I like OpenDNS, but was wondering if anyone has experience deploying it for a location with an Exchange installation. I'm concerned specifically about whether any filtering they do would cause problems with reverse DNS lookup that might interfere with the server or the anti-spam (GFI in our case) installation. Thanks for any insights.
EDIT: Just to follow up for anyone who comes across this question, I went ahead and swapped out our ISP's DNS IPs for OpenDNS's in our LAN's DNS forwarders — took all of a minute and a half — and it worked fine. We eventually swapped just our mail and spam servers to point to Google DNS rather than OpenDNS only because I was tired of seeing all the mail queries in our OpenDNS reports, and it has worked great this way as well.
We also eventually swapped out our Exchange/GFI setup for Zimbra and an Exim-based mail filter/gateway (MailCleaner, excellent BTW!), and have successfully kept the same arrangement with Google DNS on these servers and everything else forwarding to OpenDNS.
Best Answer
There should be no problem setting OpenDNS as the DNS provider for your network. I happen to like it. I use it at home, and we will likely be switching to it at work when we switch ISPs later this month.
EDIT: OpenDNS filters outgoing mail requests using the same filter settings as web requests. So, you will have trouble sending mail to an domain that you are blocking. There are two choices if you have this problem .. use a different DNS for the mail server, or edit your whitelist for the mail sub-domains.
DNS can be very complicated, but the basics are straight-forward. There are two separate (although related) things to worry about with respect to DNS. Many companies frequently use the same DNS provider (or servers) for both of them, that is not necessary.
First is the DNS provider which will respond to requests on the internet for information about your domain. This is the server(s) specified on the domain registration information. If this is not done by your ISP, you may need to work with the provider to insure that reverse DNS works properly.
Second is the DNS provider which will resolve requests from your network for other domains. Typically this is provided by the ISP connecting a network to the internet. This is what OpenDNS provides. The outside world does not know (or care) how your network resolves DNS requests for other domains.
I hope this makes sense .. if it doesn't please comment and I will update.