Editor’s Note: This is a summary of new additions and changes made since this review was last updated.
- OpenDNS resolvers no longer support queries for the special ‘ANY’ query type.
- DNS-O-Matic and Netgear dashboards now use the OpenDNS login page at https://login.opendns.com. This means that certain OpenDNS accounts that use two-factor authentication or SAML authentication can now extend the same security measures to their DNS-O-Matic and Netgear accounts.
- OpenDNS no longer supports PayPal.
- The service currently has 39 data centers.
- According to DNSPerf.com, the service is consistently ranked in the top 4 in performance, with an average of approximately 18.2 ms globally for the year 2022
OpenDNS has a large portfolio of both free and commercial DNS servers (opens in new tab). After the acquisition by Cisco in 2015, the business-oriented commercial services were rebranded as Cisco Umbrella, while the home products continued under the OpenDNS name, with the exception of the premium OpenDNS Umbrella Prosumer package.
Subscriptions and prices
OpenDNS has several products for home users. In addition to a number of freely available DNS packages, the company also has two paid products for home users. The OpenDNS VIP Home plan builds on the classic OpenDNS Home package and gives you statistics on your usage for $19.95 per year.
Then there’s the OpenDNS Umbrella Prosumer (OUP) package designed for users who want to protect their devices while roaming outside the home network. The package costs $20/user and can cover up to 5 users with 3 devices per user.
All OpenDNS end-user subscriptions filter content, but the ability to customize the filtering depends on the subscription. The free OpenDNS Family Shield comes with pre-configured filters to block adult content. But if you want the option to customize the filter settings, you need to sign up for the free OpenDNS Home plan.
The option to view a variety of statistics and insights into your browsing and identify the blocked malicious content and threats is available with the OpenDNS VIP Home and OUP plans. These subscriptions also allow you to create a locked-down environment by restricting access to only specific domains listed in the user-defined permission list.
The premium OUP package also comes with built-in protection against malicious phishing and malware (opens in new tab) domains and can also protect Windows and macOS devices that connect to the Internet over untrusted networks, such as at a library or hotel.
OpenDNS supports both IPv4 and IPv6 (opens in new tab) networks, although no mention is made of support for the DNS64 mechanism to allow IPv64 networks to resolve IPv4 addresses. All OpenDNS resolvers now also have the ability to validate DNSSEC domains.
In front of privacy (opens in new tab) conscious users, the service also supports DNS-over-HTTPS (DoH) for both the standard DNS resolver and the Family Shield resolver. The service also supports and recommends using DNSCrypt to encrypt DNS traffic between users and OpenDNS.
All OpenDNS plans use anycast routing and the service has more than 30 data centers (opens in new tab) located all over the world. The company claims its anycast servers rely on patent-pending extensions for fast failovers. The company also claims that it partners with more than a thousand ISPs and content delivery networks (opens in new tab) to find the shortest route to major internet service providers.
Interface and usage
To use the service, you need to switch your router and your devices to one of the OpenDNS resolvers (22.214.171.124, 126.96.36.199 for OpenDNS Family Shield and 188.8.131.52, 184.108.40.206 for OpenDNS Home and Umbrella).
The OpenDNS Home and Prosumer packages both have different dashboards. The dashboard for the Home product is quite simple. You assign your current public IP address as a private network or install the IP update tool if your ISP assigns you a dynamic IP address. Finally, choose from one of the four predefined filter levels and adjust them to your liking.
On the other hand, the process for configuring OUP is a bit more complicated. Unlike OpenDNS Home, OUP uses the Umbrella dashboard, which comes with OpenDNS’s enterprise products.
To use OUP, you must first define a policy that determines how security and access control settings are applied to your devices. You can define multiple policies to manage different sets of devices. In a very smart scheme, the product comes with a default policy that is applied to products that are not explicitly covered by a policy. This helps ensure that all devices connected to the network remain protected.
There is a policy wizard that guides you through all the required steps. The process involves selecting cybersecurity (opens in new tab) threat categories to block, including malware, phishing attacks, crypto mining, and more. In addition to predefined categories of content that you want to block access to, you can also define a custom set of domains, IPs, and URLs in allow and block lists.
OUP also allows you to customize the appearance of block pages. Interestingly, you can ask OUP to display different block pages based on the setting that triggered the block. For example, domains that are blocked for phishing may have a different block page than the page that appears when users are unable to view a domain in one of the blocked lists.
OUP also has extensive reporting capabilities that you can use to monitor and analyze security threats and further customize your policies. All reports can be filtered for relevant options to help you get a detailed picture of all types of malicious traffic.
In terms of performance, according to benchmarks from DNSperf.com, OpenDNS was ranked second in Europe for the month of August 2020. The global average query speed of 23.72 ms was only slightly behind DNSFilter’s 23.33 ms and the 22, 2ms from Google. That said, it’s still a long way from the cloudflare (opens in new tab) average of 13.89 ms.
OUP is designed for prosumers and small businesses who need control over devices often used outside the home network. The Umbrella dashboard gives you detailed control over internet access on all your devices.
Unfortunately, the roaming agents only cover Windows, macOS, and Chromebooks. Linux computers and more importantly mobile devices cannot be shielded by OUP which is a real shame. And while OUP gets protection for all sorts of malicious domains, the same isn’t true for users of the other plans.
All in all, while OUP offers a decent product, especially some of its ilk NextDNS (opens in new tab) provide a better DNS-based filtering solution, especially in terms of privacy and device management.