Performance Results of Free Public DNS Services

I ran some tests today to optimize my Internet performance. I performed the test using DNSBench. In my test I included all the major Free public DNS services that provide SOME level of malicious host protection capabilities. Below are my results.

Please Note: Performance results may vary. This test was performed via a Comcast home broadband connection in Livermore, California. Location of requestor and server’s can contribute significantly to overall performance. All users should perform their own tests to select an appropriate provider.

Secure Free Public DNS Test Performance Graphic

secure-dns-test-04-09-2014

Performance Ranking by Provider and DNS Server

#1 – Norton ConnectSafe DNS
nameserver 199.85.127.10 (fastest DNS lookups in overall test)
nameserver 199.85.126.10 (4th place DNS lookups in overall test)

#2 – OpenDNS Home
nameserver 208.67.220.220 (2nd fastest DNS lookups in overall test)
nameserver 208.67.222.222 (3rd place DNS lookups in overall test)

#3 – Comodo Secure DNS
nameserver 8.26.56.26 (5th place DNS lookups in overall test)
nameserver 8.20.247.20 (6th place DNS lookups in overall test)
Below is a comprehensive report from the tool 

Final benchmark results, sorted by nameserver performance:
(average cached name retrieval speed, fastest to slowest)

199. 85.127. 10 | Min | Avg | Max |Std.Dev|Reliab%|
—————-+——-+——-+——-+——-+——-+
– Cached Name | 0.014 | 0.016 | 0.020 | 0.001 | 100.0 |
– Uncached Name | 0.017 | 0.086 | 0.254 | 0.070 | 100.0 |
– DotCom Lookup | 0.035 | 0.077 | 0.127 | 0.023 | 100.0 |
—<——–>—+——-+——-+——-+——-+——-+
··· no official Internet DNS name ···
ULTRADNS – NeuStar, Inc.,US
208. 67.220.220 | Min | Avg | Max |Std.Dev|Reliab%|
—————-+——-+——-+——-+——-+——-+
– Cached Name | 0.020 | 0.022 | 0.024 | 0.001 | 100.0 |
– Uncached Name | 0.021 | 0.146 | 0.590 | 0.136 | 100.0 |
– DotCom Lookup | 0.082 | 0.196 | 0.335 | 0.058 | 100.0 |
—<——–>—+——-+——-+——-+——-+——-+
resolver2.opendns.com
OPENDNS – OpenDNS, LLC,US
208. 67.222.222 | Min | Avg | Max |Std.Dev|Reliab%|
—————-+——-+——-+——-+——-+——-+
– Cached Name | 0.020 | 0.022 | 0.025 | 0.001 | 100.0 |
– Uncached Name | 0.021 | 0.152 | 0.518 | 0.139 | 100.0 |
– DotCom Lookup | 0.078 | 0.189 | 0.351 | 0.070 | 100.0 |
—<——–>—+——-+——-+——-+——-+——-+
resolver1.opendns.com
OPENDNS – OpenDNS, LLC,US
199. 85.126. 10 | Min | Avg | Max |Std.Dev|Reliab%|
—————-+——-+——-+——-+——-+——-+
– Cached Name | 0.030 | 0.032 | 0.037 | 0.001 | 100.0 |
– Uncached Name | 0.033 | 0.100 | 0.261 | 0.072 | 100.0 |
– DotCom Lookup | 0.061 | 0.105 | 0.159 | 0.022 | 100.0 |
—<——–>—+——-+——-+——-+——-+——-+
··· no official Internet DNS name ···
ULTRADNS – NeuStar, Inc.,US
8. 26. 56. 26 | Min | Avg | Max |Std.Dev|Reliab%|
—————-+——-+——-+——-+——-+——-+
– Cached Name | 0.032 | 0.058 | 0.246 | 0.053 | 100.0 |
– Uncached Name | 0.035 | 0.130 | 0.423 | 0.100 | 100.0 |
– DotCom Lookup | 0.035 | 0.094 | 0.132 | 0.036 | 100.0 |
—<——–>—+——-+——-+——-+——-+——-+
ns1.recursive.dns.com
ELVATE – Elvate.com, LLC,US
8. 20.247. 20 | Min | Avg | Max |Std.Dev|Reliab%|
—————-+——-+——-+——-+——-+——-+
– Cached Name | 0.032 | 0.066 | 0.253 | 0.054 | 100.0 |
– Uncached Name | 0.034 | 0.138 | 0.525 | 0.119 | 100.0 |
– DotCom Lookup | 0.034 | 0.099 | 0.130 | 0.031 | 100.0 |
—<——–>—+——-+——-+——-+——-+——-+
ns2.recursive.dns.com
ELVATE – Elvate.com, LLC,US
UTC: 2014-04-09, from 21:33:01 to 21:33:30, for 00:28.540

Interpreting your benchmark results above:

The following guide is only intended as a quick
“get you going” reference and reminder.

To obtain a working understanding of this program’s operation, and to familiarize yourself with its many features, please see the main DNS Benchmark web page by clicking on the “Goto DNS Page” button below.

Referring to this sample:

64. 81.159. 2 | Min | Avg | Max |Std.Dev|Reliab%
—————-+——-+——-+——-+——-+——-
– Cached Name | 0.001 | 0.001 | 0.001 | 0.000 | 100.0
– Uncached Name | 0.021 | 0.033 | 0.045 | 0.016 | 100.0
– DotCom Lookup | 0.021 | 0.022 | 0.022 | 0.001 | 100.0
—<O-OO—->—+——-+——-+——-+——-+——-
dns.chi1.speakeasy.net
Speakeasy

The Benchmark creates a table similar to the one above for each DNS resolver (nameserver) tested. The top line specifies the IP address of the nameserver for this table.

The first three numeric columns provide the minimum, average, and maximum query-response times in seconds. Note that these timings incorporate all network delays from the querying computer, across the Internet, to the nameserver, the nameserver’s own processing, and the return of the reply. Since the numbers contain three decimal digits of accuracy, the overall resolution of the timing is thousandths of a second, or milliseconds.

The fourth numeric column shows the “standard deviation” of the collected query-response times which is a common statistical measure of the spread of the values – a smaller standard deviation means more consistency and less spread.

The fifth and last numeric column shows the reliability of the tested nameserver’s replies to queries. Since lost, dropped, or ignored queries introduce a significant lookup delay (typically a full second or more each) a nameserver’s reliability is an important consideration.

The labels of the middle three lines are colored red, green, and blue to match their respective bars on the response time bar chart.

The “Cached Name” line presents the timings for queries that are answered from the server’s own local name cache without requiring it to forward the query to other name servers. Since the name caches of active public nameservers will always be full of the IPs of common domains, the vast majority of queries will be cached. Therefore, the Benchmark gives this timing the highest weight.

The “Uncached Name” line presents the timings for queries which could not be answered from the server’s local cache and required it to ask another name server for the data. Specifically, this measures the time required to resolve the IP addresses of the Internet’s 30 most popular web sites. The Benchmark gives this timing the second highest weight.

The “DotCom Lookup” line presents the timings for the resolution of dot com nameserver IP addresses. This differs from the Cached and Uncached tests above, since they measure the time required to determine a dot com’s IP, whereas the DotCom Lookup measures the time required to resolve the IP of a dot com’s nameserver, from which a dot com’s IP would then be resolved. This test presents a measure of how well the DNS server being tested is connected to the dot com nameservers.

The lower border of the table contains a set of eight indicators (O and -) representing non-routable networks whose IP addresses are actively blocked by the resolver to protect its users from DNS rebinding attacks: <O-OO—->. The “O” character indicates that blocking is occurring for the corresponding network, whereas the “-” character indicates that non-routable IP addresses are being resolved and rebinding protection is not present. The first four symbols represent the four IPv4 networks beginning with 10., 127., 172., and 192. respectively, and the second four symbols are the same networks but for IPv6.

The final two lines at the bottom of each chart duplicate the information from the Name and Owner tabs on the Nameserver page:

dns.chi1.speakeasy.net
Speakeasy

The first line displays the “Reverse DNS” name of the server, if any. (This is the name looked up by the nameserver’s IP address.) The second line displays the Ownership information, if any, of the network containing the nameserver

The final line of the automatically generated chart is a timestamp that shows the date and time of the start, completion, and total elapsed time of the benchmark:

UTC: 2009-07-15 from 16:41:50 to 16:44:59 for 03:08.703

All times are given in Universal Coordinated Time (UTC) which is equivalent to GMT. In the sample shown above, the entire benchmark required 3 minutes, 8.703 seconds to run to completion.

All, or a marked portion, of the Tabular Data results on this page may be copied to the Windows’ clipboard or saved to a file for safe keeping, sharing, or later comparison.
• • •




Facebooktwittergoogle_plusredditpinterestlinkedinmail