Why OpenDNS succeeded where ISP DNS failed when Dyn was unavailable

Last week, DNS provider Dyn was unavailable for a good part of Friday. I blogged late that day about how a computer using OpenDNS was able to access a particular website, while another computer, a block away and using the same ISP, could not. The good computer was using OpenDNS while the problematic one was using DNS servers from our ISP.

I asked OpenDNS about this and the explanation is both interesting and simple.

Starting at the very beginning, computers on the Internet are identified with numbers, called IP addresses. The most common type of IP address is a 32 bit binary number, typically written as four decimal numbers separated by periods (i.e. 1.2.3.4). You can get to Google based on its IP address with

http://216.58.219.238

When using google.com instead of a numeric IP address, it is DNS that translates from one type of identifier to the other.

The translation (google.com -> 216.58.219.238) is temporary, that is, it has a fixed lifespan. When the translation has expired, DNS server computers are supposed to phone home to, again, convert the computer name into an IP address.

For many websites, phoning home means contacting Dyn. So, last Friday when Dyn was unavailable, the websites of its customers were unreachable. The sites themselves were fine, but the translation from their name to their numeric IP address could not be made. And, for anyone using the DNS servers from my ISP, that meant no access to the websites that relied on Dyn.

But, OpenDNS bends the rules a bit.

They have a feature they call "Smarter DNS Cache Technology" that does not simply give up when it can't make a translation. They describe it as 

If a domain’s authoritative nameserver becomes unreachable or misconfigured, OpenDNS SmartCache™ returns the expired DNS response rather than an error.

In English, this means they continue to use the last IP address they had on file, even though, technically, the translation should be considered expired. There may be situations where this is not the right thing to do, but in this case, it certainly was.

Copyright © 2016 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon