why would you want to change your windows dns settings?

[keakar]

reading things about it I get confused if this is about finding the fastest internet connection and speed or is it about security and how is it more secure to change the dns server you use? I mean the server you use isn't really a security risk to you is it?

 

[FordGT90Concept]

namebench will find the fastest but remember, that is subject to change (e.g. time of day).

In terms of security, if you're using one that has lots of errors or is intentionally wrong, google.com, for example, could point to a malicious website that looks and acts like the real google.com but, in fact, it's primary purpose is to steal your Google account login and password. The only way you could find out if this is happening is comparing the IP address google.com resolves to compared to the DNS result from known-to-be-safe DNS server (e.g. Google's own). Most people don't know/think to do this so it is potentially a major vulnerability.

 

[Kursah]

I use OpenDNS Home for DNS filtering, it's as-fast-as Google in my experience, both of which are far better than my ISP (Charter). OpenDNS is nice because I can have control over what is and isn't accessed and it also does a good job in helping block known malware sites. A good DNS can go a long ways, and a sketchy or "fake" DNS can do some damage as Ford mentioned.

 

[rooivalk]

In my case, our local ISPs have iron curtain policy which block a lot of things, so openDNS / dnscrypt is a godsend.

on the other hand I don't feel the speed difference between google, opendns, or default setting.

 

[Mussels]

smaller ISP's often have faulty DNS, so an alternative can help. Generally it improves response times, but wont affect online game much.

It can also help if your ISP blocks or re-directs traffic - my ISP has torrent caches for example that boost torrent speeds (but in reality boosts some while crippling most), so changing to google DNS gets me more consistent speeds.

 

[keakar]

ok, thanks guys, so its all about speed and access issues and not really much to do with security, that's what I wanted to clarify in my mind.

now I have a question, if I often get these "page cant be displayed" notices, are these a server traffic or limitation issue that can be cured with a better dns server?

I get these things often and its almost routine now to have to click on something twice before the website opens.

 

[Ahhzz]

ok, thanks guys, so its all about speed and access issues and not really much to do with security, that's what I wanted to clarify in my mind.

now I have a question, if I often get these "page cant be displayed" notices, are these a server traffic or limitation issue that can be cured with a better dns server?

I get these things often and its almost routine now to have to click on something twice before the website opens.

That's kind of a tricky question, as there are several things that can cause that, including the quality of your connection tot the internet, but also including a slow (or defective, or non-existent) response from your DNS server. All said, choosing a different DNS, like maybe Google's or one of the other "top tier" servers shouldn't really hurt you, and may help.

 

[qubit]

In terms of security, if you're using one that has lots of errors or is intentionally wrong, google.com, for example, could point to a malicious website that looks and acts like the real google.com but, in fact, it's primary purpose is to steal your Google account login and password. The only way you could find out if this is happening is comparing the IP address google.com resolves to compared to the DNS result from known-to-be-safe DNS server (e.g. Google's own). Most people don't know/think to do this so it is potentially a major vulnerability.

Indeed, this risk is what DNSSEC standard is supposed to mitigate.

From what I know about IPv6, this has DNSSEC as part of the standard, so is much more secure.

 

[keakar]

ok so what the best way to "shop" for a dns server choice?

I know im looking for the fastest speeds but so is everyone else so should I choose one say from the top 5-10 and avoid the top 5 because those are more crowded since everyone will be looking for the fastest?

and aside from looking the best speed, is there anything else I should be checking for to avoid?

 

[FordGT90Concept]

now I have a question, if I often get these "page cant be displayed" notices, are these a server traffic or limitation issue that can be cured with a better dns server?

Only if the problem is that the IP the DNS is pointing to is incorrect. If that is the case, then yes, changing DNS servers can fix it. If you can provide a domain name you're having problems with, one of us can try accessing it, get you the IP address for it, and you compare your DNS IP to ours to see if that's the problem.

To get the IP for any DNS, open up the command prompt and type the following followed by pressing enter: ping [domain name]

You'll see something like this:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Admin>ping google.com

Pinging google.com [216.58.216.78] with 32 bytes of data:
Reply from 216.58.216.78: bytes=32 time=32ms TTL=56
Reply from 216.58.216.78: bytes=32 time=32ms TTL=56
Reply from 216.58.216.78: bytes=32 time=32ms TTL=56
Reply from 216.58.216.78: bytes=32 time=32ms TTL=56

Ping statistics for 216.58.216.78:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 32ms, Average = 32ms

C:\Users\Admin>

google.com is pointing to 216.58.216.78 and that information is obtained from the DNS I'm using.

ok so what the best way to "shop" for a dns server choice?

Namebench is the best way I know of.

When it is done, it will give you three DNS servers. I set them in my router and set all of my computers to default to the router.

 

[keakar]

Only if the problem is that the IP the DNS is pointing to is incorrect. If that is the case, then yes, changing DNS servers can fix it. If you can provide a domain name you're having problems with, one of us can try accessing it, get you the IP address for it, and you compare your DNS IP to ours to see if that's the problem.

well its completely random, sometimes its TPU sometimes its yahoo mail, sometimes its a random google search site like walmart, ebay, or amazon, often it just takes a second or sometimes 3rd click to refresh and it works. and there are sometimes a website will load incomplete, only showing text but not content.

just this morning this website wouldn't fully load, what I mean by that is I could read this thread but the reply function hadn't loaded so I couldn't reply. 10 minutes later it was loading and working fine again. this is the kind of random things happening lately and I think its my ISP doing line maint or working on the servers

 

[FordGT90Concept]

I verified all of these are working.
http://techpowerup.com = http://108.61.10.5
http://mail.yahoo.com = http://98.139.21.169
http://google.com = http://216.58.216.78
http://walmart.com = http://161.170.248.20
http://ebay.com = http://66.135.216.190
http://amazon.com = http://176.32.98.166

Note that WWW can direct to a different IP than non-WWW. A lot of these sites redirect to their WWW subdomain.

 

[rtwjunkie]

I found that the DNS for Charter would many times be unresponsive, or just plain couldn't be found. Changed the dns to the OpenDNS address and things have been flawless.

 

[keakar]

well here are my namebench results: (there are 6 servers faster then mine)

SBC/AT&T Global US ----------- 88.8% faster
Google Public DNS ------------- 83.2% faster
Wtechlink/Pacinfo/AT&T-2 US - 65.5% faster
OpenDNS-2 -------------------- 48.8% faster
UltraDNS-2 --------------------- 44.0% faster
UU Cache-8 US ----------------- 18.6% faster

so from this list how do I judge the best choice? it cant be as simple as just picking the fastest one can it?


another strange note is there is a lot of stuff for every server category im not understanding like this:

• twitter.com appears incorrect: 199.59.150.7, 199.59.148.82, 199.59.149.198, 199.59.148.10

• www.google.com is hijacked: 173.194.219.147, 173.194.219.103, 173.194.219.106, 173.194.219.99, 173.194.219.104, 173.194.219.105

and this:

• twitter.com appears incorrect: 199.16.156.6, 199.16.156.102, 199.16.156.38, 199.16.156.230

• google.com appears incorrect: 4.35.2.153, 4.35.2.152, 4.35.2.148, 4.35.2.158, 4.35.2.183, 4.35.2.157, 4.35.2.177, 4.35.2.173, 4.35.2.162, 4.35.2.168, 4.35.2.163, 4.35.2.187, 4.35.2.182, 4.35.2.167, 4.35.2.172, 4.35.2.178

• www.google.com is hijacked: 4.35.2.187, 4.35.2.178, 4.35.2.152, 4.35.2.173, 4.35.2.163, 4.35.2.168, 4.35.2.183, 4.35.2.172, 4.35.2.148, 4.35.2.177, 4.35.2.157, 4.35.2.153, 4.35.2.162, 4.35.2.158, 4.35.2.167, 4.35.2.182

are these just listed warnings about servers not to use because some show many addresses and some just a few?

also as a footnote I ran it only checking 50 queries instead of 250 to shorten the search time, im running the search again at the default 250 queries to see if anything changes

 

[keakar]

well ok that's a HUGE difference in using a 50 queries search vs using 250 queries search, here are the results:

50 queries search
SBC/AT&T Global US ------------ 88.8% faster
Google Public DNS -------------- 83.2% faster
Wtechlink/Pacinfo/AT&T-2 US -- 65.5% faster
OpenDNS-2 --------------------- 48.8% faster
UltraDNS-2 ---------------------- 44.0% faster
UU Cache-8 US ------------------ 18.6% faster

and the 250 queries search
SBC/AT&T Global-2 US --------- 20.7% faster
SBC/AT&T Global US ----------- 18.3% faster
Google Public DNS -------------- 3.6% faster
OpenDNS-2 ---------------------- 2.2% faster
============================
Wtechlink/Pacinfo/AT&T-2 US --2.4% slower
UltraDNS-2 ---------------------- 8.1% slower
UU Cache-8 US ----------------- this one is not even listed now

so based on these numbers what should I choose?

 

[FordGT90Concept]

I'd use these two:
SBC/AT&T Global US ------------ 88.8% faster
Google Public DNS -------------- 83.2% faster

If your equipment supports a third, I'd throw OpenDNS-2 in there.

 

[keakar]

I'd use these two:
SBC/AT&T Global US ------------ 88.8% faster
Google Public DNS -------------- 83.2% faster

If your equipment supports a third, I'd throw OpenDNS-2 in there.

but isn't the 250 queries search more accurate so the real numbers show

SBC/AT&T Global-2 US --------- 20.7% faster
SBC/AT&T Global US ----------- 18.3% faster

are the fastest? im not sure if that first search result can be trusted since I changed the settings? would it give a better true picture if I set it to run a 500 queries search or even 1000?

but I gather your point is just to use the top two that shows the fastest numbers

we have 3 computers on a home network through a router so I will be setting up the router to use the new dns

 

[keakar]

well if I understand how it works, the more queries you use the better and more accurate the test is for true internet speeds so im going to redo it for 2500 queries and just to confirm the at&t servers are still showing as the fastest by far for my area

 

[keakar]

ok so last night I ran more tests with namebench and found that my dns was the fastest all night long starting from about 8pm central time, yet during the day many others are as much as 50%-80% faster.

it also looks like the larger pool of queries used for the test greatly reduces any differences and when I get to 1000 or more queries any difference higher is in the single digits or 50% or more slower.

sticking with the default queries number of 250 it looks like im fastest at night and half the speed of others during the day.

since im not interested in going in and switching these things all the time I guess staying with my default dns is the best "overall" setup

if anyone has advice about this and my observations with namebench please share

thank you

 

[FordGT90Concept]

Computers rarely hammer a DNS with a thousand queries in a few seconds.

 

[keakar]

Computers rarely hammer a DNS with a thousand queries in a few seconds.

I though it was speed checks so if you set it to more, then the more accurate the speed readings will be?

I also noticed I get a big jump in higher speed numbers and completely different results if I don't select the censorship checks

 

[FordGT90Concept]

You're probably seeing the limitations of your internet connection more so than the limitations of the DNS servers themselves by doing so many queries. 250 is more than sufficient.

 

[Daemmon]

I... actually would be interested in the real times that the tool used for comparison. +80% of a few ms will make 0 difference. I always pick google ones as they are easy to remember 8.8.8.8 / 8.8.4.4, very rarely fail and is very safe.

well its completely random, sometimes its TPU sometimes its yahoo mail, sometimes its a random google search site like walmart, ebay, or amazon, often it just takes a second or sometimes 3rd click to refresh and it works. and there are sometimes a website will load incomplete, only showing text but not content.

That issue is most likely other stuff rather than DNS issues. Chrome will even tell you that the DNS couldn't resolve properly while accessing webpages and the DNS query fails. I'd do some extra internet troubleshooting before going crazy on DNS.

 

[keakar]

You're probably seeing the limitations of your internet connection more so than the limitations of the DNS servers themselves by doing so many queries. 250 is more than sufficient.

ahh ok, so im getting false readings and maybe im being throttled by my dns and that's why the numbers drop so much lower? that makes sense

so it might be best to switch over to something like the open dns and then rerun the test to get more accurate results?

 

[Daemmon]

ahh ok, so im getting false readings and maybe im being throttled by my dns and that's why the numbers drop so much lower? that makes sense

so it might be best to switch over to something like the open dns and then rerun the test to get more accurate results?

There is no such thing as "DNS throttling". Queries aren't send on every single packet, once it's done it's cached for a while by the OS. Also, no packets pass thru the DNS, so it can't throttle your connection.