The DNS choice

Last week, the tech world was abuzz with the launch of Google's new public Domain Name System (DNS) resolution service.

Since I posted a while back about OpenDNS, I thought I'd share my thoughts on this subject. The main question I set out to answer is whether or not I should switch from OpenDNS to Google's Public DNS?

As I began this experiment, my most important criteria was speed. Which service offers the fastest browsing experience? To answer that, I searched around and discovered this helpful post on TechSutraGoogle DNS vs OpenDNS: Google Rocks for International Users.

One of the readers over at TechSutra (Stevan Bajić) wrote the following bash script to test out the speed of four popular alternative DNS services. To use this script, run this in terminal (you can enter any domains you want here): 


#!/bin/sh
isp=$(dig +noall +stats 2>&1 | awk '$2~/^SERVER:$/{split($3,dnsip,"#");print dnsip[1]}');
m="-------------------------------------------------------------------------------";
s="                                                                               ";
h="+${m:0:25}+${m:0:12}+${m:0:12}+${m:0:12}+${m:0:12}+${m:0:12}+";
header=("Domain${s:0:23}" "Your ISP${s:0:10}" "Google${s:0:10}" "4.2.2.2${s:0:10}" "OpenDNS${s:0:10}" "DNS Adv.${s:0:10}");
echo "${h}";
echo "| ${header[0]:0:23} | ${header[1]:0:10} | ${header[2]:0:10} | ${header[3]:0:10} | ${header[4]:0:10} | ${header[5]:0:10} |";
echo "${h}";
for i in "lifehacker.com" "facebook.com" "viewfromthedock.com"  "reddit.com" "tb4.fr" "bbc.co.uk";
do
  ii="${i}${s:23}";
  echo -ne "| ${ii:0:23} |";
  for j in "${isp}"  "8.8.8.8"  "4.2.2.2" "208.67.222.222" "156.154.70.1";
  do
    r="${s:10}$(dig +noall +stats +time=9 @${j} ${i} 2>&1 | awk '$2~/^Query$/{print $4" "$5}')";
    echo -ne " ${r:${#r}-10} |";
  done
  echo -ne "n${h}n";
done


I ran tests at different times of the day, and on different days. For me, OpenDNS and Google were consistently fast. Results for Level3, DNS Advantage, and my ISP varied widely (sometimes I'd get decent results, sometimes response times were abysmal).

While the results I received from Google and OpenDNS were best, the difference in speed between the two was negligible. We're talking milliseconds here, after all. I don't think I'm really going to notice the difference between a response time of, say, 11 ms and 13ms (although research indicates that milliseconds do makes a difference).

 

One think to keep in mind is that the initial test you perform may return slower results than subsequent tests for some obscure sites. The first time you search for www.threetastes.com, for example, (my wife's blog) the DNS service will likely have to go out and get this IP address from an authoritative server. After that first lookup, the IP will be cached with the DNS server, so the response time will be quicker for subsequent tests. In short, run multiple tests.





My results jibe with those coming in from readers at TechSutra: that OpenDNS may have a slight edge for many U.S. locations, while Google DNS may have the edge for users outside of the U.S. Best to test it out the alternatives for yourself.

So, I've established that Google DNS and OpenDNS offer comparably faster DNS lookups compared to my ISP. Both services also offer security features to make browsing safer (my ISP may have these features, but I have no way of knowing what's going as these details aren't published. I have greater confidence that Google and OpenDNS DNS servers are not and will not be compromised).

Now, which to choose?

1. Do I want to use yet another Google service?

I'm not too worried about this. Google privacy policy is very clear. I've experienced no cause for concern with my Google services.

2. Do I have a problem with the way OpenDNS operates?

When I began this comparison, the answer was 'not really.' After pondering this for a while, I have to say I do have a problem. With OpenDNS, if you type in a domain that does not exist, you are redirected to an OpenDNS ad-based search page. This is bad behavior. I knew this already, but I didn't worry about. I turned off NX Domain redirection in my OpenDNS user settings. Here's the part that annoys me: OpenDNS describes this feature as 'typo correction,' but say nothing about how this is tied to redirection to their own ad page if the domain can't be resolved. They should take a cue from Google and explain this more clearly. Sure, this service corrects typos (changes .cmo to .com, for example), but this is only a minor feature of a service that's really about generating revenue from the mistakes people make in entering URLs. In addition, when you perform a Google Search using OpenDNS, your request is redirected to an OpenDNS server before going to Google by default. This may also be turned off (by unchecking 'Enable OpenDNS Proxy') but it's not really clear how to do it. And let's face it, most users aren't going to mess with OpenDNS advanced settings. Lastly, you must have BOTH 'Enable OpenDNS Proxy' and 'Typo Correction' turned on to enjoy the benefits of OpenDNS' content filtering features (one of the big reasons people like OpenDNS).

Here's the bottom line: OpenDNS offers a fast DNS service that includes many extra free or pay features. It's a good option if you need those extra features and aren't worried about the way the service handles your requests. The main gripe I have with OpenDNS is that they are not transparent about how they're doing business. Google, on the other hand, offers a fast DNS service and reliable security features. It's a good option if you don't need extra bells and whistles.

Think I'll switch over to Google DNS.

Troy Kitch @troykitch