Jump to content
mvbmac

What is the impact of DNS Servers chosen (Wireless)?

Recommended Posts

I was just reading an article in lifehacker about improving security by using 1.1.1.1 (Cloudflare) and 8.8.8.8 (Google) DNS Servers, and removing any other server listed.  The article also says this probably will have the side effect of making connections slightly faster?  Does anybody agree or disagree with this?  My network preferences also have ipv4 and 6 addresses for TCP/IP that are different from the Cloudflare and Google server addresses, but the article didn't say to change them.

Share this post


Link to post
Share on other sites

I always use Google's.  8.8.8.8 and 8.8.4.4

 

It's not going to make your connection faster.  What can will do it make your DNS lookup faster and more reliable.  Google's DNS also updates quickly to any changes that webmasters out there make.

 

DNS is the lookup of the domain name, which then points it to the IP of the server.  The speed between the server and you has nothing to do with DNS.

 

When you route your DNS through anyone, keep in mind that they could spy on you with that.

 

Read Google's Public DNS Privacy - https://developers.google.com/speed/public-dns/privacy

 

But look at this.  https://1.1.1.1/

 

Cloudflare Promises Privacyhttps://www.cloudflare.com/privacypolicy/

 

Screen Shot 2018-10-08 at 12.21.19 PM.png

 

I might just have to start using cloudflare for my DNS.  Doesn't stop your ISP from gathering your web history since DNS isn't encrypted.  But it's good to know there's another option for fast, secure DNS; one that's audited yearly... by one of the Big Four auditors (also see KPMG wiki).

 

Let's test them both, first with ping.

 

CA3LE$ ping 8.8.8.8 -c10
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=121 time=8.678 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=121 time=9.347 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=121 time=9.599 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=121 time=9.768 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=121 time=9.080 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=121 time=9.579 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=121 time=9.694 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=121 time=8.868 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=121 time=9.903 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=121 time=8.937 ms

--- 8.8.8.8 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 8.678/9.345/9.903/0.405 ms
CA3LE$ 

CA3LE$ ping 8.8.4.4 -c10
PING 8.8.4.4 (8.8.4.4): 56 data bytes
64 bytes from 8.8.4.4: icmp_seq=0 ttl=120 time=9.579 ms
64 bytes from 8.8.4.4: icmp_seq=1 ttl=120 time=9.260 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=120 time=8.994 ms
64 bytes from 8.8.4.4: icmp_seq=3 ttl=120 time=8.962 ms
64 bytes from 8.8.4.4: icmp_seq=4 ttl=120 time=9.750 ms
64 bytes from 8.8.4.4: icmp_seq=5 ttl=120 time=9.780 ms
64 bytes from 8.8.4.4: icmp_seq=6 ttl=120 time=8.946 ms
64 bytes from 8.8.4.4: icmp_seq=7 ttl=120 time=9.475 ms
64 bytes from 8.8.4.4: icmp_seq=8 ttl=120 time=11.032 ms
64 bytes from 8.8.4.4: icmp_seq=9 ttl=120 time=8.900 ms

--- 8.8.4.4 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 8.900/9.468/11.032/0.613 ms
CA3LE$ 

CA3LE$ ping 1.1.1.1 -c10
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=57 time=8.962 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=57 time=8.786 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=57 time=9.236 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=57 time=9.170 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=57 time=8.724 ms
64 bytes from 1.1.1.1: icmp_seq=5 ttl=57 time=8.977 ms
64 bytes from 1.1.1.1: icmp_seq=6 ttl=57 time=8.925 ms
64 bytes from 1.1.1.1: icmp_seq=7 ttl=57 time=8.622 ms
64 bytes from 1.1.1.1: icmp_seq=8 ttl=57 time=9.339 ms
64 bytes from 1.1.1.1: icmp_seq=9 ttl=57 time=9.031 ms

--- 1.1.1.1 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 8.622/8.977/9.339/0.216 ms
CA3LE$ 

 

So Google averaged 9.5 ms, Cloudflare was slightly faster at 9 ms.

 

I compared the DNS queries and cloudflare was faster responding overall.  Would you notice a difference?  We're talking 18ms vs 27ms.  Probably not.

 

connected to cloudflare 1.1.1.1 & 1.0.0.1 DNS

testmy.net avg 0.0183s
google avg 0.0177s
yahoo avg 0.0173s

overall avg 0.01777s (17.77 ms)

CA3LE$ time nslookup testmy.net
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	testmy.net
Address: 104.28.23.102
Name:	testmy.net
Address: 104.28.22.102


real	0m0.020s
user	0m0.002s
sys	0m0.004s
CA3LE$ time nslookup testmy.net
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	testmy.net
Address: 104.28.23.102
Name:	testmy.net
Address: 104.28.22.102


real	0m0.018s
user	0m0.002s
sys	0m0.003s
CA3LE$ time nslookup testmy.net
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	testmy.net
Address: 104.28.22.102
Name:	testmy.net
Address: 104.28.23.102


real	0m0.017s
user	0m0.001s
sys	0m0.003s

testmy.net avg 0.0183s

CA3LE$ time nslookup google.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.12.14


real	0m0.018s
user	0m0.002s
sys	0m0.003s
CA3LE$ time nslookup google.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.12.14


real	0m0.018s
user	0m0.001s
sys	0m0.003s
CA3LE$ time nslookup google.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.12.14

real	0m0.017s
user	0m0.001s
sys	0m0.003s

google avg 0.0177

CA3LE$ time nslookup yahoo.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	yahoo.com
Address: 98.138.219.232
Name:	yahoo.com
Address: 72.30.35.9
Name:	yahoo.com
Address: 72.30.35.10
Name:	yahoo.com
Address: 98.137.246.7
Name:	yahoo.com
Address: 98.137.246.8
Name:	yahoo.com
Address: 98.138.219.231


real	0m0.017s
user	0m0.001s
sys	0m0.003s
CA3LE$ time nslookup yahoo.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	yahoo.com
Address: 98.137.246.8
Name:	yahoo.com
Address: 98.138.219.231
Name:	yahoo.com
Address: 98.138.219.232
Name:	yahoo.com
Address: 72.30.35.9
Name:	yahoo.com
Address: 72.30.35.10
Name:	yahoo.com
Address: 98.137.246.7


real	0m0.018s
user	0m0.001s
sys	0m0.003s
CA3LE$ time nslookup yahoo.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	yahoo.com
Address: 98.137.246.7
Name:	yahoo.com
Address: 98.137.246.8
Name:	yahoo.com
Address: 98.138.219.231
Name:	yahoo.com
Address: 98.138.219.232
Name:	yahoo.com
Address: 72.30.35.9
Name:	yahoo.com
Address: 72.30.35.10


real	0m0.017s
user	0m0.001s
sys	0m0.003s

yahoo avg 0.0173

CA3LE$ 

----------------------------------------------

connected to Google 8.8.8.8 & 8.8.4.4 DNS

testmy.net avg 0.036
google avg 0.0247
yahoo avg 0.0197

overall avg 0.0268s - (26.8 ms)

CA3LE$ time nslookup testmy.net
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	testmy.net
Address: 104.28.22.102
Name:	testmy.net
Address: 104.28.23.102


real	0m0.040s
user	0m0.001s
sys	0m0.003s
CA3LE$ time nslookup testmy.net
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	testmy.net
Address: 104.28.23.102
Name:	testmy.net
Address: 104.28.22.102


real	0m0.040s
user	0m0.001s
sys	0m0.003s
CA3LE$ time nslookup testmy.net
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	testmy.net
Address: 104.28.22.102
Name:	testmy.net
Address: 104.28.23.102


real	0m0.028s
user	0m0.001s
sys	0m0.003s

testmy.net avg 0.036

CA3LE$ time nslookup google.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.12.14


real	0m0.028s
user	0m0.001s
sys	0m0.003s
CA3LE$ time nslookup google.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.12.14


real	0m0.028s
user	0m0.001s
sys	0m0.003s
CA3LE$ time nslookup google.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.11.238


real	0m0.018s
user	0m0.002s
sys	0m0.003s

google avg 0.0247

CA3LE$ time nslookup yahoo.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	yahoo.com
Address: 98.137.246.7
Name:	yahoo.com
Address: 98.137.246.8
Name:	yahoo.com
Address: 98.138.219.231
Name:	yahoo.com
Address: 98.138.219.232
Name:	yahoo.com
Address: 72.30.35.10
Name:	yahoo.com
Address: 72.30.35.9


real	0m0.017s
user	0m0.001s
sys	0m0.003s
CA3LE$ time nslookup yahoo.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	yahoo.com
Address: 72.30.35.9
Name:	yahoo.com
Address: 98.137.246.8
Name:	yahoo.com
Address: 72.30.35.10
Name:	yahoo.com
Address: 98.137.246.7
Name:	yahoo.com
Address: 98.138.219.231
Name:	yahoo.com
Address: 98.138.219.232


real	0m0.020s
user	0m0.002s
sys	0m0.003s
CA3LE$ time nslookup yahoo.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	yahoo.com
Address: 98.138.219.231
Name:	yahoo.com
Address: 98.138.219.232
Name:	yahoo.com
Address: 98.137.246.8
Name:	yahoo.com
Address: 72.30.35.10
Name:	yahoo.com
Address: 72.30.35.9
Name:	yahoo.com
Address: 98.137.246.7


real	0m0.022s
user	0m0.002s
sys	0m0.003s

yahoo avg 0.0197

CA3LE$ 

 

Share this post


Link to post
Share on other sites

By the way, if you change your DNS settings on your router (instead of the device itself) it will populate to all of your devices.  Just make sure the devices are defaulting to the router IP for DNS.

Share this post


Link to post
Share on other sites

I use unbound and a resolver on each internal network I manage, which checks validity , DNSSEC, and caches it for it's TTL (with set limits), and as @CA3LE stated, point each workstation/ to said resolver.  Where the resolver walks down the roots asking authoritative servers until it finds the NS for the lookup, then caches then for future use, accourding to TTL.

 

Caching queries locally speeds things up significantly. This is why I choose to do it locally, now this only speeds up lookups, not surfing as CA3LE stated. Yet the local  local cache is only populated once a lookup occurs.

 

Cloudflare is acting as a cache, just as google is

 

Been testing quad9 or 9.9.9.9 for a while now on systems that do not use a resolver but a forwarder.

 

Example from a workstation:

$ dig @testmy.net

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> @testmy.net
; (4 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33696
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.				IN	NS

;; ANSWER SECTION:
.			86020	IN	NS	a.root-servers.net.
.			86020	IN	NS	d.root-servers.net.
.			86020	IN	NS	b.root-servers.net.
.			86020	IN	NS	m.root-servers.net.
.			86020	IN	NS	c.root-servers.net.
.			86020	IN	NS	g.root-servers.net.
.			86020	IN	NS	h.root-servers.net.
.			86020	IN	NS	k.root-servers.net.
.			86020	IN	NS	i.root-servers.net.
.			86020	IN	NS	e.root-servers.net.
.			86020	IN	NS	j.root-servers.net.
.			86020	IN	NS	f.root-servers.net.
.			86020	IN	NS	l.root-servers.net.

;; Query time: 1 msec
;; SERVER: 104.28.23.102#53(104.28.23.102)
;; WHEN: Tue Oct 09 06:46:41 EDT 2018
;; MSG SIZE  rcvd: 239

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
Speed Test Version 15.9
© 2018 TestMy Net LLC - TestMy.net - Terms & Privacy