DNS (the Domain Name System) is the service that maps domain names to IP addresses. Computers don’t understand host names or website addresses, they only understand IP addresses, which unfortunately humans have a bit of a hard time remembering and connecting to specific websites. It’s like trying to dial your home phone by typing the word “home” on your phone, it just doesn’t work like that. You need to know a phone number before dialing it. That’s where DNS comes in, basically a phone book for websites, only instead of the phone number, you would find an IP address.
Like any service, you will notice there are several choices when it comes to phone books. You have your Yellow and White pages and local publications alike. Same goes for DNS services. They are provided by different companies and don’t necessarily contain the same information or routing habits.
If you are not familiar with DNS and what it does, we recommend this introduction to DNS tutorial by Eli the Computer Guy which should help shed some light on the matter. You can also find a more detailed list of DNS services if you are interested in alternatives to the ones we present in this article.
Your ISP sets you up with their own DNS server(s) in order to handle most requests and they generally do a decent job. However, the problem with DNS requests is that they are not secure (travel the Internet in plain-text), thefeore DNS hijacking for censorship or blocking purposes is common in several countries. It is also common for ISPs to keep logs of DNS requests, meaning that they are essentially archiving your browsing history.
Some public DNS services provide some extras, such as ad-blocking, malware sites blocking, tracking blocking at the DNS level. Even if you use an antivirus and anti-malware software, DNS blocking acts as an extra protection layer and it stops malicious sites before they are even loaded onto your device.
Another interesting feature that may be useful to some users, is the categories filtering that can be enabled with some DNS services for the purpose of parental control or limiting web site resources on a PC to specific business usage only.
Stability and Speed
The three services we have included in this section are OpenDNS, GoogleDNS and Level3DNS, because they have similar features and their performance is about the same. Keep in mind that these DNS services do not use encryption and the main difference between them and your ISP regulated DNS is that your ISP has your personal information available and could engage into mass-censorship as it is already the case in several countries.
OpenDNS ( 188.8.131.52 and 184.108.40.206)
OpenDNS also known as the Cisco Umbrella, is a widely used DNS service with some great features such as the ability to filter content via a multitude of parameters including but not limited to adult content and identity theft protection. You can read more about their different plans here as they also offer a premium package.
Today however we are discussing the free service that OpenDNS provides since the difference is only the amount of time that data is collected for and the exclusion feature intended to establish a “locked-down” environment as they call it. We feel that the customizable filtering feature is probably one of the more attractive ones as it allows you to filter content based on your needs. Other services usually focus on adult content or a generic niche, but there are cases where the possibility to customize the type of filtering can be a game-changer.
GoogleDNS (220.127.116.11 and 18.104.22.168)
Google Public DNS is quite popular, and this will probably increase as the giant Google expands in coverage. While fast and very well supported, we feel that the DNS service has a pretty big down-side which is data collection. It’s a well known fact that Google makes a living from ads and from collecting data which is then used to return relevant results to specific queries. While this is not necessarily a major security breach due to the fact that GoogleDNS does not have access to your personal information, keep in mind that we are still dealing with data collection that can lead to sensitive information being disclosed.
You can find the guides to setting up GoogleDNS here. On the same website, you will have documentation available regarding more in-depth explanations of services and features in case you are interested.
Level3DNS (22.214.171.124 and 126.96.36.199)
Level3DNS offers a wide variety of products meant to suit different industries and needs. The most important thing to remember about them is that they are one of the biggest Internet carriers, meaning that a large part of Internet traffic go through them. They also offer a free DNS service which works well and keeps your content relevant.
Since Level3 is such a huge player in the telecom business, with presence all over the world, it’s expected of them to have a reliable service and to keep things running smoothly. They offer the service simply because of their ability to do so, and they do not charge for the DNS service that helps millions of queries go through every hour.
As with the previously mentioned DNS servers, please keep in mind that they do log queries, but they are one of the most reliable services out there which is what makes them perfect for the “Stability and Speed” category.
For the privacy focused services we looked to the DNS services that do not log queries and that offer some sort of additional protection such as ad blocking, malware blocking.
DNS.Watch (188.8.131.52 and 184.108.40.206)
DNS.Watch is a public DNS service, known for their no logging policy. They provide both IPV4 and IPv6 public DNS servers and have support for DNSSEC (note that DNSSEC doesn’t mean “encrypted DNS” – it is still in clear-text). The disadvantage we see with dns.watch is related to speed and reliability, since it is hosted in Germany so there will be a high latency if you use it on other continents than Europe (for example, over 100ms latency from USA).
DNSCrypt features support for encrypted DNS queries but it will work with their software only, so it doesn’t work out of the box by setting up the DNS servers on your devices. All other DNS services we presented so far do not require you to install anything your computer, only to configure your network connection with the appropriate parameters. When it comes to DNSCrypt however, things are a bit different and we will explain why.
DNSCrypt actually encrypts the DNS queries you make as opposed to leaving them plain clear text easy to intercept like other DNS services do. Apart from the major operating systems, they also support implementation directly into the router and you can find the guides here, right on the main page.
A very interesting feature worth mentioning is that you have the possibility to run your own DNS server which might be an interesting project for some. If this is something you are interested in, don’t forget to check out their website, after all it’s free.
Comodo Secure DNS (220.127.116.11 and 18.104.22.168)
Comodo Secure DNS offers quite a few paid services, but their DNS service is free to use and recommended to anyone, especially those who are interested in a more reliable, faster, and safer Internet experience (in their own words). It’s true, your Internet experience can be a lot safer and will definitely be more relevant once you opt for a different DNS service.
Keep in mind that different services offer different features, and while our review is not done in any particular order, the perfect DNS service will vary from user to user depending on actual needs.
OpenNIC is a bit different in that it offers specific DNS servers depending on your region. The other DNS services present gave you one universal address that would resolve in different servers around the world based on your location. With OpenNIC you receive a different DNS server for different locations around the world, all of them provided by volunteers. You can find the full list of servers with an updated status here.
There is a variety of information available on each server. Apart from letting you know if the service is up or down, there is information on the encryption type (if any) of the server and whether information is logged or not. It’s a bit different from the other DNS services we covered previously, but we found that the performance is great and if the security level of the resolver meets your standards, we recommend giving it a try.
In conclusion, it’s very important to know what type of DNS service you need. It’s not a matter of people that are more focused on security than others, but rather based on the need for certain features. As mentioned before, the DNS services that your ISP provides is most likely not the most trustworthy. There have been cases in countries such as Ukraine or Turkey when uprisings and social events were completely blocked from reaching the queries due to the DNS hijacking the governments instated. Blocking of piracy and porn sites through DNS is also a common practice in several countries.
We’re not necessarily implying that it’s mandatory to change your DNS service, but we see no real reason why you shouldn’t, especially with all the available free alternatives out there.