More often than not, after I’ve seen individuals swap DNS servers, they’re in search of a velocity increase. I additionally wished to go for velocity. Nonetheless, after benchmarking my choices — Google Public DNS (8.8.8.8), Cloudflare (1.1.1.1), OpenDNS (208.67.222.222), and Quad9 (9.9.9.9) — velocity turned much less important and fewer attention-grabbing in my findings.
I used to be testing for efficiency, privateness, and safety, and it turned evident that, opposite to what I’ve at all times thought, these DNS server choices aren’t interchangeable.
The benchmark outcomes
The quickest DNS right here wasn’t what I anticipated—and the numbers clarify why
I ran my benchmark utilizing DNS Benchmark, which measures cached lookups, uncached lookups, and dotcom lookups. These are velocity assessments that reveal effectivity, processing energy, connectivity, and consistency. This was what the check revealed:
DNS Supplier
Cached Avg (s)
Uncached Avg (s)
DotCom Avg (s)
Std. Dev (cached)
Reliability
Cloudflare (1.1.1.1)
0.007
0.059
0.045
0.002
100%
Google (8.8.8.8)
0.072
0.235
0.117
0.086
100%
OpenDNS (208.67.222.222)
0.085
0.135
0.112
0.002
100%
Quad9 (9.9.9.9)
0.113
0.259
0.117
0.002
100%
For velocity, Cloudflare was the plain winner, and an ordinary deviation of 0.002 proves that it seldom spikes. In cached lookups, Google lagged by about 10 occasions in cached response occasions. Google additionally exhibits noticeable unpredictability, with an ordinary deviation of 0.086. Though OpenDNS and Quad9 had been slower than Cloudflare, they confirmed excellent consistency. Not one of the 4 choices dropped queries, scoring completely for reliability.
The millisecond gaps could seem too insignificant to fret about. Nonetheless, there’s a broader context to contemplate: fashionable internet pages aren’t simply making a single DNS request. From advert networks and CDNs to fonts and analytics scripts, a single internet web page can contact between 30 and 80 separate domains, every triggering its personal DNS lookups. So the roughly 100ms hole between Cloudflare and Quad9 can compound shortly and turn into seen on the web page degree on resource-heavy pages.
In every day use, I did not discover any important change when switching between suppliers, as anticipated. A change would solely be apparent if the present DNS is basically sluggish. Nonetheless, consistency information is a big ingredient as a result of unpredictable spikes trigger slowdowns which might be exhausting to pinpoint.
Associated
I did not know my ISP may see each web site I go to till I checked this setting
Your ISP sees greater than you assume.
What every DNS supplier does together with your information
Privateness insurance policies look related till you learn the main points
Gavin Phillips / MakeUseOfCredit: Gavin Phillips / MakeUseOf
Your DNS resolver can see your searching conduct, and this makes it essential to know who runs the resolver and the way they use your information.
Supplier
IP tackle logging
Retention interval
Information sharing
Jurisdiction
Unbiased audit?
Google (8.8.8.8)
Sure, quickly
24–48 hours, then anonymized completely
Not shared externally (besides authorized requests)
US
No
Cloudflare (1.1.1.1)
No full IP saved
Anonymized; deleted inside 25 hours
Anonymized information shared with APNIC for analysis solely
US
Sure (KPMG yearly)
OpenDNS (208.67.222.222)
Sure
Retained whereas account is energetic; “as wanted” per Cisco coverage
Shared inside Cisco ecosystem
US
No (Cisco-wide inner audits solely)
Quad9 (9.9.9.9)
By no means logged
Not retained
Not shared
Switzerland
No
It is essential to grasp why the distinctions within the information above matter. Suppliers make guarantees of their privateness insurance policies, and audits reveal how they uphold their pledges. Nonetheless, actual accountability is proven when an unbiased auditor verifies dwell system configurations. Which means that of the 4 suppliers, three are hoping you are taking their phrase for it, and just one has opened itself up for third-party verification as proof.
Jurisdiction additionally performs a significant position. All suppliers headquartered within the US are topic to US authorized processes. Generally, this will compel information disclosure with out notifying the person. Quad9, based mostly in Switzerland, isn’t within the EU and isn’t topic to U.S. jurisdiction. Switzerland has one of many strictest federal information safety legal guidelines globally, which suggests Quad9 cannot be compelled to retain or hand over question information.
However does any of this virtually have an effect on you? Regular searching on a house community mustn’t pose any main threat from any of the 4 suppliers. While you’re organising DNS for a bigger deployment — similar to a complete family, a small workplace, or any community the place a number of customers’ searching runs by the identical resolver — it issues extra who holds that information, particularly the authorized framework beneath which they function.
Safety and filtering options
Three of those intercept threats earlier than your browser ever hundreds a web page
Pankil Shah / MakeUseOfCredit: Pankil Shah / MakeUseOf
DNS-level safety can block a malicious area throughout lookup — earlier than the machine connects, downloads something, or hundreds the web page. It is higher than browser extension safety, which protects solely what runs within the browser.
Right here is how these 4 choices stack up towards one another:
Supplier
Default malware blocking
Filtering choices
How blocking works
Google (8.8.8.8)
None
None
Impartial resolver (resolves all domains with out intervention)
Cloudflare (1.1.1.1)
None on default IP
Malware solely: 1.1.1.2 / Household-safe: 1.1.1.3
Separate IP addresses unlock progressively stricter filtering
OpenDNS (208.67.222.222)
Sure
80+ content material classes; configurable per community by way of account dashboard
Requires free account to customize; FamilyShield (208.67.222.123) works with out an account
Quad9 (9.9.9.9)
Sure, on by default
Safety solely (no content material filtering)
Feeds from 20+ unbiased risk intelligence companions; unfiltered model at 9.9.9.10
The variations proven within the desk replicate trade-offs you’ll expertise in real-world use. Extra filtering can sound like a greater possibility, however it might probably additionally exclude issues that ought to go, particularly if the area is newly registered. Google is impartial primarily as a result of there’s a price to false positives. Quad9 reduces the danger of false positives through the use of a number of respected scoring programs and blocking a website provided that it seems in a number of of those unbiased feeds.
Nonetheless, safety and content material filtering create a extra important distinction. Safety filtering actively blocks dangerous domains, whereas content material filtering blocks by class; solely Cloudflare and OpenDNS provide each varieties, with OpenDNS permitting customizable guidelines and Cloudflare offering fastened presets. This makes OpenDNS a greater possibility when you have to draw finer traces, and Cloudflare simpler for occasions when the presets suffice.
What I am really operating now
Cloudflare (1.1.1.1) is my main DNS. It is quick but additionally has independently audited privateness practices. I additionally use Quad9 (9.9.9.9) as my secondary DNS supplier if there’s a downside with Cloudflare, primarily as a result of it has built-in malware safety.
Not one of the choices is similar, and I like to recommend selecting one based mostly on what issues most to you. This is a information to one of the best match:
Precedence
Greatest match
Quickest response occasions
Cloudflare (1.1.1.1)
Privateness, independently verified
Cloudflare (1.1.1.1)
Privateness, legally protected
Quad9 (9.9.9.9)
Malware safety, no setup wanted
Quad9 (9.9.9.9)
Content material filtering and parental controls
OpenDNS (208.67.222.222)—or FamilyShield at 208.67.222.123
Most reliability, easy setup
Google (8.8.8.8)
In fact, I’ve explored 4 of the preferred choices right here, however there are different options like NextDNS, which I like due to the granular management.
OS
Home windows, Linux
Worth mannequin
Free
GRC’s DNS Nameserver Efficiency Benchmark is a specialised utility that concurrently analyzes the velocity, reliability, and safety of a number of DNS resolvers.
