How to Find the Best DNS Server

  Go straight to the Change Log to see what's new since the major update in June 2011

DNS servers are the most trusted component of your web browsing experience but few people understand how they work or how their security vulnerabilities can cause you problems. I recommend that you read both What DNS Servers Do and How to Change DNS Server before you change the DNS servers your system relies upon.

Three free utilities can help you to find the best DNS servers for your system.These benchmarking programs use their databases of DNS servers to test those that will give you the best improvement. The best performance is likely to be from from a mixture of DNS servers that are close to your location and a global DNS server that has a large database. These programs are portable (run without installation), use similar methods and provide similar results. Their reporting is very different so I recommend that you try both NameBench and DNS Benchmark.

• Google NameBench is easy to use and comprehensive but doesn't preview the DNS servers being benchmarked. It is compatible with Windows, Mac OS X, and UNIX.

• Gibson Research Corporation DNS Benchmark is the program I prefer. It is a little more complex but provides a lot of documentation and help for each step. It does preview the servers that will be tested before you run the actual benchmark. It is a Windows program that also runs in Windows emulation (Wine) for Mac OS X and Linux.

I recommend DNS Benchmark for all users outside of North America. It clearly identifies one problem that NameBench does not. My primary DNS server had slow response times for major dot com sites which  usually have their home in the United States.

• DNS Jumper is the simplest with very limited testing. It provides a quick test of public DNS servers, allows you to customize the DNS server list, and can change your configuration. It runs under Windows.

There are two sections in this how to guide.

1. How to configure the testing software
2. How to run the tests using NameBench, DNS Benchmark or DNS Jumper.

Installing  the software

These programs run directly from the download and have no install procedure so they don't alter the Windows registry or add shortcuts to the desktop or menu.

How to copy the files to the folder you want to run them from

They also won't create their own folders to install to so if you want that you will have to do it yourself.

• namebench-1.3.1-Windows.exe and DNSJumper.zip should be unzipped to the folder you desire.
• DNSBench.exe should be copied to the folder you desire.

Download additional files as required

Namebench command line version requires Python 2.5 to 2.7 to be installed. UNIX and Mac OS X usually have it so it is mainly Windows users who might have to install it.

Advanced configuration

The average user can skip the rest of this section and go straight to testing.

Editing the configuration files before running the first test

The first test will be the most accurate because it is more likely that the tested domains will not be cached. Once the test has run then any further requests for the same domain are likely to be cached. Therefore some advanced users might want to edit the configuration files before running the first test.

Namebench has three configuration files in a subfolder (\namebench\config) of the folder you have unzipped it to:

• namebench.cfg is the main configuration file and probably the only one that you will edit. I edited it to increase number of servers tested and added more global DNS servers.
  It contains the following:
  • Settings, most of which can be overridden if you use the Python command line.
  • Global DNS servers. The default is to test them.
  • Regional DNS servers. The default is to test them.
• hostname_reference.cfg contains two lists of websites.
  • censored sites which are not tested unless specified
  • sanity checks sites which are used to check that the returned IP is correct for the DNS name.
    These are tested everytime unless you have a version of NameBench which includes the option to turn this off, ie download_latest = 1 becomes download_latest=0.
• data_sources.cfg points to the sources of the website test list:
  • List files provided with NameBench
  • Browser databases

DNS Benchmark has two configuration lists which do not exist when you first run DNS Benchmark. I created both lists from those tested in NameBench so that I can compare the results of the two programs.
I opened the NameBench .csv results in Excel, summarized the list of sites and DNS hosts using two pivot reports (there are other ways to do it), then copied the lists into the respective files:

• DNSBench.ini contains the list of DNS servers to be tested. It is not created until you decide to add or remove servers using the menu or until you have run the test to create your own customized list of servers. You can create many .ini files with different names and add or remove them from the test list anytime that you like.
• domains.txt contains the list of websites to be used for the tests. The default is the top 50 Alexa sites from 2009, there is also a list of 100 top Alexa sites. Note that both lists are uncensored so by testing these sites there is potential for embarrassment or worse. Both files are available at Resource Files for Advanced Benchmarking.
  Once edited you have to run DNS Benchmark with the command line option:

dnsbench.exe /domains domains.txt

DNS Jumper has one configuration file:

• DNSJumper.ini contains the DNS server list, a few program options, and the text for each language.
  To add another DNS server type append it to the list  in the format <server name?=<server IP address>,<server IP address> etc., e.g."my setup=192.168.2.1,202.180.64.2". DNSJumper will automatically assign the correct server number.

In this section I explain how to test using a real example of my own.

Checklist before you start testing

• Only the DNS test program should be using the Internet connection otherwise your results will be affected by other traffic and may not be consistent with any later test.
• If your firewall has outbound-blocking then it can block the tests. You might need to turn that off temporarily by following the specific instructions for each product.
  • DNS Benchmark firewall FAQ
• The first test is likely to be most accurate because later tests will be running the same queries which should then be cached in the servers. If you have your own list then now is the time to use it.

Testing with NameBench

 1. Run NameBench and set the test options.

The NameBench options are explained as follows:

• Nameservers lists the IP addresses of your system DNS servers. You can delete them from the test or append other servers to the list.
  In this screenshot, 192.168.2.1 is an IP address reserved for private networks such as my router which has two DNS servers defined. On my PC 192.168.2.1 is automatically assigned (by DHCP) from the router. 202.180.64.2 is the secondary IP address that I manually input in Windows.
• Include global DNS providers should probably be checkmarked. They will provide a good baseline for comparing other DNS servers. If you don't check this then you will only get results for the fastest DNS servers for your system.
  NameBench defaults to 10 DNS servers so the more global servers that are included then the fewer regional DNS servers will be included. For the results graphs, NameBench will usually only use the primary DNS server because it removes duplicated/backup/replicated servers so, for example, Google DNS will only count as one DNS server although Google has many servers and several IP addresses.
• Include best available regional DNS services should be checkmarked because these will usually be your fastest DNS servers.
• Include censorship checks will include websites that are often censored because of political views, violence and hatred, gambling, etc.
• Upload and share your anonymized results should be checkmarked if you want an easy way to share your results over the Internet. I expect that in the future NameBench will provide reporting from this database without running a benchmark.
• Health Check Performance should be set to Fast (to query 40 DNS servers at a time) unless you have poor connection in which case set it to Slow (to query 10 DNS servers at a time).
• Number of queries defaults to 250 web sites for each of the 11 DNS servers. You can speed up the tests by changing it to 50 which is the default for DNS Benchmark.
• Query Data Source determines where NameBench gets its list of domain names to test. As well as five test scenarios , NameBench can extract the information from Camino, Chrome, Chromium, Epiphany, Firefox, Flock, Galeon, Icab, Internet Explorer, Konqueror, Midori, Omniweb, Opera, Safari, Seamonkey, Squid and Sunrise.

 2. Run the benchmark

First, NameBench checks the connection quality and makes adjustments for the connection condition. That is why you should not have other Internet activity while running the tests.

NameBench then selects the fastest to benchmark:

• checks the DNS servers are available to the test system
• performs TTL tests
• checks for cache sharing with replicated servers and then removes the slower DNS replicas
• selects the DNS servers for benchmarking

The DNS queries are sent to the selected DNS servers.

The results are saved in html and csv formats.

Finally, the html results are displayed in the browser chosen for the test.

3. View the benchmark results.

Click on the images in this review to see the results of a full test that I ran

The primary report is a table.

• NameBench presents a recommended configuration for three DNS servers.
• The current primary DNS server is highlighted in pale yellow.
• In this case, a 5.1% improvement would not be enough to change without doing further tests to confirm that the improvement is consistent. The red bars indicate timeouts for the proposed server. In this case, two queries timed out at 3.5 seconds so that is not good and another reason to test again.
• Ignore that "www.paypal.com is hijacked hijacked" because this is a known bug.
• Replica DNS servers are indicated so you know which servers have backups available.

There are two types of graph presented. The first are bar graphs of the average and fastest response times. Note that each graph uses a different scale.

• Look at the second graph first because the fastest response time shows you the best that you can get. This graph shows that network distance, which is similar to geographical distance, is the main driver for response times. So the response time is roughly proportional to the distance from my home. The six NZ DNS servers are grouped first then one Australian DNS server then the four global DNS servers mainly located in the USA.
• The averages response time look quite different because the second driver is the size of the name cache. Global DNS servers perform much better because they have larger name databases. OpenDNS, Google and UltraDNS are ranked fifth to seventh but still remain 50% slower than the best regional DNS server.

Then there are line graphs of cumulative response times.

• The distribution graphs show what percentage of queries are answered in what period of time.
• The first graph is for the first 200 milliseconds ie 0.2 seconds.
• The second graph continues to the 3.5 second default for the timeout.
  Although it is available when you first view the results, when you go to the website it will not be there.
  This graph shows how the global providers though slower at the start are much more consistent with fewer timeouts. By a quarter of a second and 30% awaiting a response they're competitive. By a third of a second and 10% awaiting a response they're performing better.
  It is the long tail for the slower response times that will be noticeable when you are browsing. So if you are prepared to live with slower average response times that you don't notice then you can stop the really slow and annoying response times by using a global DNS service.

The online results include sample index results for Wikipedia.com and Google.com instead of presenting the second response distribution graph.

Finally, the benchmark parameters are listed.

Testing with DNS Benchmark

1. Start DNS Benchmark

To view the DNS servers click on the Nameservers tab highlighted above. You will have to wait about 10 seconds for the list of servers to be loaded.

Your system DNS servers will appear first in the list. The remaining servers are sourced from DNS Benchmark's list of global servers. The advantage of this approach is that you have the opportunity to refine the server list before testing.

At this point you can add or remove servers by using either of two menus:

• Click on the Add/Remove button to display the first menu shown below.
• Click on the system icon at the top left to get the system menu which is a superset of the Add/Remove menu.

.

The servers can be added or removed individually or in three groups:

• Your system DNS servers
• The default global servers
• Your own .ini file.

You can remove all servers to clear the list and start again. Once complete you can save your list to an .ini file.

There are two further options that you might consider to prune the list:

• Remove dead servers that are not responding. This is well worth doing.
• Remove redirecting DNS servers. This might remove DNS servers that you want to avoid but it will also remove OpenDNS and other filtering DNS servers.

The final option is to build the custom server list without running the global benchmark. If you want to save time then do this and skip to Create the regional DNS server list.

2. Run the global server DNS benchmark

As well as clicking on "Run Benchmark", you can also click on the Gibson Research Corporation (GRC) logo to start or stop the benchmark.

At first glance the results point to a much faster DNS server. But the decision is not that clear cut if you read on below:

• Server IP address is in the first column
• Server status is in the second column.
  • The first two servers are the system DNS servers as indicated by the solid green circle.
  • The other servers are not the system DNS servers because they have hollow circles.
  • The colour of the circle indicates the quality of the connection:
    Green = good
    Orange = redirecting or hijacking DNS servers
    Red = the server is not responding ie is dead. I remove dead servers so there are no red circles in the example results.
  • OpenDNS also has a blue circle around the server status. This indicates that IP addresses reserved for private networks are being blocked. There are four ranges of addresses so in this case three of the four are being blocked.
    Green = both IPv4 and IPv6 reserved private addresses are being blocked
    Blue = either IPv4 or IPv6 but not both reserved private addresses are being blocked

• The organization owning the DNS server is shown at the right.

The main results display the results of cached queries. DNS Benchmark provides two particularly useful test results if you check the Show Uncached checkbox:

• Uncached queries (green) where the DNS server cache is bypassed.
• DotCom queries (blue) for major global websites (dotcoms) that are mainly located in the United States.

In the example below my primary DNS server has unacceptably slow response for major global websites (DotComs). This problem was not visible in the NameBench results.

The server that is reported to be fastest is one of my ISP's DNS servers. I should probably change to it because it is faster and has no problems with DotComs unlike my primary DNS server. However it does have a problem with lost queries as indicated by the red bar which displays over the server IP address on the left. It is not a big problem but I would test again to see if it is a regular problem.

3. Create the regional DNS server list

The Custom Namerserver List is a list of your regional DNS servers that are likely to give you the best service. DNS Benchmark goes through its database of nearly 5,000 DNS servers to find those that are likely to perform best for you. It creates the list and then you can run the benchmark.

While it is creating the list you can see the total number of servers including the following:

• Resolved = those you can use
• Refused = those that reject your queries maybe because you are in a region that they don't service
• No reply = dead servers

4. Run the regional DNS server benchmark

The regional DNS server benchmark runs the same as the default server benchmark. So the results apply just the same.

5. View the results

DNS Benchmark displays the results as it works so you will quickly be able to see which DNS servers are performing the best. I've drawn a few conclusions from the final results displayed at right. Note that DNS Benchmark allowed me to save these results as an image file because a screenshot wouldn't show enough servers.

• By default DNS Benchmark gives you a better comparison of more servers than NameBench which has to be configured to provide results for more than 10 servers.
• Servers in my country are the fastest. Like NameBench, DNS Benchmark illustrates the same relationship.
• The results illustrate that the primary driver for DNS query time is the delay (latency) due to the distance between systems on the Internet. This network distance is roughly the same as geographical distance. You will notice the same sort of delay If you ever make a phone call to the other side of the world.

Query response time = network latency + server processing time

• The speed of the DNS server itself is far less important but does make a difference where several DNS servers are located in the same region.
• You can also see that DNS servers with lost queries tend to perform worse. The lost queries are indicated by the red bars overlaying the DNS server IP address in the left hand column.  Seven of the eight New Zealand servers with lost queries are the worst performing in that group.This is likely to be the same in other countries

Remember that DNS Benchmark has several tabs to view the various results:

• Nameservers shows you:
  • Server name
  • Server owner
  • Server status
  • Server response times
    • Cached response times are displayed by default
    • Uncached response times are displayed by checking the box
• Tabular Data shows you the numeric results in a small table for each server. The formatting is text-based so you can export it to any editor.
• Conclusions provides you with a comprehensive list of conclusions and recommendations. These are clearly explained to guide you. In the screenshot below, I have only shown the start of the first of seven conclusions. It has a positive green tick so there is no action required. Where DNS Benchmark displays a red cross you will be advised what you should do to improve your configuration.

6. After completing the benchmark:

The DNS server list will be saved in the default.ini file. As discussed above, you can amend the list or detete it and start again.

To save the results go to DNS Benchmark's System Menu and select 'Export last results to CSV file'. DNS Benchmark also provides for saving any of the results pages either as an image file (.png or .bmp) or a formatted text file (.rtf).

Testing with DNS Jumper

DNS Jumper is relatively simple but I do not rate it highly so I''m only showing the main window for your information.

1. Select your network card.

2. Add or remove any DNS servers to the DNS Jumper database using the + or - buttons.

3. Find the "Fastest DNS"

• The fastest will appear in the "Manual DNS Servers" list.
• Response time is displayed in milliseconds.
• If the DNS server is invalid or unavailable thenthe result will be "Host is offline"
• You can also flush your system's DNS cache but the flush is not as effective as using the Windows/DOS command "ipconfig /dnsflush"

4. If you want to use the fastest servers then select "Apply DNS" to save the change.

I found the results unreliable and would be reluctant to use them without a second opinion. But the program is a quick and easy introduction to selecting a global DNS services.

Using DNS servers for security

• What DNS Servers Do
• How to Change DNS Server
• Best Free DNS Server - coming soon
• Safe Computing in Under an Hour
• How to Block Bad Websites
• Best Free Parental Filter

This software category is maintained by volunteer editor Remah.

If you have had a similar experience then you should consider becoming a reviewer too.

Domain Name System, DNS, DNS server, DNS resolver, DNS resolution, DNS name server, Internet name server, NameBench, DNS Benchmark, DNS Jumper