Public DNSes - risk? good idea?

[stevech]

My own ISP's (TWC) DNSes are not good, to understate. Often out of date, slow, etc.

I used OpenDNS for a while but stopped because they want a subscription, they sent too much well intended unwanted email, etc. And the latency to their servers is rather high.

So knowing no better, I tend to use 4.2.2.2 and 8.8.8.8. These seem to be primary DNSes. Ping to 4.2.2.2 is 9mSec and 8.8.8.8 is 36mSec. I know that they may send ping/ICMP to a different host than DNS requests, but it does seem to be an indicator.

Any comments? Better or more prudent public DNSes?

 

[GregN]

My own ISP's (TWC) DNSes are not good, to understate. Often out of date, slow, etc.

I used OpenDNS for a while but stopped because they want a subscription, they sent too much well intended unwanted email, etc. And the latency to their servers is rather high.

So knowing no better, I tend to use 4.2.2.2 and 8.8.8.8. These seem to be primary DNSes. Ping to 4.2.2.2 is 9mSec and 8.8.8.8 is 36mSec. I know that they may send ping/ICMP to a different host than DNS requests, but it does seem to be an indicator.

Any comments? Better or more prudent public DNSes?

I use google's public DNS, without issue. I trust google more than I trust my ISP.

8.8.8.8 and 8.8.6.6 ( can't do much better on time 25ms )

I also use it for net failover check, a heartbeat - if it is there I have a connection.

Beware, some ISPs ( Cox in my case, not Qwest ) hijack DNS requests and will fulfill them themselves. This has been know to cause Snort to burb.

You can check with local Universities, they often provide them to students, even outside their provisioning. I used to use GW, which was lickety split (back when I was local and all) and highly reliable.

 

[stevech]

I don't think TWC hi-jacks my DNS requests because many times the TWC DNS was missing a record or had a week-old obsolete one. Or their DNS was just down. When I change to 4.2.2.2 (fastest for me, at 9mSec), it worked again.

My employer and WebSense control my PC's DNS (and more) at work or when VPN'd in.

My CradlePoint router here at home does a ping to 4.2.2.2 every few minutes and if that fails several times, it fails-over to the router's USB port Verizon modem - if it's plugged in. This is in the router's firmware.

 

[jdabbs]

The DNS server is one method of being directed to the appropriate CDN. If you find yourself having problems with a particular media site I'd add "changing your DNS servers back to your local ISP's" to your troubleshooting process. I have also been a TW subscriber, and did not regret my choice to take potentially bad (public DNS) over consistently bad (whatever DHCP served up).

 

[thiggins]

I used OpenDNS for a while but stopped because they want a subscription,

Did OpenDNS require a subscription? I didn't think they did.

 

[Chain_Reaction]

Did OpenDNS require a subscription? I didn't think they did.

The "Basic" service is still free but they require users signup for an account now. I stopped using OPENDNS a few years ago when they started to get slow. I still get emails from them.

I personally use Google's DNS service on my laptop. It's 10x faster than my ISP's, and alleviates being at the mercy of somone elses DNS server when I am out and about. Like for example it's nice to have it when I am at my local library because some of the local kids like to redirect commonly used things like hotmail, google, ect to some interesting alternative sites. Or at work when I want to bypass their content filters.

 

[thiggins]

Thanks for the info. Signing up for a free account isn't too bad a tradeoff if the service is useful.

I wonder what Google is harvesting out of all those DNS queries....

Answered my own question.