Disable OpenDNS

[0xnak]

+1 for OpenNIC as the default.

[uzername]

+1 for OpenNIC as the default.

+2

[slow]

I am also disappointed with this. It should be VERY EASY to disable opendns and to edit settings in the "Network" app.

[WhatUsernameIsFree?]

Just to add my voice of disappointment at this being slipped in. It prevents the use of the 'awesome bar' being used to search in Firefox. I thought some spyware had been installed at first but to discover it's built into Mint, very disappointed. I would be been fine if this was an opt in thing, but it wasn't and took me ages to hunt down how to disable it.

All because OpenDNS is legal doesn't make it moral.

For all looking to disable it:
As root, use your favourite editor to edit this: /etc/resolvconf/resolv.conf.d/tail
Comment out all the lines using # at the start of each line and save the file.

As root, use your favourite editor to edit: /etc/resolv.conf
Comment out each line after the OpenDNS fallback line.

[Amtriorix]

Well, I am on the internet from the beginning.

I have big concerns about DNS poisoning, DNS caching or DNS traversing.

I do not agree at all with the fact You do use OpenDNS as default.

When I do develop, very often I do use bind to point to my internal sites, of course I can use the hosts file,
but I do use the first option, I do run a local DNS daemon.

Currently there are a lot of companies who do use techniques to redirect, to control the users
on the internet to their advertising, their sites.

I did notice it is a common practive by Chrome and other browsers to accept keyword in the bar,
so the URL seems to become less important.

The implications are huge. Imagine as commercial entity You do advertise Your URL like
parisart.fr but a guy did use the keywords paris art in the bar and the innocent is confronted
with the competition.

Same can be told by OpenDNS or other 'evil' tricks to redirect or suggest another site.
An user does type paris?rt and the browser does suggest a bunch of solutions. Worse,
he does type parisart and for some reason, the site is down, the browser does redirect
to another possible solution !

All those techniques are done with seemly innocent techniques such as DNS redirection.

I do not agree at all to find such thing in Linux Mint. I do expect to see such things in
commercial OS where they do manipulate too your DNS cache to do nasty things,
but I am very disappointed I see this in a Limux Distro as default option.

I want to get rid of it immediately.

[grimdestripador]

Amtriorix. Your reasoning subtlely makes its own counterpoints about why we/linux needs OpenDNS.

It appears the browsers in windows,linux,mac have ability to override the default DNS given by the OS. It seems that popular browsers decided the use the OpenDNS to give users more trust to the validity of the IP addresses given by the DNS. Since the browsers made this change, it should follow that the OS should use this too. Of course it can be disabled, and you can install your own DNS, just like any corp can customize the image on the computers.

Development. Your doing something wrong if you need to edit your 'bind' (DNS) service entries to work on a development site. Why not sub-domains. why not dev.site.tld instead of http://www.site.tld.. because pointing http://www.site.tld to the development's http://www.site.tld's IP is kinda misleading. Coded right, the file links should be relative to whichever server its running on.

[maxamoto]

Install a friggin firewall and block OpenDNS. Problem solved.

[KirbySmith]

FWLIW, I'll add my opinion while I'm driving by:

Newbies to Linux, and even newbies to Mint, need to have Internet access to fully complete installs. They may not be networking mavens. They may not know what the DNS acronym means. Default DNS seems to me to be an important capability of the OS.

What is lacking is presentation by the OS of a notice window after the install informing the user that a temporary DNS was used and suggesting ways of resolving the problem. (This could just point to a Mint controlled URL, or perhaps one already maintained by Ubuntu.)

kirby

[mpiggott]

OpenDNS's advertising response is against the DNS specification and can potentially break VPN.

Further, the OS is not the correct layer to make a decision about the correct behaviour for a failed DNS lookup, only the application has the context to make the correct determination of what ought to occur.

[martinbaines]

FWIW I don't have any religious objection to OpenDNS and have in the past used it when my ISP's own service was unreliable but it's habit of hijacking failed results and giving a pseudo search page as a result I find really irritating - although given it's a non charged for service I understand they need to make money somehow. It sent me off on a wild goose chase today thinking I had forgotten to remove it from local router the last time DNS from my ISP was unreliable.

It took me about half an hour today to track down what was going on and how disable it (just edit /etc/resolvconf/resolv.conf.d/tail and change/remove the namserver entries). The thing I really do not like is how this interacts with the "network" configuration programme, which seems to let you do it through he GUI but then is over written at next reboot). Either take the option out of the GUI based system or make it work properly.

Personally I do not see the need for the extra competently of having a dnsmasq server installed by default to serve just to the local system. I like dnsmasq and have used it for its intended purpose of a lightweight DNS/DHCP server, but in Linux Mint all it seems to be there for by default is to provide this fallback just in case your external DNS server fails. My vote would be to not bother installing/enabling it by default - after all other OSs I can think of (Linux and non Linux) just fail when the external DNS fails to resolve. This just seems like a lot of extra complexity for little gain and some annoyance.(see this thread for details of the annoyance). But if you do leave it there - MAKE IT WORK PROPERLY WITH THE GUI BASED TOOLS or remove those tools.

[blueghost]

Another adding voice to the "why the hell is this crap on my computer" crowd.

Have been totally happy with Mint distro upto this point, but OpenDNS behaves like spyware and to find it's there intentionally is kind of mind boggling.

[clem]

Hi everyone,

I just passed by and I have to say I'm saddened. I felt insulted by many of you here in this thread. If I was to face fud on daily basis I'd stop working on Mint and I'd go and do something else. This is not fun, this is not why I do what I do.

- I selected a DNS by default because many people were stuck with no DNS resolution and didn't know how to troubleshoot or fix the problem
- I added a comment in /etc/resolv.conf to make it clear this was set by default and that the file to edit was /etc/resolvconf/resolv.conf.d/tail
- I selected OpenDNS because there was no way I'd go for Google (for commercial and privacy reasons) and it seemed like the most reputable DNS service at the time
- I didn't like the fact that OpenDNS didn't respond with proper error codes when the name didn't exist, but it was a small price to pay to bring out of the box DNS resolution to thousand of people who didn't know a thing about networking

I won't tell any of you to go and see if the grass is greener on the other side, but know that I work on Mint for fun and that I never signed up for people accusing us of selling data and breaching privacy. If you don't trust Mint, don't use Mint, it's that simple. We do everything we can to make this a great OS, and by that I mean, something that works great FOR YOU. We do it mostly cause it's fun. I know I've one of the best jobs in the World and every morning when I get up I look forward to making Mint better... fixing DNS is an improvement.

With PRISM and all that happened around privacy I perfectly understand that some of you are being scared. I ask you though... please stop insulting us. One day we'll just quit when it stops being fun.

Adding OpenDNS as a resolvonf fallback is an improvement. We can discuss whether it was the best option and if there are better alternatives. We can discuss other things as well. We're all, I hope, looking for the same thing here, that is making the OS better. One thing I can't do, is deal with FUD and unfair accusations.

I'm subscribing to this thread. I invite everybody to talk about it in a constructive manner. It's not too late to change things for Mint 16 if we manage to get something going on. I'll listen to you and answer your questions as much as I can. I'll also ban anyone continuing to spread FUD unfairly (you've no idea how nefast FUD is to Mint in terms of loss of motivation and hijacking of resources).

I'll start with this... from my point of view, we "need" DNS pre-selection. I don't want to go back to the situation we had before where people relied solely on their router for it (too many people were left with no DNS). I'm pretty open to selecting another DNS service though. I'm not really aware of what's wrong with OpenDNS (other than the lack of proper error codes), at the time it seemed like the best.

[pseudolobster]

New user here, created an account to reply to this thread. Just chiming in that this is wrong, wrong, wrong, wrongity wrong, and it instills absolutely no faith in this distro. I'm not trying to spread FUD here, but when an OS serves you ads something is seriously very very wrong. Today OpenDNS gave me a page full of ads when I tried to access imgur.com. I didn't mistype the URL, I clicked a link on reddit. My router is a VM running pfsense, and I have it set to use google's DNS servers. I spent all day building a new VM, unplugging access points, making sure none of my roommates put a rogue DHCP server on my network.

It wasn't until hours into this that I guessed it could be mint causing this. So I did a google search, found this thread, but when I clicked it, what did I get but my good friend OpenDNS telling me forums.linuxmint.com is not a valid domain, here's a rainbows page full of advertisements instead. I'm not an expert really, I have no idea why a "fallback" would be the first choice in resolving these DNS entries, but I assure you I have at least four real, valid DNS servers, I was trying to access valid domain names, which totally do resolve to real IPs, but I got this spam instead.

So, considering no other OS, no other distro uses this fallback, why is it so vital? Are people without DNS really THAT common? Why aren't the ubuntu forums, the debian forums, the apple forums, the microsoft forums, all filled with people complaining that they can't resolve domain names?

Again, I'm not trying to spread FUD here, but I was personally afraid, uncertain, and doubtful this morning, because of this "feature". This may have been done with the best of intentions, but as an end-user it scares me the rainbows away from using or recommending this distro.

[clem]

Why does it fail?

Can you paste the content of your /etc/resolv.conf?

[pseudolobster]

No idea. Should be stock. This is a pretty fresh install and I haven't actually touched anything in /etc or installed much other than steam and chromium.

Code: Select all

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search localdomain

I edited the OpenDNS entries out this morning. I haven't rebooted, but I did a `sudo service resolvconf restart` and that's what it generated.

I can only assume the fact I was getting search results for valid domains this morning was because A: it was searching OpenDNS *FIRST* and ignoring my real DNS servers I explicitly want it to use, and B: OpenDNS was having issues this morning.

[pseudolobster]

I doubt I can be of much help in diagnosing why this happened, but I can provide this is the URL I was sent to:

http://guidetest.a.id.opendns.com/?url=imgur.com%2FwVNXVyx

which redirected me to this:

http://www.website-unavailable.com/main?wc=EWJvHQ1mBAVGBQp4AQ%3D%3D&url=imgur.com%2FwVNXVyx&w=1366&h=632&ifc=0

which, let's face it, is sketchy as hell.

Apparently this isn't an isolated incident, this thread expounds on the fact mint "just sometimes decides" to prefer opendns over your real, valid nameservers.

http://forum.linuxmint.com/viewtopic.php?f=157&t=127409&p=694572

At any rate, I can confirm now that I've disinfected my resolvconf.d/tail file, I get proper DNS servers:

# nmcli dev list iface wlan0|grep DNS
IP4.DNS[1]: 8.8.8.8
IP4.DNS[2]: 8.8.4.4

And I no longer have to worry about mistyping a domain and ending up infected with chinese adware spam selling me counterfeit viagra.

[clem]

I guess ads are targeted, I've no interest in learning Chinese or using Viagra.. here I'm served with trips to Killarney and University courses.

Anyway, here's my resolv.conf:

Code: Select all

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search mintbox.lan

# OpenDNS Fallback (configured by Linux Mint in /etc/resolvconf/resolv.conf.d/tail).
nameserver 208.67.222.222
nameserver 208.67.220.220

As you can see the content of /etc/resolvconf/resolv.conf.d/tail is placed at the end of the file by resolvconf.

On Launchpad, the CEO of OpenDNS explained he preferred we didn't select his service out of the box. That, and the fact that errors aren't properly acknowledged, and the fact that the pages are full of ads... is reason enough not to continue to use OpenDNS.

What I really want to know though, is whether (and why) resolvconf tail fails as a backup. If someone can shed some light on this I'd really appreciate it. Because that would be key in deciding whether to switch OpenDNS to another DNS provider, whether to drop DNS fallback altogether, or whether to implement it differently than with resolvconf tail.

[Lingula]

OpenDNS fallback is totally reasonable to ensure that Mint will work out of the box for as many users as possible, but I agree with previous posts that the backup option should be in the GUI network settings.

It's not really an issue in my case since I usually set up gateway devices to intercept port 53.

[sunsatori]

I am a real Newbie to LM15, and Linux period.
I donated and installed LM15 for privacy concerns about the Big Data Surveillance State.
I know what DNS is.
I can enter commands in a Terminal window.
I prefer a 404 if I mistype a domain or my network configuration has an issue.

Can someone please give me exact step by step instructions to follow to disable OpenDNS?

As a life long GUI addict, I would vote for an opt in/out before my OS shoots off into cyber space on its own to solve a problem it thinks I am having.

There is no freedom left in a world without Open Source. Long Life and success.

[clem]

I prefer a 404 if I mistype a domain or my network configuration has an issue.

We all agree on that (not technically a 404, but an error yes). No question.

Can someone please give me exact step by step instructions to follow to disable OpenDNS?

sudo rm /etc/resolvconf/resolv.conf.d/tail