I do this, too.

It's called HOSTS and djb's cdb constant database.

And one does not need to use a recursive cache to get the IP addresses. Fetching them non-recursively and dumping them to a HOSTS and a cdb file can sometimes be faster; I have a script that does that. Fetching them from scans.io can be even faster.

   cd||exit
   [ -c null ]||mknod null c 2 2 
   
   case $# in
   0)
   {
    sed '
         /#/d;
         /^[0-9]/!d;
    ' /etc/hosts \
     |{ 
        while read a b c d;
        do 
        echo +${#b},${#a}:$b-\>$a;
        done;
      }
    echo;
   } \
    |exec awk '!($0 in a){a[$0];print}' \
    |exec cdbmake $0.cdb $0.t||exit
   exec cdbdump < $0.cdb
   
   ;;1)
   test ${#0} = 2 ||
   exec cdbget $1 < $0.cdb >null;
   exec cdbget $1 < $0.cdb;

   esac

   usage: $0  
   usage: $0 domainname

First usage compiles and dumps database to screen. Second usage checks for presence of domainname and exits 0 if present otherwise exits 100. Third usage is if $0 is only two characters it will check for presence of domainname and if present print the IP and domainname in HOSTS format.

http://cr.yp.to/cdb.html

With all due respect to the enormous reliance on it that has built up over the past decades, DNS is not the internet. It is just a service heavily used for things like email and web. This does not mean, in an emergency, email and web cannot work without DNS. They once did and they still can.

The internet runs just fine without DNS. Some software may refuse to honour HOSTS and rely on solely on DNS. But that is a vulnerability of the software, not the internet. (And in such cases, e.g., qmail, I just serve my own zone via tinydns, which again is just a mirror of HOSTS.)

What you are doing and claiming is ridiculous.

For one, how are you doing to deal with stale records?

Awesome! Is this available as software I can install on my network? Sorry, probably a dumb question.

Nope, just point your machine or router's DNS to use opendns resolvers instead of your regular ones: 208.67.222.222 and 208.67.220.220

Do you have a link on the opendns web site that refers to those specific Ips?

One can go even further and install DNSCrypt:

https://dnscrypt.org/

Any downsides to using this? I'm tempted to start using it, but I'm not really sure if there's any particular thing I should consider first.

Be aware that some things (Netflix, Comcast, Youtube) expect you to use your local DNS server so that they can route you to the nearest media server. Using a central IP Address like what is mentioned here can result in unsatisfactory video streaming....at least that's what I found with our Apple TV.

OpenDNS sends your "EDNS client subnet" to some CDNs including Google, though maybe not Apple.

https://www.opendns.com/enterprise-security/technology/globa...

Yes, but beware, they (at least used to) resolve unknown names to a page filled with ads.

They stopped that.

https://www.opendns.com/no-more-ads/

That's good to know - the ads are the reason I reluctantly switched from OpenDNS to google.

(Reluctantly in that Google already has enough of my data, thanks, through gmail, search, maps, docs and other services, not because it doesn't work well.)

Google DNS doesn't store any identifiable/private data, as far as I understand?

https://developers.google.com/speed/public-dns/privacy

Yea, but it's also plaintext. Super easy to tap, if I understand correctly.

Still, I prefer it to isps snooping.

Anyone know if Google Public DNS does?

It doesn't (first result is openDNS, second is google):

    $ dig -tA twitter.com @208.67.222.222

    ; <<>> DiG 9.8.3-P1 <<>> -tA twitter.com @208.67.222.222
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63973
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;twitter.com.			IN	A

    ;; ANSWER SECTION:
    twitter.com.		0	IN	A	199.59.148.82
    twitter.com.		0	IN	A	199.59.149.198
    twitter.com.		0	IN	A	199.59.148.10
    twitter.com.		0	IN	A	199.59.150.7

    ;; Query time: 14 msec
    ;; SERVER: 208.67.222.222#53(208.67.222.222)
    ;; WHEN: Fri Oct 21 11:53:40 2016
    ;; MSG SIZE  rcvd: 93

    $ dig -tA twitter.com @8.8.8.8

    ; <<>> DiG 9.8.3-P1 <<>> -tA twitter.com @8.8.8.8
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47295
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;twitter.com.			IN	A

    ;; Query time: 13 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Fri Oct 21 11:53:47 2016
    ;; MSG SIZE  rcvd: 29

A shame OpenDNS used to redirect me to some spam webpage every time I tried to resolve a domain that didn't exist--they earned a spot on my black list forever. :(

It's been years since we did that, and they were not spam pages, and easily able to opt-out.

Well, the fact that people still remember goes to show what a truly terrible idea it really was and that it probably did permanent damage to your brand.

I'm not sure what metric you use to judge it as terrible.

I thought it was great. 10,000 companies pay for my service today. 65 million people use my infrastructure today. Cisco bought the company for more than $650m. It continues to innovate on the decades old DNS in secure and useful ways.

So let me know what part is terrible.

The part where you repeated Verisign's mistake in breaking a fundamental protocol.

NXDOMAIN. Kind of a thing, and important to protocols other than HTTP.

The point is that the company did just fine even having made a mistake. Ignoring that is just being difficult.

No, the point that a company doing just fine is somehow an excuse for its actions is just the reason why we can't have nice things.

"I got mine."

I used OpenDNS for a long time. I eventually switched to Google DNS mostly because its IPs are shorter and easier to remember, and I didn't use any of the power user features for OpenDNS. I remember the page full of ads and to be honest I don't begrudge it. We all expect everything given to us for free these days, and then we don't even want the company to make money showing us an ad on the rare occasion that we mistype a URL. It's hard to get paid these days.

Ironically, those unrealistic expectations are probably a significant factor in the growth of data mining and resell; how else is a free-to-use website that doesn't have any ads (or whose users mostly block ads) going to get paid? You may say "not my problem", but it affects you when you leave the company no option but to resell data on the behaviors they observe from you.

Why not? It's blunt, but to the point, honest, and passionate. Who cares about tone?

And seems very appropriate for the founder of OpenDNS. Pretty authoritative.

Everyone has preferences, I guess. I far prefer honest and curt to the kind of anodyne, contentless word-payloads pumped out by so many corporate communications departments.

Say, generating corporate communications seems like a promising direction for neural networks. A Markov chain comes close...

They don't do that any more, for what it's worth. I think for a while that was the only revenue stream for what was otherwise a free service. https://www.opendns.com/no-more-ads/

This attitude only promotes the idea that "well we might as well just continue like this then". If you can never forgive a company for doing wrong when they've corrected themselves years ago and now have a track record of doing nothing else that's irked you then what's the point in them ever bothering to make the change?

If what they do is useful to you but have a feature or bug or something else you don't like then you absolutely should forgive them if they then fix that feature or bug to work in a way you like. They may as well never bother fixing things if they can never be forgiven after repenting their internet sins.

If you've since found something that does do what you want then fair play, fill your boots. Otherwise you're being petty for the sake of being petty.