The fastest public DNS providers in 2015
Public DNS services may offer advantages over the DNS servers used natively by Internet Providers. These advantages may not be limited to speed only as you may get additional functionality on top of that.
This may include filtering options, for instance to block malicious sites or phishing sites straight away, but also options to bypass network or country-wide Internet filters.
ISPs in Spain for instance blocked access to The Pirate Bay website recently on the DNS level and a workaround for that was to switch to a global DNS service to access the site again.
There may be other advantages. Some ISPs may display custom error pages when look-ups fail in order to earn additional revenue. If you prefer to see the browser's error page instead when that happens, you could switch DNS providers to ensure that.
Speed may not seem important at first but since DNS is one of the cornerstones of the Internet and used a lot during Internet sessions, you may be able to load web pages and resources faster and improve the overall experience as well.
There is a third factor of importance: privacy. Since the selected DNS provider processes all of your connections on the Internet, you end up revealing information that you may not want to reveal to some companies.
That is out of the scope of this guide however. I suggest you check the privacy policy of services that you are interested in to find out how they handle this.
The program used for the test is Namebench, a DNS benchmarking system. The following settings were used in the benchmark:
- Query the top 2000 Alexa websites.
- Number of queries: 250
- Include global DNS providers.
- Include censorship checks.
- Health Check Performance: fast
In addition to those settings, the following providers were added to the list of nameservers:
- Censur Fri DNS: 89.233.43.71, 91.239.100.100
- Comodo Secure DNS: 8.26.56.26, 8.20.247.20
- DNS Watch: 84.200.69.80, 84.200.70.40
- Free DNS: 37.235.1.174. 37.235.1.177
- Green Team DNS: 81.218.119.11, 209.88.198.133
- Open Nic: 107.150.40.234, 50.116.23.211
- Safe DNS: 195.46.39.39, 195.46.39.40
- Smart Viper: 208.76.50.50, 208.76.51.51
The following providers are included natively by the program:
- DNS Advantage: 156.154.70.1, 156.154.71.1
- Dyn DNS: 216.146.35.35, 216.146.36.36
- Google DNS: 8.8.8.8, 8.8.4.4
- Open DNS Home: 208.67.222.222, 208.67.220.220
For your own tests, it makes sense to include regional DNS services as well as they may provide faster access than global providers.
Note: It is highly recommended to run the tests on your end as well. The reason for this is that access time and overall performance may differ depending on your location in the world. A provider in France may work well for central European users for instance but not so well for someone from Australia or Japan.
Results
| IP | Descr. | Avg (ms) | Min | Max | ||
| 8.8.4.4 | Google Public DNS-2 | 103.02 | 23.2 | 3500 | ||
| 208.67.222.222 | OpenDNS-2 | 163.86 | 31.4 | 3500 | ||
| 89.233.43.71 | 89.233.43.71 | 215.9 | 31.6 | 3500 | ||
| 208.76.50.50 | 208.76.50.50 | 222.89 | 99.5 | 1545 | ||
| 216.146.35.35 | DynGuide | 238.74 | 42 | 3500 | ||
| 81.218.119.11 | 81.218.119.11 | 244.34 | 78 | 3500 | ||
| 199.85.127.10 | 199.85.127.10 | 245.65 | 36.8 | 3500 | ||
| 156.154.71.1 | UltraDNS-2 | 247.83 | 30.3 | 3500 | ||
| 195.46.39.39 | 195.46.39.39 | 249.66 | 99.9 | 3500 | ||
| 209.88.198.133 | 209.88.198.133 | 268.87 | 86.3 | 3500 | ||
| 37.235.1.174 | 37.235.1.174 | 305.71 | 36.3 | 3500 | ||
| 84.200.70.40 | 84.200.70.40 | 308.92 | 23.1 | 3500 | ||
| 107.150.40.234 | 107.150.40.234 | 322.23 | 140.2 | 3500 | ||
| 208.76.51.51 | 208.76.51.51 | 336.97 | 181.4 | 3500 | ||
| 50.116.23.211 | 50.116.23.211 | 344.19 | 159.3 | 3500 | ||
| 37.235.1.177 | 37.235.1.177 | 344.23 | 36.6 | 3500 | ||
| 8.26.56.26 | 8.26.56.26 | 349.45 | 31.3 | 3500 | ||
| 8.20.247.20 | 8.20.247.20 | 380.54 | 31.2 | 3500 | ||
| 409.89 | 31.3 | 3500 | ||||
| 84.200.69.80 | 84.200.69.80 | 526.07 | 23.5 | 3500 |
As you can see, there are major differences between providers. While average may not always be the best metric for comparison, you will notice that the fastest response time of some providers is slower than the average response time of the fastest providers.
Run your own benchmark on your computer
It is easy to run your own benchmarking test to find the fastest DNS provider.
- Download Namebench from the project website. It is available for Windows, Linux and Mac OS X.
- Run the program and set the preferences as seen on the screenshot above. In addition, check the regional DNS services option as well.
- Wait for the benchmark to run its course. This takes several minutes and I suggest you don't use the computer in that time to avoid result inconsistencies.
- The results are displayed on a local web page. There you find listed the recommendations of the program on how to set the DNS providers on your system. In addition, notes are giving for sites that appear to work incorrectly when using the DNS service.
Changing the provider
There are two core options when it comes to changing DNS providers: you can change them on individual devices or in routers or servers. The latter has the advantage that all devices connecting to the router or server use the provider automatically.
I suggest you check out the instructions on the Open DNS website for that. They cover all scenarios including home routers and computer workstations, laptops and mobile devices. Note that you need to switch IPs if you don't select OpenDNS as your provider of choice.
If you use Windows, you may also use programs such as DNS Switch, Dns Jumper, or QuickSetDNS to change DNS servers quickly.
Now You: Which provider is fastest and which are you using on your systems?
Here I use the DNSProxy application which crypts requests/answers to the DNS server, one within a list provided by the application (not all DNS servers support encrypted connections). In this list is OpenDNS of which much has been said regarding privacy, but also many others (20 or so) of which dnscrypt.eu with servers in Netherlands and Denmark. These 3 are the fastest for me here in France. What I mean to say is that I tend to use OpenDNS whatever my suspicions regarding privacy because not only does it appear as being the fastest resolver but also because it offers extra security for both registered and unregistered users, and an extra layer for registered users. Whatever, encrypted DNS requests is said to be an important contribution to security especially in regard to the ‘Man In The Middle’ threat…
Anyway, being able to choose one’s DNS is an important topic to be aware of. Most users rely on their default ISP servers and as such are condemned to follow whatever the ISP’s policy may be, as described in this article.
DNSProxy? Care to share the website link?
DNSCrypt home page : http://dnscrypt.org/
DNSCrypt-Proxy downloads : http://download.dnscrypt.org/dnscrypt-proxy/
DNSCrypt Windows Service Manager : http://simonclausen.dk/projects/dnscrypt-winservicemgr/
DNSCrypt.eu – Free, Non-logged and Uncensored : https://dnscrypt.eu/
DNSCrypt.eu Archives – Simon Clausen : http://simonclausen.dk/tag/dnscrypt-eu/
Copy/pasted from my bookmarks :)
Sorry, but I pasted links here concerning DNSProxy and they weren’t published.
If links are forbidden should I encrypt them within a poem for instance?
Anyway, a Web search for DNSCrypt and all information will be easily found (DNSCrypt remains gathered in a rather small perimeter).
Links are live now. All links are automatically added to the moderation queue.
Some CDN providers return their nearest server based on DNS request location. So I am not sure is the fastest DNS can lead me to the best server or not. Is there any way to measure that?
The sample size has an impact on that. If you increase the number of requests per DNS server, you should get good values for each.
I use a portable program called Dnsjumper in Windows. It will search for the fastest but I just use Google Public Dns IPv6. It can flush the DNS cache too. Handy when your ISPs default DNS is offline. You can select a different one and immediately get online while others have to wait.
I use OpenDNS, and I’m happy with it. Glad it’s one of the best.
Curious: with one exception all max. results are 3500ms.
That’s the timeout period.
The DNS for each person would/should be different and not all DNS would work for everyone so suggesting a DNS one person claims is fast may not be fast for the other person. For example. Google’s open public DNS (8.8.8.8 / 8.8.4.4) has an Avg MS of 6-12MS for me, but for Martin it shows 108.
When changing DNS the second time around as suggested by one of Martin’s past posts, I gave Open DNS a try and overall the Avg MS was about the same as Google’s DNS. The only difference is Google resources loaded a bit slower with Open DNS.
The program (namebench) crashes under Windows 7-64b at the settings you suggest Martin, so I played with the different options and as it turns out (for me only?) it only works under default settings but only for a few minutes, then it too crashes. The program only ran (for me) when the queries were set for 50 instead of the default 250.
The suggested program by Dwight Stegall doesn’t crash but it only queries once instead of 50-250 queries like namebench does. But simply enough just tapping the test button in DNS Jumper a few times and the results change slightly. For me it is between Google DNS at 6-12 MS, and Open DNS at 11-18 each time I tapped the “find fastest DNS”.
I do believe DNS Jumper is only pinging the servers once, whereas namebench is sending a larger packet to query with.
You forgot to test Yandex.DNS
Been using Open DNS for years, Like the fact has setting for better security as well as its
speed for me ,I have tried Google as well as others
but Open Dns has been the best,
one more thing
after finding your fav. dns
run spoof test to see how secure really is
https://www.grc.com/dns/dns.htm
I’ve been using OpenDNS for years, even before their Dnscrypt became available.
https://www.opendns.com/about/innovations/dnscrypt/
Thanks for your GRC link confirming OpenDNS is a great choice for my USA location.
I use OpenNIC (2 nearest non-logging servers), followed by censurfridns. I use Nirsoft’s QuickSetDNS to change DNS servers quickly if there’s a problem (where I have OpenDNS, GoogleDNS, and NortonDNS as backups).
The best DNS benchmark program I’ve used is GRC’s DNSbench, available at https://www.grc.com/dns/benchmark.htm. It is very thorough and provides lots of information.
In the past two years, OpenDNS has been dropping further and further on the list. Now, it’s not even in the top 50 fastest DNS servers for my Mid-Atlantic coastal U.S. location.
Excellent article Martin.
One thing to add…
When evaluating which DNS provider to use, I also consider if the provider has implemented DNSSEC.
You can test this at:
http://test.dnssec-or-not.com/
Per paragraph 3 of https://www.opendns.com/about/innovations/dnscrypt/ it appears to my unknowledgeable eye that DNSCrypt is much more important than the complementary but very underused DNSSEC. Comments?
I wouldn’t say it’s more important at all; they perform different functions.
DNSSEC provides authentication of traffic between DNS servers mitigating cache-poisoning attacks.
DNSCrypt encrypts traffic between your network and your DNS provider mitigating man-in-the-middle attacks.
Realistically, a cache-poisoning attack potentially affects a much wider audience.
Another advantage to DNSCrypt is because your DNS traffic is encrypted, your ISP has a much more difficult time tracking what sites you visit (trust me, most ISPs do this). This is why, to my knowledge, no ISP uses DNSCrpyt.
Tried it like some weeks ago when someone linked it on heise, but it just ran for 30min without giving me any results and then I aborted it.
It only takes some minutes for you?
Yes it was quick.
I’m using DNSCrypt (works on every platform including Android) + OpenNIC/CloudNS. Most of above listed DNS providers aren’t open source.
Somehow I became a beta tester for OpenDNS, back about 2002 or 2003, and have used them ever since. In about 2005, I mentioned it to Brian Krebs (of Krebs On Security, an excellent and highly recommended site), who then was writing the computer and Internet security column for the Washington Post (every Friday he hosted a two-hour live chat; it was really neat watching questions and comments arrive from literally every corner of the world!). At some point I has mentioned OpenDNS to Brian and asked him for his take; he liked it — a lot — and then wrote a column recommending that folks would be wise to eschew their ISP’s DNS for it.
Fast forward to the summer of 2008; I was on a cross-country automobile trip from the central coast of Maine to Portland, Oregon, then down to Los Angeles, and finally San Diego, California. In about July (or perhaps August), there was a coordinated world-wide attack on various ISP’s DNS (a Man-In-the-Middle exploit); a whole lot of money disappeared in fairly short order before the breach was discovered and corrected.
A day or two after most of the dust had settled, Brian wrote a column which began something very much like, “People, I told you to change your DNS to OpenDNS…” – not a direct quote, but fairly close (Brian, if you happen to read this, perhaps you’ve got a copy of that column in your archive and can fill-in the actual history…).
I’ve run Namebench in various parts of the U.S., and OpenDNS is definitely amongst the top two or three for overall speed, though security remains my primary concern. (And no one who had been using OpenDNS had been affected by the 2008 exploit.)
A.J. North: Would you care to expand on your last paragraph re OpenDNS? Did you mean you are concerned about security using OpenDNS as opposed to other solutions? Or are you just expressing a concern about security in general when surfing the web? Thanks.
Hello chesscanoe,
That would be both the security conferred by OpenDNS (as compared to the DNS provided by the ISP, rather than to other providers available today), as well as security in general while on the Internet. In no way do I mean to imply that other DNS are are not as, if not even more, secure (or offer more options) than OpenDNS; they just happened to be the first (at least to my awareness), and somehow I just happened to be on a list that brought me in contact with them — more than a decade ago.
Remember, unlike the past several years, in 2008 (and more so before then), one’s choices for a DNS were exceedingly limited (and very few even knew what it was, much less its significance). Today, of course, there are many different options (as well as software that allows one to easily change their DNS at a moment’s notice) — together with a virtually universal awareness and understanding of the importance of the DNS (at least amongst the technically inclined).
Hope this answers your question.
Regards,
AJN
Hi, We are building a super fast decentralised DNS system. You can sign up as a beta tester at our site: aware.io
Please remove the Level3-DNS-servers, as they are all redirecting failed DNS-resolutions to some sort of commercial search-engine.
To Martin Brinkmann : how did you add that list of providers to the list of nameservers?
I mean these ones:
Censur Fri DNS: 89.233.43.71, 91.239.100.100
Comodo Secure DNS: 8.26.56.26, 8.20.247.20
DNS Watch: 84.200.69.80, 84.200.70.40
Free DNS: 37.235.1.174. 37.235.1.177
Green Team DNS: 81.218.119.11, 209.88.198.133
Level 3: 209.244.0.3, 209.244.0.4
Norton ConnectSafe: 199.85.126.10, 199.85.127.10
Open Nic: 107.150.40.234, 50.116.23.211
Safe DNS: 195.46.39.39, 195.46.39.40
Smart Viper: 208.76.50.50, 208.76.51.51
I’m using DNScrypt on every device either on my linux PC, android phone, openwrt router etc… Security first, performance second!