I'm sure this question gets asked quite a lot but which one do you guys prefer? Some articles on the web strongly recommend to stick with your ISP's DNS servers while others recommend switching to either Google Public DNS or OpenDNS. I have used Namebench to check which DNS servers are close to me and it tells me that if I switch to OpenDNS, my internet speed will improve by 9.8%. I have also seen a ton of articles that say that Google Public DNS servers and OpenDNS servers constantly go down and it's just better to stick with your ISP's DNS.
Google DNS vs OpenDNS vs ISP DNS
Capt
21 - 40 of 51 Posts
Quote:
Higher latency DNS lookups just mean..... slower DNS lookups? Once the IP has been resolved, why would the DNS server matter?
UNLESS.... you are talking about the geographically remote DNS server is resolving to an IP of a site that is more local to it rather than another IP that might be closer to the user.
I don't understand your case here...... how would a DNS lookup taking longer lower throughput or non-DNS lookup latency?Originally Posted by tompsonn
I've already explained why its possible you can actually get less bandwidth with changing a DNS server but it depends what servers depend on being geographically close to provide better bandwidth.
For example, with my ISP DNS I get Google servers that are closest to me geographically. With some other DNS provider, I get ones that could be halfway across the world and it is much slower.
Whether or not this is actually happening for the OP and its not just some placebo thing well we can't say until he gives us some numbers and servers he is downloading from.
Higher latency DNS lookups just mean..... slower DNS lookups? Once the IP has been resolved, why would the DNS server matter?
UNLESS.... you are talking about the geographically remote DNS server is resolving to an IP of a site that is more local to it rather than another IP that might be closer to the user.
Joined
·
3,124 Posts
I just did a quick test on speedtest.net with different DNS providers. When I did the test in speedtest.net, I picked the closest server in my area which is the one in Hudson, NY.
ISP DNS
DL: ~37 Mbps - UP: ~21Mbps - Ping 28ms
Google DNS
DL: ~14 Mbps - UP: ~17Mbps - Ping 34ms
OpenDNS
DL: ~13 Mbps - UP: ~16Mbps - Ping 33ms
ISP DNS
DL: ~37 Mbps - UP: ~21Mbps - Ping 28ms
Google DNS
DL: ~14 Mbps - UP: ~17Mbps - Ping 34ms
OpenDNS
DL: ~13 Mbps - UP: ~16Mbps - Ping 33ms
Quote:
I suggest you try doing several speed tests per DNS provider; you'll find they all work out the same.
DNS wouldn't even affect speedtest.net.Originally Posted by Capt
I just did a quick test on speedtest.net with different DNS providers. When I did the test in speedtest.net, I picked the closest server in my area which is the one in Hudson, NY.
ISP DNS
DL: ~37 Mbps - UP: ~21Mbps - Ping 28ms
Google DNS
DL: ~14 Mbps - UP: ~17Mbps - Ping 34ms
OpenDNS
DL: ~13 Mbps - UP: ~16Mbps - Ping 33ms
I suggest you try doing several speed tests per DNS provider; you'll find they all work out the same.
Joined
·
808 Posts
I have tried my verizon DNS, Google DNS and Open DNS. Google had their DNS hijacked recently, a simple "google dns hijacked" as a search will show you what I mean. I saw that happen and went back to open DNS for now and have had no issues. Also OpenDNS has most of their servers right down the street from me lol. I've done some DNS benches and Open DNS shows as the fastest but it really doesn't make much of a difference, it's just name resolving.
Joined
·
7,426 Posts
Quote:
Is there a way to do any casting instead? Request the lookup from OpenDNS, GoogleDNS, IP DNS, etc simultaneously and just use the first to respond?
With DNS lookups, I know that most implementation will attempt primary and then secondary if no response.
Is there a way to do any casting instead? Request the lookup from OpenDNS, GoogleDNS, IP DNS, etc simultaneously and just use the first to respond?
Quote:
Or if you're feeling brave, you could rewrite the OS DNS resolver (in fact it might be pretty trivial to do this in Linux since you can pick and choose which stacks to use to resolve domain names and the order in which to use them.
Not really no. You could easily write an proxy name server to do this, though you'd obviously be adding latency in doing so which might mitigate the benefits of parallel queries - depending on where the proxy sat (ie localhost? server inside the LAN?)Originally Posted by DuckieHo
With DNS lookups, I know that most implementation will attempt primary and then secondary if no response.
Is there a way to do any casting instead? Request the lookup from OpenDNS, GoogleDNS, IP DNS, etc simultaneously and just use the first to respond?
Or if you're feeling brave, you could rewrite the OS DNS resolver (in fact it might be pretty trivial to do this in Linux since you can pick and choose which stacks to use to resolve domain names and the order in which to use them.
Joined
·
7,349 Posts
i use a DNS benchmark tool https://www.grc.com/dns/benchmark.htm wroks pretty well and helped me find a closer DNS server and my new DNS lowered my ping by 60ms or so for the game servers i use
![smile.gif]( "smile.gif")
Joined
·
7,426 Posts
Quote:
DNS is to look up the name of a server. It will not affect your ping.
No it didn't.Originally Posted by ozlay
i use a DNS benchmark tool https://www.grc.com/dns/benchmark.htm wroks pretty well and helped me find a closer DNS server and my new DNS lowered my ping by 60ms or so for the game servers i use![smile.gif]( "smile.gif")
DNS is to look up the name of a server. It will not affect your ping.
Joined
·
7,426 Posts
Quote:
Correlation does not imply causation.
It's not perhaps. Its fact.Originally Posted by ozlay
perhaps but i did get better ping to servers as a side effect not sure why![smile.gif]( "smile.gif")
Correlation does not imply causation.
Joined
·
7,349 Posts
Quote:
![smile.gif]( "smile.gif")
It maybe fact but its also fact that my ping is better then what it was after switching my DNS so what ever factored in the change in my ping idk i cant explain why as I know little on the subject but i know for a fact my ping is better then what it was but what ever the reason the dns benchmark tool I posted is a pretty interesting tool so i do recommend others giving it a try if they are looking for a new DNSOriginally Posted by killabytes
It's not perhaps. Its fact.
Correlation does not imply causation.
I am just really confused with some of the results people are getting.
One thing that is possible is that the ISP's prioritize the traffic from their DNS servers over 3rd party. So, when they get a DNS request to a different server, they put it lower on their QOS stack?
Another possibility is the DNS is just further away. If the DNS i am targeting is near my city vs one across the country.
What i do not know, is if the DNS translations are region based. IE, if comcast has a server in Texas that i use now, that says Netflix is 69.53.236.17 , but in California it says 69.53.236.18 . Depending on how Nexflix coded their stuff, it will either try to find a server based on the region of my IP , or since I hit ther .17 server that it must be that location.
For anyone testing with ping.... try their domain name and their IP. DNS is just going to translate Netflix.com to 69.53.236.17 , so if you ping 69.53.236.17 , it bypasses the DNS server. In reality there should be no difference. The only thing that should alter this is the delay for the initial start time. When doing the IP, it will start pinging right away, with the domain name, it may take a split second longer if it needs to do a DNS request. Also make sure that your not accidentally pining with IPv6 because that could easily cause some additional delays (This has happened to me 1x when pining Google.com).
With PC, in CMD, type IPCONFIG /displaydns to see what your cache looks like, and /flushdns to clear it. I dont think your gateway would have a cache, but who knows.
EDIT: I'm also willing to bet that people who use a different DNS will get flagged by the ISP and have their traffic monitored more closely. At least that's why i would do if i were them.
One thing that is possible is that the ISP's prioritize the traffic from their DNS servers over 3rd party. So, when they get a DNS request to a different server, they put it lower on their QOS stack?
Another possibility is the DNS is just further away. If the DNS i am targeting is near my city vs one across the country.
What i do not know, is if the DNS translations are region based. IE, if comcast has a server in Texas that i use now, that says Netflix is 69.53.236.17 , but in California it says 69.53.236.18 . Depending on how Nexflix coded their stuff, it will either try to find a server based on the region of my IP , or since I hit ther .17 server that it must be that location.
For anyone testing with ping.... try their domain name and their IP. DNS is just going to translate Netflix.com to 69.53.236.17 , so if you ping 69.53.236.17 , it bypasses the DNS server. In reality there should be no difference. The only thing that should alter this is the delay for the initial start time. When doing the IP, it will start pinging right away, with the domain name, it may take a split second longer if it needs to do a DNS request. Also make sure that your not accidentally pining with IPv6 because that could easily cause some additional delays (This has happened to me 1x when pining Google.com).
With PC, in CMD, type IPCONFIG /displaydns to see what your cache looks like, and /flushdns to clear it. I dont think your gateway would have a cache, but who knows.
EDIT: I'm also willing to bet that people who use a different DNS will get flagged by the ISP and have their traffic monitored more closely. At least that's why i would do if i were them.
One thing we have to remember is how the Internet itself is cobbled together along with how DNS resolution actually works and how CDN (Content Delivery Network) technologies such as Akamai and Amazon cloud massage DNS to force users to a specific edge service hopefully based on their geographic location.
As we all know, the Internet itself is just a collection of loosely connected networks with a few backbone carriers forming the mass of the connectivity between them. General consumer ISP's like Comcast, Windstream, etc. will typically have multiple peer points with major backbone carriers such as Level3, Verizon (VzB), AT&T, Sprint (who owns the old MCI transports). Companies like Google are also getting in on the game with their Google fiber projects. And Amazon is building it's own private backbone in an attempt to maintain control of it's own content.
So, in the olden days, a user sitting in Maine trying to get to a Google server in Mountain View would have to bounce around inside his local ISP, reach his ISP's local peer then get forwarded to his ISP's regional data center where it would pick-up a connection to his ISP's ISP. From there he would ride to the regional NAP in New York, NY. and pick up one of the primary east-west backbones - most likely AT&T at this point. His traffic would route across the US to the AT&T's regional NAP in LA where it would then hop off onto Google's local carrier and finally hit the server he wanted.
Today, 70-80% of all traffic if served via a CDN - the majority of which is either Akamai with Amazon catching up quickly. What happens is that a CDN will have an agreement with regional ISP's (with some services they're pushing it even closer to the user) where they establish an Edge network at that carrier. They also have agreements with content providers such as Google, Netflix, etc. which they then push cached content for those content providers to these Edge networks that is used to feed traffic to the ISP's users.
By massaging the DNS hierarchy they CDN ensures that all users on ISP xxx will directed to Edge network xxx for content xxx. There's actually 3 or 4 ways these work and the details are complex, but if you're interested here's some good slides that covers a few.
Using my example above, that same guy tries to go to Netflix - which has an agreement with one of the CDN's. The guys PC does a DNS call to his ISP's DNS servers who through DNS Black Magic returns the IP of the ISP's local Edge network and the content is served.
Now lets suppose that user changed his DNS to point to Level3's 4.2.2.4 server. His "perceived" download speeds appear slower. I say perceived and appears because DNS does nothing to your actual bandwidth - but it can do a ton for optimization downstream. What has happened is that now when his PC attempts to resolve for Netflix he is bypassing his local ISP and sending it to L3. This server may be sitting in Seattle for all we know. If so, then instead of the cached content at his local ISP's Edge network he's now getting cached content for Level3's edge network in Seattle. Also, we have to keep in mind that now his media stream is competing with the traffic of the millions of other users flowing between east and west coasts. And given that most carriers rely on CDN's to serve content locally/regionally most carriers will put classify streaming media lower than other traffic to force users to use local CDN copies.
Now if that same user up and moved to Seattle and kept his DNC pointed to 4.2.2.4 his problems would go away because his geographical proximity to the content he's forcing his PC to pull from has changed. This is why some people have different experiences with stuff like Google DNS and OpenDNS. It's all relative.
I hope this cleared some things up a bit and didn't just make things more confusing. But, I've seen this problem countless times in my consulting gig's and it's a very hard concept for some folks to grasp.
As we all know, the Internet itself is just a collection of loosely connected networks with a few backbone carriers forming the mass of the connectivity between them. General consumer ISP's like Comcast, Windstream, etc. will typically have multiple peer points with major backbone carriers such as Level3, Verizon (VzB), AT&T, Sprint (who owns the old MCI transports). Companies like Google are also getting in on the game with their Google fiber projects. And Amazon is building it's own private backbone in an attempt to maintain control of it's own content.
So, in the olden days, a user sitting in Maine trying to get to a Google server in Mountain View would have to bounce around inside his local ISP, reach his ISP's local peer then get forwarded to his ISP's regional data center where it would pick-up a connection to his ISP's ISP. From there he would ride to the regional NAP in New York, NY. and pick up one of the primary east-west backbones - most likely AT&T at this point. His traffic would route across the US to the AT&T's regional NAP in LA where it would then hop off onto Google's local carrier and finally hit the server he wanted.
Today, 70-80% of all traffic if served via a CDN - the majority of which is either Akamai with Amazon catching up quickly. What happens is that a CDN will have an agreement with regional ISP's (with some services they're pushing it even closer to the user) where they establish an Edge network at that carrier. They also have agreements with content providers such as Google, Netflix, etc. which they then push cached content for those content providers to these Edge networks that is used to feed traffic to the ISP's users.
By massaging the DNS hierarchy they CDN ensures that all users on ISP xxx will directed to Edge network xxx for content xxx. There's actually 3 or 4 ways these work and the details are complex, but if you're interested here's some good slides that covers a few.
Using my example above, that same guy tries to go to Netflix - which has an agreement with one of the CDN's. The guys PC does a DNS call to his ISP's DNS servers who through DNS Black Magic returns the IP of the ISP's local Edge network and the content is served.
Now lets suppose that user changed his DNS to point to Level3's 4.2.2.4 server. His "perceived" download speeds appear slower. I say perceived and appears because DNS does nothing to your actual bandwidth - but it can do a ton for optimization downstream. What has happened is that now when his PC attempts to resolve for Netflix he is bypassing his local ISP and sending it to L3. This server may be sitting in Seattle for all we know. If so, then instead of the cached content at his local ISP's Edge network he's now getting cached content for Level3's edge network in Seattle. Also, we have to keep in mind that now his media stream is competing with the traffic of the millions of other users flowing between east and west coasts. And given that most carriers rely on CDN's to serve content locally/regionally most carriers will put classify streaming media lower than other traffic to force users to use local CDN copies.
Now if that same user up and moved to Seattle and kept his DNC pointed to 4.2.2.4 his problems would go away because his geographical proximity to the content he's forcing his PC to pull from has changed. This is why some people have different experiences with stuff like Google DNS and OpenDNS. It's all relative.
I hope this cleared some things up a bit and didn't just make things more confusing. But, I've seen this problem countless times in my consulting gig's and it's a very hard concept for some folks to grasp.
Essentially, from what I've previous read, a DNS acts as an index of sorts, like an address book, where Googles address book is bigger. The quicker the lookup, the quicker you're provided with results. To be honest, it's hardly noticeable, however there are few instances where Googles DNS has "indexed" websites and provided a faster lookup. They've also now moved a DNS server to Australia, so anyone down under should benefit from this. Then again, I've got no idea what I'm talking about
![biggrin.gif]( "biggrin.gif")
I would say you're 50/50 right.
DNS is an index of hostnames to IP addresses; but it actually isn't an automated process like one would think of a Google Search index.
Here's a goog like to explain how DNS works.
But, it's a more of a hierarchical look up scheme with name registrars acting as the data input. (IE when someone registered overclock.net the company they registered with began advertising data about the server the site lives on to other DNS servers, etc.).
The biggest problems with small local ISP's is that they tend to undersize their DNS servers and have very little security around them - hence they are suspect to DNS poisoning. Google DNS usually works so well because Google has loads of $$$'s to dump into their infrastructure and have huge bandwidth agreements with almost every major telecom.
DNS is an index of hostnames to IP addresses; but it actually isn't an automated process like one would think of a Google Search index.
Here's a goog like to explain how DNS works.
But, it's a more of a hierarchical look up scheme with name registrars acting as the data input. (IE when someone registered overclock.net the company they registered with began advertising data about the server the site lives on to other DNS servers, etc.).
The biggest problems with small local ISP's is that they tend to undersize their DNS servers and have very little security around them - hence they are suspect to DNS poisoning. Google DNS usually works so well because Google has loads of $$$'s to dump into their infrastructure and have huge bandwidth agreements with almost every major telecom.
Joined
·
5 Posts
Quote:
OpenDNS supports DNSCrypt but not DNSSEC, whereas Google supports DNSSEC but not DNSCrypt. The only DNS provider I'm aware of supporting both is in Australia.
Both Google and OpenDNS participate in the Global Internet Speedup, so no difference there.
Malebar's response in post #37 has some great info about all this, but ultimately it's each person's decision of which one to use.
Do you want your DNS queries encrypted, which would provide security and possibly some privacy? Use OpenDNS with DNSCrypt, but it does require the DNSCrypt software and configuration. Encrypting DNS queries could also create a small amount of latency on DNS queries.
Do you want your DNS query results validated? Use Google with DNSSEC. While this is probably the more important one for me, it is a near-zero percent of websites who validate themselves with DNSSEC, so in many cases this won't provide any real benefit (where DNSCrypt still would). I would imagine, however, most major companies/websites probably are (or will be) authenticating themselves with DNSSEC, so this is still worthwhile.
Personally, I use Google for DNS. However, I've been considering the DNSCrypt and OpenDNS. I might test it to see how it performs. DNSSEC and DNSCrypt both solve different problems. Just have to decide which is more important for you. From what I can tell, DNSCrypt would probably be much more important for people who use public WiFi/internet spots than personal home/business internet connections, especially with major providers.
Oh, about that Namebench tool... I had never found that before so I decided to test it. It is a very small download with minimal configuration, so I had it going within about a minute using its default settings (though I did check "Upload and share your anonymized results"). It has been running for over 1.5 hours now... I wonder how long it will take. And it isn't my hardware (Core i7 w/hyperthreading).
Out of curiosity, did you yourself read the entire article you linked? Google wasn't compromised, it was a major internet router for an ISP down in South America. It isn't certain whether it was an external hijacking or an internal misconfiguration, it simply kept people who used Google's DNS from getting a response. So don't blame Google or say it's a problem with Google if you haven't read the entire article.
OpenDNS supports DNSCrypt but not DNSSEC, whereas Google supports DNSSEC but not DNSCrypt. The only DNS provider I'm aware of supporting both is in Australia.
Both Google and OpenDNS participate in the Global Internet Speedup, so no difference there.
Malebar's response in post #37 has some great info about all this, but ultimately it's each person's decision of which one to use.
Do you want your DNS queries encrypted, which would provide security and possibly some privacy? Use OpenDNS with DNSCrypt, but it does require the DNSCrypt software and configuration. Encrypting DNS queries could also create a small amount of latency on DNS queries.
Do you want your DNS query results validated? Use Google with DNSSEC. While this is probably the more important one for me, it is a near-zero percent of websites who validate themselves with DNSSEC, so in many cases this won't provide any real benefit (where DNSCrypt still would). I would imagine, however, most major companies/websites probably are (or will be) authenticating themselves with DNSSEC, so this is still worthwhile.
Personally, I use Google for DNS. However, I've been considering the DNSCrypt and OpenDNS. I might test it to see how it performs. DNSSEC and DNSCrypt both solve different problems. Just have to decide which is more important for you. From what I can tell, DNSCrypt would probably be much more important for people who use public WiFi/internet spots than personal home/business internet connections, especially with major providers.
Oh, about that Namebench tool... I had never found that before so I decided to test it. It is a very small download with minimal configuration, so I had it going within about a minute using its default settings (though I did check "Upload and share your anonymized results"). It has been running for over 1.5 hours now... I wonder how long it will take. And it isn't my hardware (Core i7 w/hyperthreading).
21 - 40 of 51 Posts
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
