https

Alternative DNS Nameservers
A simple change could make a world of difference.

Alternative DNS Nameservers?

The DNS Benchmark measures the performance of a wide variety of possible alternative DNS nameservers so that you can develop a good sense for the performance of your system's current nameservers in comparison to what's available from alternative providers. Some of the resolvers the Benchmark tests are obscure and might not be available to everyone. They were included on the off chance that one or two of them might be faster than other commercial or well-known public alternatives. And, of course, the use of the DNS Benchmark's Custom List building facility will uncover DNS resolvers run by respectable organizations as well as some living under nearby rocks. Use your best judgement based upon their names and apparent ownership.

THIS page briefly describes what's known of the commercial and widely-used public alternative DNS resolvers the Benchmark includes in its default built-in list.

The following table is a quick reference to the IP addresses and behavior of the major popular public services and providers. If you know of any we have omitted, or if things change so that this information is incorrect, please drop us a line by using the DNS Feedback page in this region of the site so that we can maintain this page's accuracy. Thank you!

Summary of Popular Public Alternative DNS Resolvers:
  More Info Primary NS IP Secondary NS IP Redirects Configurable
Google: Web Link 8.8.8.8 8.8.4.4 No No
Level3: -none- 4.2.2.(1-6) 4.2.2.(1-6) No No
OpenDNS: Web Link 208.67.222.222 208.67.220.220 YES1,2,3 Yes/Free
Sunbelt: Web Link 74.118.212.1 74.118.212.2 YES2 No
Symantec: Web Link 198.153.192.1 198.153.194.1 YES2 No
UltraDNS: Web Link 156.154.70.1 156.154.71.1 YES1 No
Verio / NTT: -none- 129.250.35.250 129.250.35.251 No No
1: Marketing-driven typo interception   2: Mal-Domain protection   3: Parental content filtering

Redirects: DNS Redirection can be of three types, shown by the superscripted numbers in the redirects column, and called-out just below the table:

  1. Marketing-driven typo interception:
    Several providers attempt to sell this as a benefit of using their service, but most users would prefer to simply receive an error. (And this sort of redirection infuriates “old school” internet gurus who consider it a breach of the proper operation of the Internet's DNS system.) When a DNS lookup is received for a nonexistent, typically misspelled, domain, instead of returning the DNS error stating that the domain name is invalid, these “marketized” resolvers will instead return the IP of the DNS provider's own “intercept page” to offer helpful assistance.
  2. Mal-Domain protection:
    Since a major source of Internet danger arises from innocent users visiting malicious Internet web sites, a clever and truly useful means for adding value to DNS services is to intercept known malicious domains by not returning their registered IP address. If the user's eMail links and Internet browser cannot retrieve the IP address of a malicious site, it can't be infected or compromised by such sites.
  3. Parental content filtering:
    In a variation on the idea of preventing inadvertent visitation to malicious web sites, parents might wish to limit the exposure of their children to sites containing content they consider inappropriate for their younger children. DNS providers can therefore use the DNS system to prevent both mistaken or deliberate attempted access to such inappropriate Internet content.

Configurable: The “Configurable” column indicates whether the DNS provider's default redirection can be overridden by creating some form of “account” with the provider. Even though the OpenDNS provider, for example, is doing everything it can to “up sell” its users to a paid account, even their completely free account can be instructed not to redirect to an interception page  . . . which is, I think, very nice for a free service.

Google

As if Google didn't already have enough going on by 2010, they decided to get into the DNS business.

If you read their Introduction to Google Public DNS page, they have at least convinced themselves that they have something to offer the world. They also have some good things to say about the very important issue of the Security of their DNS servers. Therefore, all things considered, our advice would be that if their resolvers at [8.8.8.8] and [8.8.4.4] are well placed for you by the DNS Benchmark, Google's solution would likely be worth a try.

Level3

Level3 is a major national “Tier 1” Internet carrier. “Tier 1” means that they are at the top of the Internet provider hierarchy, providing a significant piece of the Internet's national "backbone" and that other smaller providers purchase "Internet transit" bandwidth from them. In fact, we're proud to say that Level3 is GRC's corporate Internet service provider. Tier 1 providers form “peering agreements” with each other so that any of their customers are able to interact with the customers of any other Tier 1 provider.

Independent of our own very positive experience with Level3, the six (6) publicly accessible DNS resolvers operated and owned by Level3 — with IP addresses [4.2.2.1] through [4.2.2.6] — are well known, venerable and long standing favorites among those who have been on the Internet from its dawn. In fact, this range of IP addresses has been passed around so much that it's probably safe to say that more people use Level3 as their alternative DNS provider than anyone else.

Also, Level3 has never played any games with DNS, and it's impossible to imagine that they ever would. By “games” we mean that DNS would never become a “profit center” for them which they would attempt to monetize with marketing and advertising as companies such as OpenDNS, Symantec, UltraDNS, and a distressing number of small ISPs are doing.

But having said that, since my network in my home/office is not on Level3's bandwidth, our DNS Benchmark ranks the fastest of the Level3 nameservers 24th from the top! So, for me at least, the Level3 nameservers are not nearly the fastest available alternatives. I do know, though, that for many others they are the fastest available. So if you're fortunate to find that their resolvers are fast for you, and if you can live without any “value added” by the fancier DNS providers, Level3 could never be a bad choice.

OpenDNS

OpenDNS is the foremost premiere provider of third-party DNS services. They actively WANT to be your DNS provider, and they jump through hoops to get your DNS query traffic. To get a sense for the range and scope of their offerings, check out their Guide to Features page.

One of the things I appreciate about them is that even though their default configuration is to redirect invalid queries to their own intercept page, that possibly annoying behavior can be disabled by creating a free account. Also, at the time of this writing, they are the ONLY DNS provider to provide some optional protection from DNS rebinding attacks. Everyone should, but only OpenDNS does.

Sunbelt Software - ClearCloud

Sunbelt Software is an Internet security-oriented company located in Florida. They produce a wide range of well-regarded software products and they have decided to jump into the “protection by filtering DNS” business. At the time of this writing their ClearCloud offering is new and currently in functional pre-release status. If the DNS Benchmark finds that their resolvers are speedy for you, they'd definitely be worth considering.

Symantec / Norton
Symantec has also decided to get into the “DNS filtering for security” business by creating a Norton-branded DNS service. There's not much more to say about it at this time other than that, from GRC's connection to the Internet, one of the Symantec/Norton DNS resolvers is incredibly fast.
UltraDNS

UltraDNS has been around for quite a while. They offer commercial, for-pay, DNS services though their resolvers don't appear to be particularly fast for anyone. They also redirect non-existent domains to their own commercial/marketing page. I've included them here for the sake of completeness.

Verio / NTT

Verio has been a major player in the Internet connectivity business for some time. (They were GRC's Internet connectivity provider and we were sorry that their business model changed to cause them to sell off their T1 business.) Verio's profile is most like Level3. They are not trying to monetize or commercialize DNS in any way. But their two resolvers are very fast for some people. If their resolvers are fast for you, you could switch to using either or both of their resolvers without concern. As with Level3, many people have done so.



GRC's DNS Nameserver Spoofability Testing Pages:
DNS Tests Usage Statistics:
 Standard   CustomCrashTest
Daily Usage:275224
Total Usage:91,8147429,597

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Nov 12, 2010 at 12:53 (1,254.73 days ago)Viewed 32 times per day