I’m pretty sure the Open Pandora crowd has heard about what DNS are. Domain Name Servers. When you put an address like www.pandoralive.info in your browser bar, your browser will connect to the DNS servers to resolve the name and find the IP address attached to it. Now, do you know what DNS servers you are currently using on your machines, and your Pandora ? Mmm. Do you ?
If you have never taken the chance to modify your DNS settings, chances are that your DNS is by default the one provided by your ISP. It may be OK, or it may be completely crap for all your know. Your ISP may be tracking you via your DNS requests (so that they know every site you visit, and report them to your friendly country’s police/surveillance agency for good measure), or, in a worse case, they may be filtering your access to the Internet, by preventing the resolution of sites that could be forbidden by your government. Granted, blocking a site at a DNS level is pretty stupid and ineffective, but it does exist in several parts of the world.
Then you have OpenDNS. OpenDNS is a free DNS service (it’s not the only one, there are others) that aims at preventing DNS-level filtering, as well as adding additional protection against known malicious (i.e. phishing) sites. It may not always be the case, but there’s a chance that OpenDNS name resolution may be faster than your ISP’s one, and that DNS changes are introduced faster on OpenDNS than anywhere else. Note that OpenDNS was often the object of critics: they used to be supported by ads (whenever your domain name could not be resolved) but they have just removed that policy and completely removed the ads from their service a couple of days ago. Therefore there’s really no good reason not to use them now, unless you do server work. Hitting an fake DNS name will always return a result with OpenDNS, instead of an error. For a simple user it does not matter, but for developers it may be of importance.
In order to change your DNS settings, in the Linux world you usually go and edit your /etc/resolv.conf file, but on Pandora this will not work very well. The reason is, the Network Manager erases that file and recreates it every single time you disconnect and reconnect, so it will not keep any of your settings more than a single connection. The proper way to do it is the following. It will take you less than 5 minutes, so you can do this while waiting for your coffee or tea to be ready.
- Right click on your network icon
- Click on “Edit Connections”
- A new window will appear, where you can select your current connection. If you connect via wireless, go in the wireless tab and select the connection you use. Then click on “Edit”
- A new window appears, go in the IPv4 settings tab.
- Automatic DHCP should be ON by default, you need to change it to Automatic DHCP addresses only, so that the DNS field becomes editable.
- In the DNS servers field, you enter the following DNS entries:
Then click on “Apply” (you may need to move the window if you cannot see the buttons), and you should be good to go.
To verify that your settings are correct, there’s a simple way to do it:
- Open the address http://welcome.opendns.com and it everything was configured properly, you will get this message:
- You can also check that their phishing link (provided for testing at the bottom of the same page) is properly blocked as well. You should get this:
If you want a pure, unfiltered and unprotected access to the Internet (i.e. even access to phishing sites!) you can use Google’s Public DNS instead. Note that Google claims that they don’t track what’s going through their DNS, but hey, can we really trust them after all the lies they told following the Snowden revelations ? Even if they don’t, the NSA might as well since they have unlimited access to their servers, so I’d suggest it’s better to diversify your sources as much as possible and avoiding shopping in a single supermarket, if you know what I mean.
Anyway, it’s up to you. You can continue using a (most probably crappy and censorship-friendly) ISP DNS server if you wish, or use OpenDNS for a slightly more open solution with additional safeguards. Not that I’m advertising OpenDNS here, but they also make money on their DNS filtering solutions for families with children. If you don’t want to let your little boys/girls see naked women or other funny pics like that while you are not looking, OpenDNS’s premium features (i.e. paying) make it possible for you to completely block such sites at the DNS level. And unless your kids are smart enough to know what DNS are and how to change them, they probably won’t get around such limitations easily.
While you’re at it, and if you care about your government not spying on you the whole time, you should properly consider setting up a VPN as well, as mentioned in one of my earlier articles. And keep in mind that everything I mentioned about OpenDNS or VPNs is valid for ALL your network connected devices, not just the Pandora. So don’t forget to apply the same settings across your gadgets regardless of their brands if you want to be consistent.
That’s it! Hope it helps, and let me know what you think.