72

It seems like a good idea to use Google's public DNS 8.8.8.8 and 8.8.4.4 because it's really fast -- much faster than my own ISP's DNS! -- and probably more reliable, too. That seems like a ridiculously quick win for me, and much easier to remember.

Assuming we're not all "tin foil hat" about Google, why shouldn't everybody use Google DNS? How can I determine which DNS server would be the fastest, most reliable, or what would generally be considered the best?

Note: I've seen this question, but I don't want a comparison to OpenDNS. This is about everyday use by everyday people in their homes.

Update: I seem to have put my hand in a wasps' nest of privacy concerns. I appreciate the issue, but I was expecting a more technology-oriented discussion...

Torben Gundtofte-Bruun
  • 1,164
  • 2
  • 10
  • 16
  • 3
    That's a big assumption you're making. – Luke has no name Aug 11 '10 at 14:09
  • You could interpret "we" as just the people in this household or organization. I'm not trying to rewire the planet :-) – Torben Gundtofte-Bruun Aug 11 '10 at 14:13
  • 3
    You asked "why shouldn't everybody use Google DNS" when the answer is primarily based in security concerns. That'd be like asking "why should people lock their doors" and getting mad when the answer is "to keep people out". There's no technical reason to use Google DNS or any of the other free DNS servers over your ISP unless there's a specific problem. – Chris S Aug 11 '10 at 15:29

11 Answers11

54

There is a useful tool that test the different DNS nameservers available (your ISP, current configuration, DynDNS, Google Public DNS and other one).

From my point of view Google DNS are pretty fast but depending on the load GoogleDNS supports my ISP Dns is sometimes faster.

NameBench (Linux/Windows/Mac OS X)

Output : alt text
(source: googlecode.com)

Glorfindel
  • 1,213
  • 3
  • 15
  • 22
Kami
  • 1,414
  • 12
  • 25
31

How about running your own caching DNS servers? You probably already host DNS for your internal services, so why not just setup those servers to do direct lookups instead of forwarding requests to your ISP or Google?

The benefits:

  • They are very close to your users (< 2ms)
  • Caching DNS is dead simple to run
  • Caching is still fairly effective since your users are probably accessing the same sites (e.g. serverfault.com and facebook.com)
  • You can do logging of DNS requests for troubleshooting
  • No need to worry about someone else logging your DNS queries
  • Required for split-brain DNS zones
Doug Luxem
  • 9,592
  • 7
  • 49
  • 80
  • 8
    Yup, that would make sense for (larger) organizations, though not for consumers. And what would the internal DNS server use for external addresses -- the ISP or Google? – Torben Gundtofte-Bruun Aug 11 '10 at 19:10
  • 4
    If you are asking about consumers, you are on the wrong site. Try http://superuser.com. – Doug Luxem Aug 11 '10 at 19:25
  • 1
    like this method, I think is better than other options. let's handler my own business. – BlaShadow Jun 13 '13 at 13:20
  • Why on earth would you think dns caching wasn't a consumer grade thing? You'd hope that a caching dns server would be built into pretty much any ADSL or WIFI router. It's certainly part of any Ubuntu desktop system. Note though that the important thing here is not caching, but where the upstream connections go. If all upstream requests go to one or a few upstream resolvers, then this doesn't address the OP's question. – mc0e Apr 18 '15 at 15:37
  • @DougLuxem, Are you suggesting that we post the same identical question in two different places? – Pacerier Jun 05 '15 at 20:25
21

Larger websites and services, such as Facebook, often use a Content Delivery Network (CDN) to route your request to the closest (and therefore likely fastest) server for their content. They do this via DNS anycast routing, by returning the closest server's address when you perform a DNS query via your DNS server. In other words, where your DNS server is located physically can have an effect on the speeds and response times you get from certain CDN's. Use a DNS server that's close by.

However, these public DNS servers use anycast routing to provide your with a DNS response from the nearest server. Otherwise they couldn't provide you with such fast responses and high uptimes. For example, when you query 8.8.8.8 from The Netherlands, the server that answers the query is not the same one as when you query from Japan. This may partially compensate the CDN problem.

Google itself has a warning to the same effect (where resolver is the DNS server):

Note, however, that because nameservers geolocate according to the resolver's IP address rather than the user's, Google Public DNS has the same limitations as other open DNS services: that is, the server to which a user is referred might be farther away than one to which a local DNS provider would have referred. This could cause a slower browsing experience for certain sites.

Source: https://developers.google.com/speed/public-dns/faq#cdn

I couldn't find a list of Google's public DNS locations, but OpenDNS has a list of cities on their status page that should give you an idea which one you're closest too.

Martijn Heemels
  • 7,438
  • 6
  • 39
  • 62
7

Every request sent through a DNS server can be logged and that data collated. This isn't tin foil hat stuff, I know companies that do similar. Who do you trust more with that data, your ISP or Google? That should be part of the decision.
Secondly, the reason everyone shouldn't be using Google's DNS is down the whole nature of the Internet. As it stands, no one company runs or controls the Internet in any way - you have a choice which ISP you use, who you host with, where you host, how you host, who your DNS is hosted with, who you use for your DNS lookups. There is no one person in control and there is no single point of failure or compromise.
Please note I'm not saying don't use Google, just don't put all your eggs in the same basket. Why not use 8.8.8.8 and your ISPs primary nameserver?

James L
  • 5,915
  • 1
  • 19
  • 24
  • I don't trust these Austrian Internet businesses; they seem so clueless. So *personally* I would prefer Google simply because they've got their act together. – Torben Gundtofte-Bruun Aug 11 '10 at 14:15
  • You mean using primary = 8.8.8.8 and secondary = my ISP? That would of course increase the chances to get a response if either of them goes down. Interesting. – Torben Gundtofte-Bruun Aug 11 '10 at 14:17
  • primary=8.8.8.8 still leaves the privacy issue. – mc0e Apr 18 '15 at 15:47
  • Note that your ISP can just as easily log dns requests to 8.8.8.8 as to their own dns servers. So its more a question of who do you trust out of your ISP, or both Google AND your ISP. – thomasrutter Sep 01 '15 at 10:53
  • As an Australian, I would trust Google MORE than my ISP, if it was just on an individual basis. – thomasrutter Sep 01 '15 at 10:59
6

Perhaps you aren't all "tin foil hat" yet; but Google internally is wondering if you should be. There was an internal Google document leaked recently where they ponder if they should start mining all the data they possibly can.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • Sorry Chris, but I did explicitly assume gullibility for this question. Your question doesn't contain anything else. – Torben Gundtofte-Bruun Aug 11 '10 at 14:33
  • @torbengb, I didn't ask a question. I'm simply trying to state that perhaps you should be more concerned with data mining by your service providers. While it's not an answer to your question, I think it's very important to consider such things; especially for people who still believe companies that say they "do no evil". – Chris S Aug 11 '10 at 14:40
  • Oops, I meant "your answer". I'm aware of the privacy issues involved; my stated assumption was intended to steer clear of that discussion in this thread. I *could be* even more tin foil about less-savvy ISPs, thus making Google appear the wiser choice. (We could have another thread about the privacy issues, corporate ruthlessness, and legal options. But it would be a big thread.) – Torben Gundtofte-Bruun Aug 11 '10 at 14:54
4

dns packet are routed through udp. Udp is connectionless protocol, so it means if you have lots of hop's (networks) to travel to google dns you will lose packet or two. Lost packets in your case mean delay so I would stick to closest DNS you can find to get faster response.

user1686
  • 8,717
  • 25
  • 38
damir
  • 353
  • 2
  • 7
  • Losing packets also occur even for close networks right.. so what's the reason for your quote ~"you will lose a packet or two if it is not close"? – Pacerier Jun 06 '15 at 01:40
3

Use your ISP's DNS servers they are closer to you, and they are less likely to be monitoring your traffic than google is.

topdog
  • 3,490
  • 16
  • 13
  • 4
    Actually, a reason to use your ISP' DNS is that they can monitor your traffic anyway, and probably do (even in western democracies, governments often ask them to). Whereas Google can only monitor the requests that reach them. – Gilles 'SO- stop being evil' Aug 11 '10 at 14:39
  • 2
    Of course your ISP will monitor your traffic when subpoenaed where as google are doing it to make money and become big brother at the end of the day. Of course they are not santa claus to give you free resolution your isp you are paying for that. Frankly i have no idea why they have joined the DNS game. – topdog Aug 11 '10 at 14:50
  • @Gilles: ...and if the people (referred to as "we" above) are using Gmail or Google Apps, then Google probably knows more than enough already. – Torben Gundtofte-Bruun Aug 11 '10 at 14:56
  • 2
    Yes, but Google can't shoot you. The government can. – Michael Hampton Feb 13 '13 at 23:39
  • @topdog, Actually it depends on your country. – Pacerier Jun 05 '15 at 20:30
  • @MichaelHampton, Shoot is not a big deal. Not at all. The worst is when they decide to [keep you alive](http://www.businessinsider.sg/convicted-silk-road-mastermind-please-leave-me-my-old-age-2015-5/). Trips [around http://hrw.org](http://www.hrw.org/node/134840/section/6) are always eye-opening. Even without [the images](https://en.wikipedia.org/wiki/Falun_Gong#Conversion_program). – Pacerier Jun 06 '15 at 01:37
3

For most ISPs, it's a no brainer because their DNS tends to really suck. DNS makes a huge impact for user experience.

The only downside from my point of view is that you may notice poor performance for sites that use CDNs. I noticed that iTunes download performance wasn't as good with Google DNS... but that's just me.

The privacy issue is a non-starter for me. The only difference between Google monitoring your activities and your ISP is that Google is probably better at getting actual value out of the data. The Jeff and Joel had a really good discussion on the Google DNS issue in one of the later StackOverflow podcasts that is worth listening to.

duffbeer703
  • 20,077
  • 4
  • 30
  • 39
3

The only way to really decide is to benchmark it. It is going to be different depending on your connection. You should use a tool like http://www.grc.com/dns/benchmark.htm to find out what is really quicker

trent
  • 3,094
  • 18
  • 17
2

I simply PING'ed the ISP / Google DNS servers IP, and the results favored the ISP, before and after altering the DNS Primary and Secondary configuration. 26ms vs 77ms

GBCrawford
  • 21
  • 1
  • 1
    This is unnecessary. Your ISP is the first stop, so **of course** it has a smaller ping because you can't get to the second stop before you get to the first one. But we're comparing the whole package here, not just the ping timings. – Pacerier Jun 06 '15 at 01:43
1

Google DNS is great but they do go down on occasion. As I write this, 8.8.8.8 and 8.8.4.4 are both unusably slow.

For a personal computer, I recommend Google because they are fast and they will give you an error if there is a failure unlike most ISPs which will take you to an annoying search page.

For servers colocated in data centers, I recommend using the DNS that your DC provides. You can call your DC in the event of an outage whereas Google cannot be contacted and is responsible for nothing.

tgurske
  • 11
  • 2
  • Hmm, this sounds weird. Google has [anycasted servers all over the globe](https://developers.google.com/speed/public-dns/faq?csw=1#technical). What do you mean by "unusably slow"? – Pacerier Jun 06 '15 at 01:46