14 May 2011

Alternative DNS services: pro and contra

Internet is impossible to imagine without DNS.
DNS stands for Domain Name System. This is a service which translates domain names (like linuxblog.darkduck.com) into IP address (like 74.125.53.121). Browser then connects to the host using IP address.
In other words, Internet would look very much different without DNS. Can you imagine typing IP address into address bar of your browser?
Usually DNS service is part of package which your Internet provider gives you. May be you even do not know how it works. Another service called DHCP (Dynamic Host Configuration Protocol) takes care about this.
The issue which your Internet provider may have is that their DNS servers may be down for whatever reasons. Technical glitch, software or hardware upgrade, whatever else. If your provider's DNS servers are down, you cannot use domain names to get access to Internet sites.
Is there any alternatives to your provider's DNS service? Yes!


There are two most known alternatives to it.
  1. Google Public DNS. This service is free and provided by world wide Internet leader. In order to use it, you need to follow guidance on documentation page. To cut the long story short, you need to replace DNS servers with Google ones: 8.8.8.8 and 8.8.4.4. They are easy to remember, aren't they?
  2. Open DNS. This service free unless you want to turn off traffic filtering. DNS servers are 208.67.222.222 and 208.67.220.220. This is not as easy to remember as Google, but still not the most difficult combination. More details are available on OpenDNS page.
What are benefits from using DNS alternatives?
  • Uptime. Even though your Internet provider can have uptime close to 100%, nobody can guarantee this. As a sod's law, service is down right at the time when you need it most. Big companies like Google or paid services like OpenDNS are less likely to bring the service down.
  • Quick updates. DNS information can be changed for different reasons. Site owner decided to change hosting provider or open new subdomain. Domain registar can change its details. These and other events can change IP address of the site you like. As a rule of a thumb, DNS servers are updated every 24 hours. It means that some parts of the Internet can have 24 hours delay before service resumes. Bigger companies may update their servers more often.
  • Response time. It may be interesting enough, but response time from Google DNS or Open DNS may be shorter that from your local provider. Maybe not though. Reason may be that provider's DNS server may be overloaded with requests. There is very interesting study published on go2linux.org site about usage of DNS servers.
What are the down sides of alternative DNS servers?
  • Big Brother. Why do you think Google opens free server for DNS? Because they need information about your Internet usage to provide you with more relevant ads. What can be more helpful in tracking Internet usage than analysis of DNS requests? So, privacy issue is still here.
  • You local network. If you have router at home which links your home computers and other devices into network, it also serves as little DNS server for local devices. It is router who is responsible for DHCP service which you may use. If you overcome router's DHCP and assign alternative DNS servers directly at your computer, then you lose possibility to address local devices by their names. You still can address them via IP addresses. Workaround may be to list your local devices in hosts file.
Having these items listed and weighted, I tried to use Google's DNS couple of times. I had to do this because my provider's DNS servers are down periodically last month. But unfortunately the point about local devices stops me from permanent switch. I still prefer to address my devices by their network name.

Have you ever tried to use OpenDNS or Google DNS? What was your impression about this? Have you felt any improvements in speed of internet browsing?

30 comments:

  1. OpenDNS is FREE - only if you want to customize the filtering rules do you need to pay.

    ReplyDelete
  2. you don't have to change the DNS settings in your computer, do it in your router and then you don't have to worry about local hostnames and the such :)

    ReplyDelete
  3. @Anonymous:
    Thanks for information! I probably looked at wrong direction. OpenDNS is really free service. I edited the post.
    As another step, I checked my ping time to provider's DNS, Google DNS and Open DNS. Provider and Open DNS are equal in ping time, Google DNS is ~1.5 times slower.

    ReplyDelete
  4. @Anonymous:
    Setting up router to use alternative DNS would probably solve some issues. Unfortunately I have not found this feature on my router (Thomson SpeenTouch branded as BeBox).

    ReplyDelete
  5. I work for non-profit retirement community and I configured all our public computers (our resident, their family members and gusests can use) to use Open DNS. Since then ( and it will be more than one year now) I haven't had one single issue caused by accessing/visiting suspitious WEB sites because Open DNS WEB content filtering is magnificent. All DNS quiries are redirected to Open DNS server instead of going to oout intranet DNS/AD servers.
    Ditto to Open DNS!
    Ned,MSTS IT technician

    ReplyDelete
  6. @Anonymous (Ned):
    I am glad Open DNS helped you to solve the issue of suspicious sites. That's what DNS filering is for.

    ReplyDelete
  7. Using OpenDNS for all clients, friends and family.

    Get a router that is able to run DD-WRT (Linksys WRT54GL recommended) and forcing clients to use OpenDNS is easy.

    http://www.dd-wrt.com/
    http://www.dd-wrt.com/wiki/index.php/OpenDNS#Intercept_DNS_Port

    ReplyDelete
  8. @Jonas:
    Thanks for advice.
    My router is given to me by Internet provider, I can't change it.

    ReplyDelete
  9. Your "down side" goes away if you plug the DNS setting into the router, instead of the network settings on the computer. That way, the router provides the alternate DNS setting to local clients using DHCP when they pick up a local IP address. Local names still work great, and everyone gets the benefit of the better DNS without having to change network settings.

    ReplyDelete
  10. @Anonymous:
    That solution was already proposed.
    Unfortunately, I cannot use it. But that is great advice for others.

    ReplyDelete
  11. You can have the best of all worlds on Linux systems by running DNSmasq; it can be configured with a list of DNS servers including your ISP's (at best the fastest) and public DNS servers; at start up it queries them all, finds the fastest and uses that; if its performance drops it dynamically chooses another fastest.

    A downside of OpenDNS is that, when the name cannot be resolved it delivers a (semi) related advertising page.

    A popular public DNS service not mentioned is "Level 4" (?) at 4.2.2.2 and similar.

    There is a list of public DNS servers at http://80.247.230.136/dns.htm which includes ways to test which servers are fastest from your network location.

    ReplyDelete
  12. I've used OpenDNS for years but here's a utility to really determine which DNS is fastest for you... http://code.google.com/p/namebench/

    ReplyDelete
  13. Nothing says the LAN-local DNS server has to be the gateway (router, in your case). Load dnsmasq on any one machine that's always up when the others are, point all the other machines at it, and point it at OpenDNS. Recent versions can do DHCP-serving, too, so your locals don't have to be tied to a hosts file to be resolved.

    ReplyDelete
  14. @Juanzelli:
    Thanks for advice. Nice tool!

    ReplyDelete
  15. @crb3:
    Very interesting idea. Have not thought about it actually. But will it work in environment where local router is also DHCP-server?
    Then, it requires one machine to be constantly on, which is not my case for home network. 8-(

    ReplyDelete
  16. @Anonymous:
    >There is a list of public DNS servers at http://80.247.230.136/dns.htm which includes ways to test which servers are fastest from your network location.

    Very interesting list and script!
    It shows 4.2.2.3 and 4.2.2.5 as fastest for me.

    ReplyDelete
  17. The downside to the alternate DNS services comes from the service they try to provide. Since they are caching entries to provide faster name resolution, they can cause problems for DNS based geolocation services relied upon by things like NetFlix and Hulu.

    Having said that, I have happily used OpenDNS for years.

    ReplyDelete
  18. Well for your "downside", have you tried to set up the public DNS server (i.e 8.8.8.8) as the primary DNS server and your router (i.e 192.168.1.1 or whatever its IP address is) as the secondary DNS server.

    When you query a home machine by name, it will first query the primary server (public one), when it doesn't find information about it, it will query secondary DNS server (your router) which in this case will provide the name resolution for your home machines.

    ReplyDelete
  19. @Matt:
    If you know the issue, you can switch DNS back to provider's if you're going to use geolocation services. Also, this can help you to get access to services which are restricted for your location if you use DNS from allowed location.

    ReplyDelete
  20. @Anonymous:
    Idea is very good. Should try it!
    Actually I see possibility to use several DNS services in Linux. You're not restricted to 2 servers like in Windows.

    ReplyDelete
  21. What rubbish, Be will let you use any ADSL2+ router with their lines. The Thompson they ship is painfully bad, upgrade today and have a better internet experience.

    ReplyDelete
  22. @Anonymous:
    I have nothing to compare yet. I have only used this Thomson router.
    Can you write me an e-mail (darkduck at darkduck.com) so I can get better advice from you?

    ReplyDelete
  23. Matt: the problem with geolocation-based services has been addressed in this extension: http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00

    It has already been implemented in OpenDNS and they're working with CDNs to implement it as well.

    ReplyDelete
  24. As mentioned, your "Problem 2" is not a problem.

    Overcome "Problem 1" using anonymous DNS services. Simply populate your router with not just one, but 2-3 DNS entries (as many as your router can take) from this list:

    http://www.opennicproject.org/index.php/start-here/51-migrate-to-opennic/75-public-dns

    ReplyDelete
  25. @Frank:
    thanks for letting us know that problem is being addressed.

    ReplyDelete
  26. Anonymous:
    Thanks for sharing another list of open DNS servers.

    ReplyDelete
  27. i found instructions to change the DNS server for Thomson SpeenTouch here: http://community.plus.net/library/dns/how-to-change-the-default-dns-servers-in-a-thomson-speedtouch-router/

    (google search: Thomson SpeenTouch dns settings)

    seems they are not willing to invest in a good webinterface for their users.

    as for openDNS the main problem i see with it is that it redirects non existant urls to a website of their own with advertizing. that is bad! really bad!
    http://securityskeptic.typepad.com/the-security-skeptic/redirection-and-synthesized-dns-responses-do-more-harm-than-good.html

    apparently you can turn it off, but that requires registering your ip with them. also not an option for me.

    as such openDNS is unusable for me.

    greetings, eMBee.

    ReplyDelete
  28. @eMBee:
    Thanks for the link. Telnet changes on router is definitely not the most user-friendly method of router configuration. From another point, it saves users from inconsistent changes.
    I checked myself - looks like they're telling truth on Plus.net site. Although, I have little difference - Interface is RoutedEthoA, but link says Internet.
    I decided not to touch this for now. If problem will re-appear, I'll come back to solve the issue here.

    ReplyDelete
  29. "however all filtering functionality will be disabled on December 15th" in free accounts !!!
    :(
    So SAD!!!

    ReplyDelete
  30. @Anonymous:
    Agree.... Not good news.

    ReplyDelete