like to use openDNS becuase it works great with dnscrypt. dnscrypt helps fight off MITM attacks by encrypting your dns quries. Sure if a government wanted the info id bet they could just go get the info from openDNS. This works good against regular criminals that would sniff your traffic and dont have access to openDNS servers. Chooses what you want to use. I choose encryption.

  • Lars Jan 25, 2014 @ 3:25

    I have an issue and I think it’s openDNS related. After adding openDNS I can’t seem to get to certain websites like Google, Netflix, and Yahoo. They will eventually load but it takes forever. I took off all of the parental blocks and it still continues to happen. It’s the worst on my MAC and not such an issues on my PC or mobile devices. Has anyone else had this happen? Any advice?

  • zaki Jun 9, 2014 @ 17:16

    can I create one domain name in different services provider and use it,

  • Rich Mar 24, 2016 @ 17:04

    OpenDNS is also blocking websites which it says aren’t ‘safe’ for me to visit.
    It literally will not allow me to access the website.
    A f**king DNS server (one with the word “Open” in its name no less) is deciding for me which sites I should and shouldn’t be allowed to visit.
    And it gets worse: The websites it’s blocking aren’t unsafe; they’re just known for being in the grey area when it comes to copyright compliance.
    The warning page provides an option for disputing the blockage but the button for submitting the dispute is broken and always has been.

  • bandoozled Sep 1, 2016 @ 9:11

    Although Google’s service is fast and without issue I would not ever use them. I understand that most people are fine with censorship and queries being hoarded and processed for all sorts of revenue generating reasons, but I’m not. OpenDNS seems to be following along the same trend. I was thinking about going for something like OpenNIC… it would need some scripting sorting through states and latencies and updating hosts, but they don’t provide any api or even plain text list of servers. They’ve only got some terrible js table which I don’t even want to spend time hacking. So it looks like PowerDNS recursor is the way to go… get this stuff directly from the root. Can the roots be trusted? Probably not.

    • bandoozled Sep 1, 2016 @ 9:20

      Sorry, OpenNIC! There is an API!

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum