Turning on DNS caching in a router can improve DNS performance dramatically.
Turning on DNS caching in a router can improve DNS performance dramatically.

Choosing a DNS Server

For several years, I have used the Norton domain name server (DNS) servers as a way to avoid known phishing and malware websites. Unfortunately, Norton discontinued this service earlier this year so I had to look for new DNS servers, as I have been unable to find information on the security approach of the servers provided by my ISP. I also do not like the idea of my ISP selling my DNS lookup information to the highest bidder.

While using my ISP’s DNS servers while I looked around, I discovered that the Norton servers had become really slow, and that browsing performance was much better using a faster DNS server. In looking for DNS benchmarking software, I found NameBench which is available as on Windows via Cygwin and on OS X via MacPorts.

The first run using NameBench was to compare two local caching DNS servers built in to routers, and to compare OpenDNS with Google DNS servers. Figure 1 shows that configuring a caching nameserver on you local router makes a HUGE difference; if your router does not offer this feature, get one that does.

Figure 1. The local caching name server built in to one of the routers (192.168.1.1) is clearly much faster than direct calls to the name servers, and is clearly a critical feature.
The namebench DNS benchmarking tools shows that a local caching DNS server is critical.

After looking at the importance of a caching DNS server, it is then worth comparing the performance of other public DNS servers, as shown in Figure 2. For this test, I used only DNS servers that do not appear to track requests; this is why the Google DNS servers were excluded from this test.

Figure 2. OpenDNS was the fastest of the non-tracking DNS servers in this test, but it does not provide blocking for phishing and malware without a paid subscription.
The namebench DNS benchmarking tools shows that OpenDNS is the fastest non-tracking server for this location on this day.

The sections that follow describe installing NameBench and a review of some of the open name servers available. NameBench is relatively old and appears to have some Python 2.7 dependencies that may present problems in some environments.

Installing NameBench

Installing Namebench is easy if you have Cygwin or MacPorts installed, but difficult if you do not.

Installing NameBench on Ubuntu

To install NameBench on Ubuntu, use the command

sudo apt-get update sudo apt-get install namebench

It is that easy. Start it from the launcher.

Installing NameBench on OS X

On OS X, you will need to first install MacPorts, which is not trivial; if you do not have MacPorts installed, look for another DNS benchmarking tool. To install it use

sudo port selfupdate sudo port install namebench

Installing NameBench on Windows

NameBench is available under the Cygwin setup.exe installer.

Comparison of Selected Open DNS Services

Comodo

Comodo is a security and SSL certificate provider that also provides an open DNS service with malware and phishing blocking. For my connection, it is slower than OpenDNS, but with DNS caching turned on in my router, this is not a big issue.

OpenDNS

OpenDNS was one of the early non-ISP DNS services, and was purchased by Cisco in August, 2015. Although it offers adult content filtering free, getting malware and phishing filtering is a for-fee service.

Cloudflare

Cloudflare is a non-tracking DNS service, and claims to be the fastest. It does not provide phishing and malware filtering.

Verisign

Verisign is a well-known SSL certificate vendor that also offers DNS and other services. Verisign claims not to sell your DNS lookup data, but does not make any statements about blacklisting phishing and malware domains.

Google

Google offers a fast public DNS service, but makes no statements disclaiming tracking, nor does it have blacklist for malware and phishing domains.

Conclusions

This article only gives a sampling of the options for domain name services. Before choosing a DNS service, make sure to test the performance at your location.