From: "John Beamish" 

OK ... I really don't know if this guy has something or not but thought you
people might be interested.

http://www.wired.com/news/technology/0,71345-0.html?tw=wn_index_1


By Ryan Singel| Also by this reporter 02:00 AM Jul, 10, 2006

Few netizens think about the internet's domain name system: the
architecture that invisibly translates a browser's request for, say,
wikipedia.org into the numeric IP address where the site is hosted.

But a new startup is hoping to make DNS into a household word and usher in
an age where smarter DNS service is offered competitively, like e-mail
service or spam filtering today.

The OpenDNS system, which will open its servers to the public Monday, wants
to be a more user-friendly name resolution service than those provided by
ISPs, with technology to keep fraudulent sites out of its listings, correct
some typos and help browsers look up web pages faster.

Setting up an internet connection to use OpenDNS is about as difficult as
setting up a POP3 e-mail account, and more advanced users can tinker with
their router settings to make the change across a small network.

In return, sites like the notoriously sluggish MySpace.com load
significantly faster, thanks to the way OpenDNS caches IP addresses. Users
who type "wordpres.sorg" or "craigslist.or" into their
browser's address field are automatically routed to the correct address,
instead of getting a 404 error page.

Those who click on a link in a phishing e-mail that attempts to take them
to a fake site and con them into entering their credit card number won't
even make it to the website, if OpenDNS knows about it.

OpenDNS can identify the sites both from monitoring abnormal DNS behavior
and from relationships with services like Spamhaus that track online
fraudsters.

"In short, it's a safer and faster DNS service," says OpenDNS CEO
David Ulevitch, who already runs a DNS company called EveryDNS that lets
websites list their home address for free.

But the long answer to the question of why he started the service is far
more interesting.

Ulevitch's seven-person startup is an attempt to revolutionize a layer of
the internet's architecture in order to clean its underbelly of scammers
and spammers.

While working at EveryDNS, Ulevitch and his team started clearing out
listings for fake PayPal sites and IP addresses controlling botnets of
compromised computers. They grew frustrated with the knowledge that were
only cleaning up their small section of the internet.

"The problems we are trying to solve, such as phishing and malware,
these are social DNS problems, not technical," Ulevitch says.
"Recursive DNS servers are the root of the problem. None of these
attacks work without DNS. We set out to create a DNS server and DNS service
that provides intelligence and transparency into the way recursive DNS
service works."

The startup hopes to make money when users type in a nonexistent domain
name, such as schwinnbicyclepumps.com.

Currently, web surfers simple get an error message when they attempt to
navigate to an unused domain. OpenDNS users will instead be routed to a
company server that will present a list of search engine results and paid
advertisements.

The web-interception service currently lacks ads and isn't very useful --
it doesn't break up "schwinnbicyclepumps.com," for example, into
discrete words -- but the company plans to fix these details once it has a
user base.

The tactic could be controversial, as it is reminiscent of VeriSign's Site
Finder project, which it unilaterally launched in September 2003.

VeriSign, which controls the .com and .net top-level domains through a
contract with the U.S. government, began directing users who mistyped
domains names to its own servers, where it presented paid search results.
The move outraged the technical community and eventually led to an ICANN
commission report (PDF) condemning the practice and an unsuccessful
VeriSign lawsuit against ICANN.

But OpenDNS' approach is very different from VeriSign's, according to DNS
expert Allison Mankin, an independent consultant who helped write the Site
Finder report and works with the Internet Engineering Task Force.

"The important difference is this is your DNS service provider and not
the provider of the support infrastructure of top-level domains,"
Mankin says.

But to avoid problems, the service should strive for transparency, says
Mankin. "It would be good to have an audit trail or log, so a user
could look up and see why the service has refused to provide
resolution."

Mankin's sentiments are echoed by Rick Wesson, who runs a company called
Support Intelligence that sells data on bad actors to OpenDNS. Wesson's
service on the ICANN board with Mankin got him named as a defendant in two
lawsuits filed by Verisign.

"One of big things with Site Finder is that they did it for some 60
million domains," Wesson says. "I don't know how long it will
take for OpenDNS do that. OpenDNS is actually able to provide some defense
for people who use their service, and I have not seen anyone use DNS like a
firewall. But the internet and the market can decide if they are doing a
good thing."

OpenDNS may also face legal challenges if the company's paid search results
show up on unassigned domain names that match other companies' registered
trademarks. Google has been hit with a number of such suits over its
AdWords program. A lawsuit filed by Geico, an insurance company, was
dismissed in 2004; another suit filed by home-decorating firm American
Blind is ongoing.

Current beta testers, pulled from the EveryDNS.net, are also begging
OpenDNS to redirect clear typos, such as "wikepedia.org" (instead
of "wikipedia.org"), away from typo-squatters who set up pages
with advertising to cash-in on errant keystrokes, something Ulevitch seems
game to implement.

--- BBBS/NT v4.01 Flag-5