Showing posts with label DNS. Show all posts
Showing posts with label DNS. Show all posts

Jan 21, 2013

Using OpenDNS/Google DNS is Bad Idea?

Think you're getting faster performance by using Google DNS or OpenDNS? Think again -- especially if you're outside the US.

A post at TUAW today recommends you change your DNS provider for faster performance. If you are located outside the US -- like I am, and like most APC readers are -- this is a bad idea. I only discovered why after experiencing slow download speeds for several months.


Like other tech enthusiasts, I jumped on the opportunity to switch my computer's domain name server settings away from my ISP's defaults to -- I assumed -- the much larger and faster Google DNS servers at 8.8.8.8 and 8.8.4.4 when they were first announced.

If you're not familiar with what exactly DNS servers do, they translate the web address you type into your browser into the actual IP address of the internet server you're connecting to at the other end. For example, a DNS server will convert "apcmag.com" typed into your browser address bar into "125.7.5.1", which is the IP address of our server at Macquarie Telecom's datacentre.

DNS servers can be one cause (among many) of slowness in your web browsing, if your ISP's DNS server is overloaded and responding slowly -- you may experience a delay of seconds each time you go to a web address that your computer hasn't seen recently (and therefore has to connect to a DNS server to find out the correlating IP address).

This is one of the problems that third-party public DNS providers like Google DNS and OpenDNS are supposed to fix -- faster, more reliable lookups.

However, it was Simon Hackett, CEO of Internode, who I bumped into at a function who warned me off using third party DNS servers located overseas, such as Google DNS or OpenDNS. (By the way, if I've got any of the technical details wrong in this article, it's much more likely to be my fault than Simon's...!)

The key reason they're bad is that they stuff up your computer's ability to find the closest Akamai server to you. Akamai is the worldwide system which places massive file servers inside ISP data centres worldwide -- so that when you download a big file like a Windows or Mac OS X update, or a TV show or movie from iTunes, it downloads from a server that's very close to you, and therefore pumps down your line as fast as your ADSL2+ can handle. (The primary selling point of Akamai is that it avoids server overload when everyone tries to download something at once, but a secondary selling point is that you're downloading a file from a local server inside your ISP or at least in your country, so that the trip between the file server and you is as short/fast as possible.)

If you use a US-based DNS server, your closest Akamai cache will instead be chosen as being in the US, and you'll get crummy download speeds as your file trickles over the international link.

In my case, this meant that iTunes downloads were coming down at a couple of hundred kilobytes per second, rather than the 1.9MB/s I was accustomed to before I changed my DNS servers to Google DNS and OpenDNS.

Don't get me wrong -- there are some distinct advantages to using reliable servers from companies that specialise in providing DNS, like much faster refresh of their DNS records when new domains are registered, or websites change their IP addresses, DNS-level blocking of known phishing sites and so on.

But when they claim you'll get faster speed by using them, they're conveniently forgetting to mention that if you're not located in the US, they could badly slow down your speed when downloading from distributed caches like Akamai.

Admittedly, part of the problem is the design of Akamai -- it is, to an extent, a 'hack' of the DNS system (not in the illegal sense; but in the sense that they're using the DNS system in a way it was not quite designed for initially.) I have contacted Akamai's senior PR people twice and asked if they're investigating any way of mitigating the problem when people use DNS servers outside their local geography, but I haven't heard back.

Of course, if Google DNS, OpenDNS or other public DNS providers put servers into Australia, the problem would be largely gone. But until they do, my advice is to stick with the DNS provided by your ISP. To their credit, OpenDNS is reasonably up-front about this problem (though it's not something they advertise on their homepage, so most users wouldn't be aware of it.)

UPDATE: Phil Sweeney from Whirlpool reminded me that using a third-party DNS service can also screw up your ISP's quota free downloads. For example, iiNet provides unmetered downloads from Apple's iTunes Store, which is great if you like to buy TV series and rent/buy movies on iTunes. However, if you change your DNS to OpenDNS or Google DNS, you'll be pulling the content from an Akamai server overseas, rather than the one in iiNet's network that is designated for free downloads. As a result, you will be charged for those downloads. - source

Google Public DNS A Closer View

Earlier this month, Google announced that it had become the largest public DNS service in the world, handling an average of more than 70 billion requests a day. From Google’s point of view, this was great. As it pointed out in its official blog, a good DNS service helps make the Web faster and more secure. That’s true. But is a giant DNS in Google’s hands really good for the world?


The DNS or Domain Name System is often described as the “phone book” of the Internet, but that analogy tends to understate its importance. Imagine that you’ve suddenly landed in the middle of a giant megalopolis without any street names or building addresses or distinguishing characteristics and no working GPS. That would be the Internet without a domain name system.

But while the DNS system is criticial for planetary communications, helping to run it typically hasn’t brought anyone power or glory. This led to a certain amount of neglect, which in turn created a business opportunity for companies willing to tackle the job of improving DNS.

Three years ago, I sat down with David Ulevitch, a developer who founded OpenDNS in 2005 to help make the Internet faster and more reliable for individuals and businesses by providing a better domain name service. At the time, OpenDNS had built a small but profitable business providing improved DNS for free to individuals and for a fee to enterprises. It later grew to operate the largest network of public DNS servers, serving millions of users around the world.

Unlike Google, Ulevitch has never struck me as being obsessed with world domination, so I reached out to him this week to ask what he thought of Google’s entry, and now colossal presence, in the space.

What are the implications of Google being the largest public DNS service? Is this good for ordinary people who use the Internet?

First, I think it’s a clear indication that Google takes DNS seriously. I’ve always said that Google’s purview is limited to everything between the user and the advertisement. DNS fits squarely within those sights and cuts across a number of strategic areas of focus for Google—speed, security, analytics and control. I think efforts to make the Internet faster is good for ordinary people, but I think that there’s more to Google’s motives then pure benevolence. That’s not to say good can’t be a byproduct, but rather, there are ancillary benefits that may not be as friendly to the ordinary Internet user.

With DNS, it’s possible to control key components of Internet navigation. Google already controls search, they are quickly gaining market share to control the browser, and when you put in DNS, it becomes the trifecta of complete navigational control. The “omnibox” is something Google introduced with Chrome, but I actually introduced it to Google PM Sundar Pichai a number of years before Chrome existed when demoing our vision for OpenDNS to him as he was then the PM for Google Toolbar, and other Google desktop products.

What role has Google played in the DNS ecosystem? Do you see them as a competitor or a partner?

Google has helped raise the importance of DNS above the network engineering community, which has been really good. They’ve also worked with us to advance the state of the art for DNS performance, something we’ve really enjoyed working with them to make happen. It’s not so much competition as it is choice in the market. If they started defaulting Chrome to use Google DNS, I think that’s something we would take issue with, but for now, we like the idea of people using a DNS other than their ISPs, that’s a good idea for a lot of reasons.

What are some of those reasons?

I like the idea of separation of services. ISPs provide a pipe. Other vendors provide security. Other vendors provide email. When one party controls all the services, it’s a “synergy” for the company, but rarely for the consumer. With DNS in particular, there are performance and security benefits that third party DNS providers offer that ISPs aren’t incentivized to do since DNS is a cost-center for them, and a profit-center for us.

Are there any privacy concerns to think about if you configure your network settings to use Google Public DNS?

You are trusting them with all your DNS lookup data, which can be more personal and revealing than I think most people realize. We don’t persist logs for our users without accounts and configured networks, I’m not sure Google makes the same statement. They have a separate privacy policy for Google DNS, and I’m sure they are hypersensitive about privacy concerns, so I wouldn’t be too paranoid.

If an ordinary person using the Web doesn’t make this change, would they have any exposure to Google Public DNS?

Probably not. OpenDNS is in 10′s of 1000′s of public hotspots, retail stores, schools, and businesses. so people often find our service. I’m not sure about Google DNS in that capacity.

If Google is the largest public DNS, who is the largest private DNS?

An ISP—maybe Comcast? I’m not sure. Google claims the most number of queries per day, but we actively discourage automated usage of OpenDNS by machines, crawlers and other software. Google doesn’t. I’m not sure they have more end users than we have. We are still growing at an aggressive clip.

Anonymous has publicly posted its threat to take down the Internet on March 31 by attacking the 13 DNS root servers of the Internet. Do you take this threat seriously?

Anonymous is nothing and everything at the same time. While I think it’d be very difficult to take down the root servers on the Internet, I think it’s entirely possible to cause massive disruption to the Internet in other ways if someone was focused on doing that. The Internet is always getting more secure, and more diversely connected, but there are some weak links still where a specific outage in a specific place would have far-reaching disruptive implications.

Does the presence of players like OpenDNS and Google Public DNS make the Internet more stable?

I think anything which promotes heterogeneity on the Internet promotes stability. Diversity in services, service providers, and separating the layers of the networking stack are all important. Your ISP no longer provides you email because everyone either uses their own or has an account with Hotmail, Gmail or Yahoo mail. The same way people unbundled their email from their ISP, I think they should do with their DNS. Separation of services has been a long-standing best practice in the security community, and it applies now more than ever. In that vein, I’ll reiterate my view that I think Google controlling search, the browser, and the network or DNS layer is a dangerous trifecta that the consumer will probably be best served avoiding. I’m sure we’ll find out soon enough. - source

Jan 2, 2012

Free Public DNS Server List

If you are having trouble with your internet connection speed, then use third-party DNS servers to improve your web browsing speed. It also can help you bypass the DNS servers of your local ISP (Internet Service Provider) and let your computer find the addresses of domain name that may be blocked by the ISP’s DNS servers.

What Does DNS Do?

DNS functionally acts similar to a phonebook but for IP (Internet Protocol) addresses. The system is used to translate a unique web address such as Rolo.org to the corresponding IP. Depending on the level of traffic experienced on a local network, there will be at least one, and normally two DNS servers configured to handle address look-up queries from client machines or devices. The primary DNS server is also referred to as the “Name Server” of the network and will store a list of all IP addresses on the local network. Depending on configuration, the server will also store a table of the addresses that have been recently accessed outside of the local network.

For any local network, a networked device will only need the address or location of one DNS server. If the networked device needs to conduct a DNS lookup, it will request it from the Name Server. If the address has been accessed recently, the server will do a quick look up in the cached addresses and send the response to the requesting computer. If there has not been a recent request for the address, then the local server will then request resolution from two or more other name servers. If there is no resolution found for the requested network address, an error will be returned to the end-user.

Here is a list of fast public DNS servers and free DNS server. They are all free, fast and is being a best alternative to your current DNS provider. For me Google Public DNS is the best and its working like a charm. Results of speed may differ for people living in different locations.

The listing of public DNS servers can change at any time depending on the funding and objectives of the provider offering the free service. Prior to changing the DNS configuration for your local computer or device, ensure you annotate the legacy server address in the event the public DNS server does not work. Consideration for the location of the public DNS server versus the device being used should also be taken into account as this can negatively impact performance if selecting a server located at distance from the end-user.

List of Free Public DNS Server

Google public DNS (IP Addresses):
8.8.8.8
8.8.4.4

The Google Public DNS IPv6 addresses:
2001:4860:4860::8888
2001:4860:4860::8844

OpenDNS (San Francisco, CA, US)
208.67.222.222
208.67.220.220

GTE (Irving, TX, US)
192.76.85.133
206.124.64.1

ORSC Public Access DNS Nameservers
199.166.24.253
199.166.27.253
199.166.28.10
199.166.29.3
199.166.31.3
195.117.6.25
204.57.55.100

ScrubIt:
67.138.54.100
207.225.209.66

Sprintlink General DNS(Overland Park, KS, US)
199.2.252.10
204.97.212.10
204.117.214.10

Cisco (San Jose, CA, US)
64.102.255.44
128.107.241.185
192.135.250.69

ClearCloud
74.118.212.1
74.118.212.2

Dnsadvantage:
156.154.70.1
156.154.71.1

Cable & Wireless:
141.1.1.1

Level 3 Communications (Broomfield, CO, US)
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

DNSResolvers:
64.68.200.200
205.210.42.205

Norton
198.153.192.1
198.153.194.1

One Connect IP (Albuquerque, NM, US)
67.138.54.100

Exetel (Sydney, AU)
220.233.167.31

VRx Network Services (New York, NY, US)
199.166.31.3

Verizon (Reston, VA, US)
74.50.55.161
74.50.55.162
151.197.0.38
151.197.0.39
151.202.0.84
151.202.0.85
151.202.0.85
151.203.0.84
151.203.0.85
199.45.32.37
199.45.32.38
199.45.32.40
199.45.32.43

DynDNS:
216.146.35.35
216.146.36.36

SmartViper Public DNS
208.76.50.5
208.76.51.51

SpeakEasy (Seattle, WA, US)
66.93.87.2
216.231.41.2
216.254.95.2
64.81.45.2
64.81.111.2
64.81.127.2
64.81.79.2
64.81.159.2
66.92.64.2
66.92.224.2
66.92.159.2
64.81.79.2
64.81.159.2
64.81.127.2
64.81.45.2
216.27.175.2
66.92.159.2
66.93.87.2

OpenNIC
202.83.95.227 (au)
119.31.230.42(au)
178.63.26.173 (de)
217.79.186.148 (de)
27.110.120.30(nz)
89.16.173.11 (uk)
69.164.208.50 (us)
216.87.84.211(us)

2001:470:8388:10:0:100:53:20 (us)
2001:470:1f10:c6::2 (us)

If you have known any Free Public DNS Server that is not here in this list please let me know so that I can include in my Free Public DNS Server list, hope this article may do help for those who are having problem to their ISP DNS.

Jan 1, 2010

OpenDNS vs Google DNS Performance Comparison

Google recently launched it’s own Public DNS offering, allowing Internet users to make use of their DNS servers for resolving address queries on the Internet. I have been a fan and user of OpenDNS for quite some time now, which offers the same service with many more options (as compared to Google’s new service). Immediately, I was curious as to how Google’s service compares with OpenDNS.

On a functional and service offering standpoint, I don’t need to really talk about anything, because the founder of OpenDNS already has excellent thoughts on this topic. But he doesn’t talk about the most important metric of all, which is performance. I was curious about how the two compare on pure performance terms. So, sitting in India, I decided to run a quick test myself to measure the performance between the two.

The method is the same as I used when I compared OpenDNS with Airtel, my local ISP in India. I basically measured lookup times of 100 random domains and compared the two DNS on that metric. Here are my findings.

The graph below plots the query response time for both the DNS services for 100 random domains. What we can see from the graph already is that neither one is clearly faster than the other.


Here’s another graph which gives clarity on which one is faster more often:


As we can see, they are almost the same. So, how do we know which is better or faster?

I took a look at the average of the measurements for the two services, and this is what I found:
  • OpenDNS – 0.38
  • Google Public DNS – 0.41
This means that on average, OpenDNS is slightly faster than Google. However, as we can see there are 3 spikes in the Google Data, and one in the OpenDNS data. When I remove those, the average for the two is almost the same (with OpenDNS being marginally slower).

Another thing worth noting however is the Standard Deviation – the measure which tells us how often will the measurement fall close to the average performance. This can even be surmised by the first graph. With the complete measurements, the Standard Deviation of Google was about 3 times that of OpenDNS, and even with the spikes removes, the standard deviation of Google was twice that of OpenDNS. Which means that OpenDNS on the whole is more consistent in its operation.

This means that when Google is deviating on the faster side, it will be much faster than OpenDNS, but when it deviates on the slower side, it will be much slower than OpenDNS (on average).

At this stage, I will have to say that I cannot conclude, though I would like to think that OpenDNS is a better performer for providing consistent performance, as compared to Google Public DNS. But with Google’s muscle, I am sure that it will eventually surpass OpenDNS on these parameters. Who knows, maybe Google will buy OpenDNS (although I am not sure if they will be selling). - source