Google DNS & other DNS options

[PsychEroc]

Via ghacks, I've just read that Google announced their free public DNS today.
They claim it will eventually be faster and safer than your ISP's.
Comodo also announced their free Secure DNS service recently.
And Open DNS is a popular alternative which claims to offer speed and security benefits.
So, with all these alternatives, which do we choose?
I was using OpenDNS for a couple of months after reading about it here in the forums, then I switched recently to Comodo's DNS.

Speed Tests
Well I ran some speed tests (which don't address security, consistency, or any other benefits of these DNS options).
In the NYC area, I found that, on average, OpenDNS was about 15 ms faster than Google and Comodo.
I ran tests many times, and the results weren't totally consistent; for example, OpenDNS was the winner in only half of the runs, but was the fastest on average.
Comodo was never the fastest, but was equal to Google on average.

Run Your Own Tests
Perform tests for yourself using the free tool namebench.
It will automatically test OpenDNS, UltraDNS, and other local options.
To include Google and Comodo, enter this in the Nameservers box:"192.168.0.1,8.8.8.8,8.8.4.4,156.154.70.22,156 .154.71.22".
Google DNS is 8.8.8.8 & 8.8.4.4, Comodo DNS is 156.154.70.22 & 156.154.71.22 (although one of them appears to overlap with UltraDNS).

Caveat
Although OpenDNS was faster, a 15 ms difference is only a flash, probably not very noticable.
So things like consistency and security may end up being more important when evaluating DNS options.
I'm tempted to switch back to OpenDNS, but I'm not sure, because security is more important to me than speed.
Let me know if you see any comparisons between the security benefits of the different DNS's.

[Sope]

I've been using OpenDNS for a while without problem. Also tried Comodo Secure DNS and DNS Advantage. I've stuck with OpenDNS due to it's slightly better speed results than the others for my specific location.

I believed that all 3 provided the same degree of protection but having just read this page at OpenDNS it appears that blocking of malware sites is now only available for their Enterprise paying customers! In the back of my head I'm sure blocking of malware sites used to be available for all their users.

Having looked at the Comodo Secure DNS webpage I can't find any reference to blocking of malicious sites there either, only mentions protection against TTL and DNS Cache Poisoning ?

I'd like some clarification on this too if anyone has any more in depth knowledge to share on the subject.

[chris.p]

I am fairly certain that blocking malicious sites was an option for all registered users at OpenDNS in the past, though I didn't use it. It was an attractive option for family users and so on.

I guess the loading they are now getting makes it too expensive, so it can only be supplied for paying customers.

The privacy issues with Google controlling DNS are interesting. There's going to be a lot of commentary on this It's not an option I'll be using. A very clever move by them, adding to the Chrome property, to allow them to track everything going on even if people don't use their search engine. It must be extremely important to them as it will cost tens of millions of dollars eventually, a huge amount more than Chrome. It certainly isn't something given away free for no reason.

There are several good reasons to use OpenDNS but the clincher for me is the speed their domain registry is updated, it's normally within 15 minutes, as against 24 hours to 3 days for a typical ISP. That's crucial for me when moving websites around. Their similar-result search when you get an URL wrong is good, too.

Their speed is good and to be honest I don't think a tenth of a second ping difference is going to be a deal-breaker. More important might be the routing speed to your final website, I think - you could run some tests like:
- go to websites 1, 2, 3, 4, 5 via OpenDNS
- measure 1st connection speed
- measure ping after 10 seconds
- repeat for all DNS services

There seems to be a difference in connection / routing speed to the desired website/s, and I think this would be more significant than a ping time to the DNS server, as it's what you are really interested in.

[PsychEroc]

Regarding Google and privacy:
According to the privacy information posted on the project web page Google Public DNS records temporary and permanent data but does not “correlate or combine” these information “with any other log data that Google might have about your use of other services, such as data from Web Search and data from advertising on the Google content network”.

Regarding security, both Google and OpenDNS describe their security benefits in detail, although it sounds like each protects against a different set of risks.
While Comodo simply says: "As a leading provider of computer security solutions, we are keenly aware of the dangers that plague the Internet today. Our 'name cache invalidation' solution signals the Comodo Secure DNS recursive servers whenever a DNS record is updated, fundamentally eliminating the concept of a TTL. Directing your requests through our highly secure servers can also reduces your exposure to the DNS Cache Poisoning attacks that may affect everybody else using your ISP."

I've started using OpenDNS (208.67.220.220) as my primary and Google (8.8.4.4) as my secondary.

[Sope]

Quote:

Originally Posted by PsychEroc

I've started using OpenDNS (208.67.220.220) as my primary and Google (8.8.4.4) as my secondary.

What benefits do you hope to get from using this set up?

[PsychEroc]

Quote:

What benefits do you hope to get from using this set up?

If you're referring to the use of 2 different services one for primary and another for secondary, I never thought about doing it until the namebench tool suggested it.
I'm not very knowledgeable about networking, but I can imagine some benefits to having a different service as a backup to the first.
Otherwise, I chose OpenDNS because I like their speed and their security benefits: Web Content Filtering, Phishing Protection, and Botnet Protection. Unfortunately, the additional Malware Site Protection is only available in the $2,000/yr Enterprise edition.
I chose Google as the backup because it seems to offer more protection than Comodo.
(PS -- Regarding privacy, I trust Google at their word.)

[Sope]

Quote:

Originally Posted by PsychEroc

If you're referring to the use of 2 different services one for primary and another for secondary, I never thought about doing it until the namebench tool suggested it.

That's what I was wondering about, thanks for the explanation.
Just sounded a little confusing to me though as I'm guessing it would be difficult to know which service was actually being made use of at any given time, or indeed a mixture of both?

I tried the namebench tool but can't get it to work - the "unzipping" message window stops responding at the end and just sits there even though the application appears to open and can be run, but only until the very end when it stops responding itself while trying to generate a csv file. Looks like this bug (or very similar) has been reported by others on the website too.

I have tried dnsbench (a similar tool) but I was interested in seeing if namebench would give me extra advice to work with similar to your results.

Oh well, I may give namebench another go when it looks like it's been updated/fixed.

Incidently, on the subject of security, to my inexperienced mind, reading all the various blurbs it appears that DNS Advantage seems to offer the most comprehensive level of security, but of course that could be just in the way it's worded. It'll be interesting to see what develops along these lines.

[MidnightCowboy]

As with all of these things the best choice for individuals is reflected by their personal circumstances. OpenDNS remains the best for parental control although users with dynamic addresses will find it a pain to keep updating their filter choices.

There's a bit more info and other suggestions in this thread here from the Comodo forum.

http://forums.comodo.com/empty-t42147.0.html

There are also other threads in the same forum and in others if you Google for them.

IMO speed can never be a safety related issue unless coughing or blinking is equally important.

[PsychEroc]

Not much more info in the Comodo forums, except that Comodo Secure DNS appears to be the same as UltraDNS.
Indeed, OpenDNS definitely gives the user the most control, still no way to compare security.
Not sure anyone was arguing that speed is a safety-related issue, just the opposite. Only, as it stands, we can evaluate speed but not safety.

[PsychEroc]

Quote:

Originally Posted by Sope

I tried the namebench tool but can't get it to work - the "unzipping" message window stops responding at the end and just sits there even though the application appears to open and can be run, but only until the very end when it stops responding itself while trying to generate a csv file. Looks like this bug (or very similar) has been reported by others on the website too.

The "unzipping" message also remained on my machine, just ignore.
My guess is that when you quit the program, the "unzipping" process ends by deleting all the program data.
The program also froze on me when I used "Alexa's domains", but using my own domains culled from Firefox or IE worked fine.