Choosing a DNS Server
For several years, I have used the Norton domain name server (DNS) servers as a way to avoid known phishing and malware websites. Unfortunately, Norton discontinued this service earlier this year so I had to look for new DNS servers, as I have been unable to find information on the security approach of the servers provided by my ISP. I also do not like the idea of my ISP selling my DNS lookup information to the highest bidder.
While using my ISP’s DNS servers while I looked around, I discovered that the Norton servers had become really slow, and that browsing performance was much better using a faster DNS server. In looking for DNS benchmarking software, I found NameBench which is available as on Windows via Cygwin and on OS X via MacPorts.
The first run using NameBench was to compare two local caching DNS servers built in to routers, and to compare OpenDNS with Google DNS servers. Figure 1 shows that configuring a caching nameserver on you local router makes a HUGE difference; if your router does not offer this feature, get one that does.
After looking at the importance of a caching DNS server, it is then worth comparing the performance of other public DNS servers, as shown in Figure 2. For this test, I used only DNS servers that do not appear to track requests; this is why the Google DNS servers were excluded from this test.
The sections that follow describe installing NameBench and a review of some of the open name servers available. NameBench is relatively old and appears to have some Python 2.7 dependencies that may present problems in some environments.
Installing NameBench
Installing Namebench is easy if you have Cygwin or MacPorts installed, but difficult if you do not.
Installing NameBench on Ubuntu
To install NameBench on Ubuntu, use the command
sudo apt-get update
sudo apt-get install namebench
It is that easy. Start it from the launcher.
Installing NameBench on OS X
On OS X, you will need to first install MacPorts, which is not trivial; if you do not have MacPorts installed, look for another DNS benchmarking tool. To install it use
sudo port selfupdate
sudo port install namebench
Installing NameBench on Windows
NameBench is available under the Cygwin setup.exe installer.
Comparison of Selected Open DNS Services
Comodo
Comodo is a security and SSL certificate provider that also provides an open DNS service with malware and phishing blocking. For my connection, it is slower than OpenDNS, but with DNS caching turned on in my router, this is not a big issue.
OpenDNS
OpenDNS was one of the early non-ISP DNS services, and was purchased by Cisco in August, 2015. Although it offers adult content filtering free, getting malware and phishing filtering is a for-fee service.
Cloudflare
Cloudflare is a non-tracking DNS service, and claims to be the fastest. It does not provide phishing and malware filtering.
Verisign
Verisign is a well-known SSL certificate vendor that also offers DNS and other services. Verisign claims not to sell your DNS lookup data, but does not make any statements about blacklisting phishing and malware domains.
Google offers a fast public DNS service, but makes no statements disclaiming tracking, nor does it have blacklist for malware and phishing domains.
Conclusions
This article only gives a sampling of the options for domain name services. Before choosing a DNS service, make sure to test the performance at your location.