https://www.opendns.com/technology/dnscrypt/
I’m not a fan of third-party DNS, as there are no servers from any of the providers in the same country as me and I have no need for content/malware blocking, but this is something I would really like to have available. Perhaps Comodo could make a similar offering in the future.
sounds like an awesome idea for comodo to do
There has been always good reasons to use third party dns services.
DNSCrypt its a very good thing, but its “brand new”.
DNS will surely implement it, remember their main business its to encrypt (certificates). 
DNSSEC is available without third-party DNS providers
2. Multiple nodes, increasing your uptime and load-balancing 3. GeoDNS
Only useful if the servers are located in relatively close proximity, if they’re continents away, they’re of little use.
4. If you use third party dns, you dont need anything else than to provide your web service (reducing your costs).
No costs associated with using my ISPs DNS…
DNSCrypt its a very good thing, but its "brand new". DNS will surely implement it, remember their main business its to encrypt (certificates). ;)
I hope they do, I’d even be prepared to ‘suffer’ the delay in RTT for the benefit of encryption.
Yes, if your server has the appropiate software and as well the client, which again makes the deployment not as easy with a third party dns provider, in which you can start using DNSSEC right away.
Not necessarily. You could have a local dns server and with anycast the web services can resolve faster than your local dns server. its all about how load your server is, hardware deployment, etc.
With ISP DNS there is a big risk of cache poisoning and other threats.
With private dns provided by third party providers, you lower that risk considerably.
Not to mention the Single-Point-of-Failure.
So if you want to implement all of the above requirements for security, then you need to spend a couple or hundreds or more. Not mentioning the time you will invest.
RTT its faster with third party providers, again its all about the way you deploy the service.
Using third-party DNS services doesn’t automatically imply DNSSEC and Windows has supported DNSSEC, both client and server, in one form or another, since 2005. Moreover any name server that performs recursive name queries can forward RSSIG records. Incidentally, you might want to look into NRPT.
Not necessarily. You could have a local dns server and with anycast the web services can resolve faster than your local dns server. its all about how load your server is, hardware deployment, etc.
Exactly! Third-party DNS services may well be a benefit for those with limitations presented by their existing DNS solutions, however, it’s not a given that using such services guarantees better performance.
With ISP DNS there is a big risk of [url=https://forums.comodo.com/empty-t78358.0.html]cache poisoning[/url] and other threats. With private dns provided by third party providers, you lower that risk considerably. Not to mention the Single-Point-of-Failure.
This is a genuine concern and one that may be lessened by using a third-party solution. With regard to point of failure, most decent ISP’s should offer two name servers to cover fail-overs, if ‘yours’ doesn’t then it’s probably a good idea to look elsewhere.
So if you want to implement all of the above requirements for security, then you need to spend a couple or hundreds or more. Not mentioning the time you will invest.
Still not sure why you keep mentioning costs associated with using these services, unless you’re talking from a commercial perspective. As an individual, DNS costs me nothing.
RTT its faster with third party providers, again its all about the way you deploy the service.
RTT ‘may’ be faster with third-party DNS providers, there’s no guarantee. Of course RTT is only one factor when assessing DNS performance.
For some the most important factor in using third-party DNS services is malware protection/content blocking, ‘performance’ is quite often a secondary consideration, if it’s considered at all. For others, there may be a need to use something better, typically because their ISPs DNS servers fail frequently. Whatever the reason, for some, these are useful services but they may not be useful for everyone.
As an illustration of that, I have to use my ISPs DNS because they provide access, not only to the Internet, but to local resources on a private Intranet. Without their DNS my connection would fail and I would not be able to use the local resources.
Regardless, the new service being offered by OpenDNS is complementary to DNSSEC and certainly something I’d like to see offered by Comodo. From my perspective this has more immediate benefit than anything else and would certainly give me food for thought when considering the use of third-party DNS services.
An average DNS service implies automatic DNSSEC deployment.
Even, many good domain registration companies provide DNSSEC automatically (at registration procedure).
With regard window servers, its very common to use the most popular solutions: BIND-based or MSDNS
Again, the most common problem with this solution are cache pollution and a large number of serious security vulnerabilities
My point with this is that you transfer the security issues to someone who knows how to mitigate this serious vulnerabilities. So you can definitely rest at ease in this manner.
Better Performance, Guaranteed!
Dont know if you had a bad experience with some third party dns provider.
Im definitely talking from a commercial perspective. If we are talking about home users, there are many free solutions out there for their personal usage.
I follow you brother…
I’m afraid we’ll have to agree to disagree. I spent many, not so joyful hours, testing the performance, using a variety of metrics, against all of the known, freely available, third-party DNS providers. Without fail, their response times were significantly slower than local resources. As a very basic example you can see the differences in query time in this sample.
linux-2tj4:/home/gcb # dig A @95.154.112.74 forums.comodo.com
; <<>> DiG 9.8.1 <<>> A @95.154.112.74 forums.comodo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64746
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 2
;; QUESTION SECTION:
;forums.comodo.com. IN A
;; ANSWER SECTION:
forums.comodo.com. 1190 IN A 91.199.212.149
;; AUTHORITY SECTION:
comodo.com. 1190 IN NS ns0.comododns.com.
comodo.com. 1190 IN NS ns0.comododns.net.
comodo.com. 1190 IN NS ns1.comododns.com.
comodo.com. 1190 IN NS ns1.comododns.net.
;; ADDITIONAL SECTION:
ns0.comododns.net. 9976 IN A 149.5.128.4
ns1.comododns.net. 9976 IN A 91.209.196.5
;; Query time: 2 msec
;; SERVER: 95.154.112.74#53(95.154.112.74)
;; WHEN: Fri Dec 9 13:32:16 2011
;; MSG SIZE rcvd: 178
linux-2tj4:/home/gcb # dig A @8.26.56.26 forums.comodo.com
; <<>> DiG 9.8.1 <<>> A @8.26.56.26 forums.comodo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27369
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;forums.comodo.com. IN A
;; ANSWER SECTION:
forums.comodo.com. 719 IN A 91.199.212.149
;; AUTHORITY SECTION:
comodo.com. 499 IN NS ns1.comododns.com.
comodo.com. 499 IN NS ns0.comododns.com.
comodo.com. 499 IN NS ns1.comododns.net.
comodo.com. 499 IN NS ns0.comododns.net.
;; Query time: 210 msec
;; SERVER: 8.26.56.26#53(8.26.56.26)
;; WHEN: Fri Dec 9 13:31:22 2011
;; MSG SIZE rcvd: 146
Another consideration is how third-party name service providers handle geographically remote queries. In my case, I’m currently in Asia, and providers like Comodo and OpenDNS have servers in Singapore, but they always route my queries to the US. So, it’s not about bad experiences, it’s about what works the best for the individual concerned.
Im definitely talking from a commercial perspective. If we are talking about home users, there are many free solutions out there for their personal usage.
For this conversation, I am talking about ‘normal’ home users deciding to use something like Comodo Secure DNS or similar.
Anyway, this conversation could probably go round and round but it’s a little off topic, so lets agree to disagree 
For me, when DNSCrypt becomes available for the PC, I’ll most certainly be putting it to the test.