Disable OpenDNS

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
kyj

Disable OpenDNS

Post by kyj »

The Linux Mint Live Boot is INFECTED with SPYWARE known as OpenDNS. It hijacks all NXDOMAIN requests along with harvests every domain name you access, which they then resell for marketing/ads.

Im aware some of that is hyperbole. However, it DOES HIJACK AND PROFILE YOU FOR MARKETING, AND SERVES ADS.
Even the OpenDNS founder has publicly stated it should NOT be default. https://bugs.launchpad.net/linuxmint/+bug/1133777

Linux Mint seems intent on not only making it default, but also making it impossible to remove. For the love of god and all that is holy, how do you completely, permanently, forever, disable openDNS?

I remove their DNS server entries only to have them magically reappear next reboot! This is obscene, i thought linux was like, not about being infected with spyware? i know i know im old and grew up in the 80s/90s when there were things like 'choice' and 'freedom' and this isnt the 90s anymore, but surely, in a linux distro, you are still allowed to select non-spyware DNS servers?

Ive tried uninstalling Dnsmasq and numerous other things, but these OpenDNS servers keep re-inserting themselves into my dns server list!
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: Disable OpenDNS

Post by xenopeek »

OpenDNS is not enabled or used on Linux Mint unless no other DNS could be found or reached. It is used as fallback, and nothing more. It is only done to ensure you can use the Internet in those cases where for some reason your DNS can not be found or reached. An example of that would be if you run Linux Mint on a virtual machine, and you have not configured the virtual machine's network correctly.

So, investigate your network configuration as for some reason your ISP's DNS can not be reached (your ISP will have details on its DNS).

To others reading this, you can test whether you are using OpenDNS or not with this page: http://www.opendns.com/welcome/. If you aren't using OpenDNS, it will say "You aren't using OpenDNS yet." You shouldn't find you are using OpenDNS unless there is a problem with your network configuration, or you have enabled it yourself.
Image
untnu

Re: Disable OpenDNS

Post by untnu »

same issue here. how do i disable openDns,. it's causing me issues.
Last edited by untnu on Tue Mar 26, 2013 10:51 am, edited 1 time in total.
ChinaJ

Re: Disable OpenDNS

Post by ChinaJ »

@untnu - As xenopeek mentioned above, if you're getting OpenDNS responses, then it's most likely an issue with your internet provider's DNS. Linux Mint has OpenDNS set up as a sort of fail-safe setting for the times you still want to connect to the internet but your IP's DNS servers are down. You can always try:

1) If you're with someone like AT&T's Uverse where the DNS is set on the modem, you can change the servers there to some other ones rather than the default one for AT&T.
2) You can try setting the DNS servers through Network Manager. Go to your network connection's settings and add them there; you might have to change the IPv4 settings from Automatic to the one where you can actually type in DNS servers (sorry, not on Linux right now, so don't remember the exact phrasing on the pull-down menu). Of course, I'm not sure how that would work if the modem has DNS settings on there as well.
DavePlummer

Re: Disable OpenDNS

Post by DavePlummer »

I was able to disable use of OpenDNS by specifying two Google public DNS servers (8.8.8.8 AND 8.8.4.4) in my router's WAN connection, and then, as root, deleting the file /etc/resolvconf/resolv.conf.d/tail, which contains the following:

# OpenDNS Fallback (configured by Linux Mint in /etc/resolvconf/resolv.conf.d/tail).
nameserver 208.67.222.222
nameserver 208.67.220.220

See https://en.wikipedia.org/wiki/Google_Public_DNS for a concise description of Google's DNS implementation.
jbo5112

Re: Disable OpenDNS

Post by jbo5112 »

xenopeek wrote:OpenDNS is not enabled or used on Linux Mint unless no other DNS could be found or reached. It is used as fallback, and nothing more. It is only done to ensure you can use the Internet in those cases where for some reason your DNS can not be found or reached. An example of that would be if you run Linux Mint on a virtual machine, and you have not configured the virtual machine's network correctly.

So, investigate your network configuration as for some reason your ISP's DNS can not be reached (your ISP will have details on its DNS).
Incorrect! If OpenDNS is used as a fallback, I'm pretty sure it affects every DNS lookup that isn't found on the normal server. It appears that Linux tries every nameserver until a result is found before giving up on the domain name resolving. I have a caching DNS server on my computer, that was installed by Mint without asking me, which is queried for my DNS requests. It passes these on to the DNS server on my router, responds with LAN specific domain names and it also caches queries to Google's name servers. All of those are operating normally, but OpenDNS is still being used.

If I enter an invalid domain name, OpenDNS sometimes lies to me about the results, and promotes themselves in the process. For example trying to open http://invalid.opendns.redirect.pastebay.net should give any browser a DNS error, but with OpenDNS as a fallback, it's giving my browser a valid ip address and webpage. As far as Chromium knows, it's a proper, ordinary website. This wrecks any special operations any software performs when a domain name cannot resolve, which could be rather important when a machine is interpreting the results. If I disable OpenDNS and clear my DNS cache, I get the proper DNS lookup failed page. It only happens for some domains, so I'm not sure how OpenDNS decides what ones to do that for.

What's worse, instead of properly telling me the page doesn't exist, OpenDNS is telling me the page is temporarily offline, leading people to waste their time refreshing until someone registers it (possibly at an OpenDNS profit, who knows what domains people want to visit, before they are even imagined -- possibly not, I don't know their business model).
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: Disable OpenDNS

Post by xenopeek »

jbo5112 wrote:If OpenDNS is used as a fallback, I'm pretty sure it affects every DNS lookup that isn't found on the normal server.
That is how OpenDNS works, correct. But again, OpenDNS is only used when the default DNS is not working properly on your Linux Mint installation.

My default DNS is working properly on my Linux Mint installation, so going to your example page http://invalid.opendns.redirect.pastebay.net/ returns as expected Firefox's "Unable to connect" error. OpenDNS is not used if it is not needed.
jbo5112 wrote:I have a caching DNS server on my computer
You do not; dnsmasq is running in non-caching mode and is included as a way to improve DNS resolution handling when using VPNs (like for example for people connecting from remote location to their corporate network). If you look up your dnsmasq process with ps you can see with what parameters it was started. It is started by NetworkManager. Here is how NetworkManager invokes it on Linux Mint 14:

Code: Select all

/usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 --conf-file=/var/run/nm-dns-dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d
From the manpage you can see that --cache-size=0 means it is indeed running in non-caching mode (as caching could possibly be exploited):

Code: Select all

       -c, --cache-size=<cachesize>
              Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
jbo5112 wrote:If I disable OpenDNS and clear my DNS cache, I get the proper DNS lookup failed page.
This is curious, and I'm not sure what could be causing your default DNS to fail initially (triggering the fallback to OpenDNS).
jbo5112 wrote:I don't know their business model
OpenDNS has several commercial services targeted at businesses. Their free services are supported by ads you get to see when you go to non-existent domain. There are various ways to disable that redirection if you so desire.

I understand some of your concerns, though have hopefully laid to rest some above. You are not the first to voice your concern/distrust of OpenDNS. Should Linux Mint instead use Google's DNS as a fallback DNS, there would be other users (if not some of the same) that would voice their concern/distrust of that. There's no pleasing everybody...

The intent of the Linux Mint developers is for those users for which their default DNS isn't working properly on Linux Mint, to not be without a DNS and so to be able to continue to use Internet (and perhaps do a search and figure out how to fix that issue). A common cause is running Linux Mint on a virtual machine with a misconfigured virtual network.
Image
TheForumTroll

Re: Disable OpenDNS

Post by TheForumTroll »

Is OpenDNS really added by default as fall-back?

I'm sure some users would also hate to have Google's servers as a fall-back, but still, there isn't a lot of big DNS providers Mint could have chosen that are worse than OpenDNS. Google would be a lot better as they at least do not hijack anything. That or none at all. I don't really care for my own usage as I have my own DNS server, but it does smell a bit of Ubuntu to add it as default fall-back me thinks.
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: Disable OpenDNS

Post by xenopeek »

TheForumTroll wrote:there isn't a lot of big DNS providers Mint could have chosen that are worse than OpenDNS.
That is a matter of personal opinion. OpenDNS is a reputable DNS provider, regardless of whether you ascribe to their business model. They are innovators and pioneers, for example with the DNSCrypt stack that makes it very hard for MITM attacks to take place even on public networks. With using Google DNS there would be immediate privacy concerns for many users, whether those are warranted or not. Would it be better to let users be stuck without a DNS? I personally don't think so. Perhaps it would be nice if users were notified about their DNS isn't working and a fallback being activated.
TheForumTroll wrote:but it does smell a bit of Ubuntu to add it as default fall-back me thinks.
Ubuntu has a different mission than Linux Mint, but it is respected as a solid package base on which Linux Mint has been built for years. Let's not take cheap shots at it. Canonical is developing its way to support the distro financially, as Linux Mint has its own way (donors and sponsors, but also ads and search engine revenue).

Linux Mint does not share in the revenue that OpenDNS generates through their business model. OpenDNS is used solely as a reputable and stable fallback DNS, and nothing more.
Image
TheForumTroll

Re: Disable OpenDNS

Post by TheForumTroll »

OpenDNS is a DNS provider and yet they break the RFC by not returning NXDOMAIN for invalid URLs. I can see you don't mind, but even ICANN disagree with you saying they "strongly discourages the use of DNS redirection" and it is also against EU data protection rules. Reputable is not what I would call them at all. They are in a grey area - but a lot closer to black than white.
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: Disable OpenDNS

Post by xenopeek »

We can disagree all we want but that doesn't change the fact that the Linux Mint developers are as always open to suggestions :wink: If you have a better alternative, your are very much welcome to suggest it. Using Google DNS would not do the redirection of invalid domains AFAIK, but it would raise privacy concerns from some users. So it's not a better alternative in that there would be less concerns.

As for "it is also against EU data protection rules", I assume that is not the case as OpenDNS complies with the U.S.-EU Safe Harbor program (as detailed on their privacy policy) which is specifically for this I believe.

In short, not using OpenDNS would be a worse user experience. If you have an alternative that would, to your mind, be a better alternative and would not obviously raise other concerns (like Google would) then make it known please :)
Image
gilrim

Re: Disable OpenDNS

Post by gilrim »

https://bugs.launchpad.net/linuxmint/+bug/1133777

"Would it be better to let users be stuck without a DNS?"
By default? Absolutely! There is no way you can argue that intentionally leaking company configurations, displaying ads and responding to dns-requests explicitly /WRONG/ is a good thing? I realize the Mint community needs to generate income, but do that with Fit-pc and opt-in projects. Even figuring out how to disable this isn't readily available; I found this thread by searching for info on getting rid of it...
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: Disable OpenDNS

Post by xenopeek »

I'll repeat from above; Linux Mint does not share in the revenue that OpenDNS generates through their business model. OpenDNS is used solely as a reputable and stable fallback DNS, and nothing more. We are in agreement that it would perhaps be preferable for users to be notified when the fallback is activated.

It's only used when no other DNS is found; usually hinting at an incorrect network configuration. Most common when using Linux Mint from a virtual machine.
Image
chifiebre

Re: Disable OpenDNS

Post by chifiebre »

just my 2 cents.

please disable this behaviour in generic - because this causes huge problems.

to force someone to use another DNS servers then the default he/she selfs configured is in base - wrong.

This is like forceing Linux users to Use by default as Fallback Windows :)

i struggled today with the opendns problem because my firms DNS server is buggy - this resulted into really weird behavior - like my localhost is not resovable on some ocassion. Which is REALLY weird.

im still debugging the problem - but it helped me to disable the OpenDNS fallback - because it results into more ??? (confused) situations.

Maybe as another reason - Mint Linux is so far i know the *only* distribution that does this OpenDNS fallback solution and i dont think its a must have feature.... it results into puzzled faced looks :D

so long
chifiebre
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: Disable OpenDNS

Post by xenopeek »

Having a working network connection but not being able to resolve domain names because your DNS is misconfigured (or "buggy" :)) also gives puzzled faces. Though you might be able to work out how to fix that, most users of Linux Mint won't. Hence there is a fallback to ensure if they have a working network connection, but their DNS has issues, they can use the Internet regardless of that.
Image
russor

Re: Disable OpenDNS

Post by russor »

I'm not new to Linux, but new to Mint, and this leaves me somewhat concerned because I'm now not sure I can trust this distro with my information. I'll probably be putting Arch on this machine now.

If you MUST have a third-party fallback DNS, please consider using a more reputable company that doesn't sell your data, like OpenNIC. And also make it an opt-in thing, or at least inform the user rather than just presenting them with an OpenDNS page. I didn't know whether it was my ISP, Mint or something else that had caused this.
xte

Re: Disable OpenDNS

Post by xte »

This "fallback" is absolutely not welcome in many cases.

In firefox for example, if you type something in the address bar, you search with google for the typed text if it wasn't resolved. But with opendns "fallback" you never have the information that the name wasn't resolved and it gives a search result from opendns.

For me opendns was just a hack I couldn't get around on the firefox "search in address bar" feature.

This default opendns "fallback" should be removed and looks like a really bad and inconsidered idea.

Thank you to anyone that has any influence on this matter for helping us remove this ugly behaviour from linux mint!
User avatar
grimdestripador
Level 6
Level 6
Posts: 1051
Joined: Fri Feb 16, 2007 2:26 am

Re: Disable OpenDNS

Post by grimdestripador »

Stay on topic. This thread shoudl be about Disableing OpenDNS. I presumed I would hear a discussion of different ways to disable it. I just want to disable it, becuase openDns does DNS hyjacking. As well as my cable company. By the time I've acutally made it to reddit, I've received multiple "search results" just for typing, www.reddit.com, http://www.reddit.com. It a mess of clearing my DNS cache. Lets just accept that for some, they would like to disable OpenDNS. Whats wrong with a 404?
xte

Re: Disable OpenDNS

Post by xte »

To disable it I had to comment out lines referencing opendns in

/etc/resolvconf/resolv.conf.d/tail

and

/etc/resolv.conf
SC23

Re: Disable OpenDNS

Post by SC23 »

I was aware OpenDNS was basically a Google arm back a few years ago when they made agreements together and such.. question is then.. if you have a pretty incompetent or non trustworthy(ish) ISP, what is a good DNS then? Something non-google.. FWIW.. I have OpenDNS at the router level because they were the most stable non-google solution I could find a few years ago..and yes it pisses me off when I get a redirect on 404's but yhen again.. when I launch a website with new DNS it shows up within minutes, not days.. and that is important when you are on the phone with a client.

So the question is.. who to use then?
Locked

Return to “Beginner Questions”