A lot of people subscribe to a service provider for their connection without any thought about the DNS server they are using. In fact, most users are quite happy using the one that their service provider supplies. But you possibly could do better by switching.
In fact, something as simple as using a different DNS server can give the end user a much more enjoyable browsing experience as well as a more secure interaction with the web. So what exactly can a different DNS server offer the typical user? Let’s examine the possibilities.
Faster Browsing
Why would switching to a different DNS offer faster browsing? Well, think of the DNS server system as the big phonebook of the internet. When you go to a web address by name (google.com, for example), the DNS server returns the actual IP address – this works similar to a phone book returning the phone number for a person’s name.
Now, just imagine how many lookups a typical day of browsing can require. After all, a given web page may pull data from several different named servers, especially when you factor in ads and multimedia components. It is safe to say that a heavy browser could hit thousands of lookups a day.
When you ask a given DNS server, one of two things can happen – it has the address cached and gives you the IP, or it has to go digging for the information. One thing to consider is this – if you are on a smaller service provider, and your browsing tends to be different from the rest of the users, then your requests will more than likely not be cached.
On top of that, the DNS servers used by a given provider may fall under the definition of “necessary evil” instead of state of the art. And your lookups can suffer.
Instead, consider a popular public DNS server, such as those offered free of use from certain search engine companies. Not only will they stand a a greater chance of having your address lookups cached for quick reply, but the hardware behind it is probably a great deal more efficient than that of your service provider.
Greater Security
DNS is built upon User Datagram Protocol (UDP), and its open, distributed design is unfortunately also open to threats. Spoofing can lead to a poisoned DNS cache, which returns malicious web site addresses for popular requests. This is a threat that needs to be addressed and guarded against. In fact, an attack known as a “Kaminsky Attack” can seize an entire DNS zone.
Another threat is a Denial-of-service (DoS) attack. This attack can overwhelm a DNS server, and even use it to attack other DNS servers, creating what is known as an “Amplification Attack”. These attacks can render a DNS server (or system of servers) useless for their intended use.
The real world problem is this – a lot of the service provider DNS servers are simply not equipped to handle these and other threats. While it might be that you will never have a problem, all it takes is a malicious address coupled with an exploitable browser to cause the end user a lot of headache and potential data loss (or worse – data theft).
It would make sense to ask questions about the DNS server from your provider, or perhaps take the initiative to switch to a DNS service provider that offers details about their security. While constant new threats assure that nothing is absolute, at least you have some reference point of increased security.
Custom DNS Services
Beyond the free services that probably offer a step up from your current DNS server, you can subscribe to one of several paid DNS services on the web that allow you to custom tailor your DNS capability. For example, some DNS services offer web filtering to block known porn and phishing sites.
In fact, some paid DNS services allow you to implement your own black list protection (or build on theirs) to stop navigation to areas you want to avoid. On top of that, many also offer white list services, which means that only the sites on your list can be navigated to. Of course, these services come with a premium price.
As you can see, you could have a lot to gain by exploring your DNS options. It is a fairly simply process to implement, and few areas can give you a boost in speed, security and control with such little effort. The important thing is to ask questions, do research, and perhaps assume that the service provider’s DNS server is minimal unless proven otherwise.
This article offers zero actual solutions. You don’t even mention OpenDNS.
It appears that this is just another garbage article attempting to do SEO magic. Fail!
Most users don’t care. A little informative, but PAY for DNS? Uhhhhh, how bout just using OpenDNS. ‘Nuff said, move on kthx
So no suggestions of what DNS servers to use? Why leave us hanging? If I wanted to know all this I might as well looked up on Wikipedia.
This article tells you alot without telling you anything — how about some examples of other DNS servers to use?
[...] This post was Twitted by InfoSecMonkey [...]
[...] This post was Twitted by m_yanagisawa [...]
I recommend Google’s public DNS at 8.8.8.8 and 8.8.4.4
They rock!
Great article. I use openDNS.
Thanks for this well written, high-level overview of DNS.
Ping these and see which is closest to you:
Service provider: Google
8.8.8.8
8.8.4.4
Service provider: ScrubIt
67.138.54.100
207.225.209.66
Service provider:dnsadvantage
156.154.70.1
156.154.71.1
Service provider:OpenDNS
208.67.222.222
208.67.220.220
Service provider: vnsc-pri.sys.gtei.ne
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
Well written, high level overview? The article does not even say what DNS means and only gives a simple overview comparing to a phone book. No technical details. This article is for casual users not for anyone with a modicum of knowledge of the internet.
Search for open DNS servers on various networks on http://www.opendns.se/
[...] or your Farmville-addicted friends, want you to. Here are 10 tweaks to make Facebook better.-Do you need a DNS upgrade? Why would switching to a different DNS offer faster browsing? Well, think of the DNS server system [...]