DNS server: public vs ISP

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Lee MacMillan

Regular Contributor
My guess is that this has been discussed but I couldn't find it. Probably my search term "dns server" wasn't specific enough. Via Google I can find articles saying do not use your ISP (Comcast in my case) DNS servers and articles that say just the opposite. I have been using primarily Google's servers (8.8.8.8) and occasionally OpenDNS or Comcast. I can't really any difference in performance. Almost all the major ones claim they don't use whatever data they collect for marketing purposes. I've run a couple DNS performance benchmark and the results are close enough to confirm why I can't tell any difference. So I'm curious about the collective wisdom here. As long as I stick with one of the major DNS providers (Comcast, Google, OpenDNS, Cloudfare), does it really matter whose DNS servers I use?
 

ColinTaylor

Part of the Furniture
Yes this has been discussed, endlessly. Unfortunately there's no right or wrong answer as each person has to make their own judgement call based on what they want to achieve.

Some people are fixated on privacy concerns; "My ISP is spying on me!", "Now Google is spying on me!", "Cloudfare are evil, Quad 9 are virtuous".

Other people obsess over how fast the servers answer queries (a fair point if a particular server is really slow or just plain unreliable).

People like RMerlin will point out that using your ISP's servers should help to direct you to the fastest responding CDN making services like Netflix work better.

And then there's the whole issue of dnsmasq vs. Unbound, DNSSEC, DoT, DoH, etc, etc, etc, etc, etc.

YMMV
 

OzarkEdge

Part of the Furniture
My guess is that this has been discussed but I couldn't find it. Probably my search term "dns server" wasn't specific enough. Via Google I can find articles saying do not use your ISP (Comcast in my case) DNS servers and articles that say just the opposite. I have been using primarily Google's servers (8.8.8.8) and occasionally OpenDNS or Comcast. I can't really any difference in performance. Almost all the major ones claim they don't use whatever data they collect for marketing purposes. I've run a couple DNS performance benchmark and the results are close enough to confirm why I can't tell any difference. So I'm curious about the collective wisdom here. As long as I stick with one of the major DNS providers (Comcast, Google, OpenDNS, Cloudfare), does it really matter whose DNS servers I use?

They all work, but don't use Quad9... it's just for me. :)

OE
 

Lee MacMillan

Regular Contributor
Yes this has been discussed, endlessly. Unfortunately there's no right or wrong answer as each person has to make their own judgement call based on what they want to achieve
Thanks. That's about what I expected. My browsing habits are pretty mundane so if anyone was spying on me they'd get bored pretty quickly!
 

bluzfanmr1

Senior Member
My guess is that this has been discussed but I couldn't find it. Probably my search term "dns server" wasn't specific enough. Via Google I can find articles saying do not use your ISP (Comcast in my case) DNS servers and articles that say just the opposite. I have been using primarily Google's servers (8.8.8.8) and occasionally OpenDNS or Comcast. I can't really any difference in performance. Almost all the major ones claim they don't use whatever data they collect for marketing purposes. I've run a couple DNS performance benchmark and the results are close enough to confirm why I can't tell any difference. So I'm curious about the collective wisdom here. As long as I stick with one of the major DNS providers (Comcast, Google, OpenDNS, Cloudfare), does it really matter whose DNS servers I use?

In my case, I live in a spot where testing shows all the dns servers are a good distance away, including my ISP. Latency is always higher than I want it to be so I use unbound. That means my router becomes the main dns server. It now connects to the root domain servers as needed and caches the replies. This results in faster answers for anything on my network because they do not need to get the answers from a far away server any more.
 

ColinTaylor

Part of the Furniture
In my case, I live in a spot where testing shows all the dns servers are a good distance away, including my ISP. Latency is always higher than I want it to be so I use unbound. That means my router becomes the main dns server. It now connects to the root domain servers as needed and caches the replies. This results in faster answers for anything on my network because they do not need to get the answers from a far away server any more.
That's a good point to remember. We're only talking about what DNS servers the router itself will connect to. All local clients should be using the router as their DNS server. So regardless of whether the router is using dnsmasq or unbound most DNS queries will be answered from the local cache without having to go out to the internet.
 

daveforever

New Around Here
I would never use ISP DNS servers in a commercial setting. For a domain environment the local Windows server would usually serve client DNS and then look up to a recursive DNS resolver e.g. Cisco Umbrella or Google for external domains.

In a home environment, you may wish to use a local router to proxy DNS requests and in turn then look up to an external choice of your choosing, not your ISPs.

Note that anycast DNS means that the larger DNS providers will automatically respond to requests from the nearest point of presence, anyway. So the idea that the ISP somehow decides this better for you is fictional.

There is a very useful tool here that will benchmark DNS providers and help you find the best latency provider for your region:

GRC's | DNS Nameserver Performance Benchmark

Now, where things do get a bit more complicated if you consider DNS to be as much a security layer as important for browsing the internet. If you don't - you probably should - because 80% of threats use DNS at some point of the kill chain.

In this case, you would be pointing your DNS to whichever provider is hosting your DNS filtering/security service. The most consumer-ready solution for this that I am aware of is OpenDNS.

So yeah, funds permitting sign up to Open DNS - set your router to look to Open DNS for DNS resolution - set your client devices under DHCP to use your router as a proxy - and never use an ISP DNS server again.

Edit: If DNS caching is important to you, and you don't like Ads, consider PiHole. PiHole for local DNS then forwarding external requests to OpenDNS = winmode.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top