Best (secure, fast,..) DNS?

metropole · Feb 20, 2016

I ma setting up my new ZyXEL UTM. I thought it would be a good time to review the DNS source. I believe so far I used my Comcast DNS. I using Comcast generally a good idea?

What is generally viewed as a fast and secure DNS?

bds1904 · Feb 20, 2016

I prefer opendns. Good availability and reliable results. I had some trouble with Google DNS a couple times. Returning incorrect results and a few times they thought something was odd on my network. I actually tunnel all my DNS back to 2 independent sites (9 user sites total) and Google in their infinant wisdom was making users go through a bot check from time to time.

Lag · Feb 21, 2016

I would recommend running "namebench". It will run a check from your connection, and compare your current DNS configuration against a significant number of available DNS server options, providing you with a comparison (benchmark results). From the results of a benchmark, you can select a few DNS servers based on your preferred criteria such as latency, performance, diversity and so on.

'namebench' is available via the Ubuntu repository, and probably others as well. I've included a link to the project below. I have no doubt a Windows version is available in some form.
GitHub - google/namebench: namebench

rma · Feb 21, 2016

Runing with OpenDNS and Google DNS, currently my DNS server at home uses Google DNS with DNSSEC enabled.

Shockey · Feb 21, 2016

dnsbenchmark will tell you the fastest DNS for your network/location

PigLover · Feb 21, 2016

Just run your own resolver on the UTM, go direct to the roots and cache. Look at Unbound. pfsense is shipping configured this way for new installs since 2.2 and it works a lot better than relying on intermediate cahces like Google.

Red Squirrel · Feb 22, 2016

I just use the root servers. Any reason why I shouldn't? (privacy reasons, security, or anything like that?). I run my own local DNS so I can assign custom entries for my local servers so I just have it set to forward other requests to the root servers (default functionality I believe).

TCM2 · Feb 22, 2016

Red Squirrel said:
I just use the root servers. Any reason why I shouldn't? (privacy reasons, security, or anything like that?). I run my own local DNS so I can assign custom entries for my local servers so I just have it set to forward other requests to the root servers (default functionality I believe).

I doubt you forward recursive requests to the root servers (Edit: because they wouldn't answer them). What you probably mean is simply "doing DNS recursion yourself", which involves hitting the root servers from time to time. And yes, this is the best and preferred method when done with DNSSEC.

rma said:
Runing with OpenDNS and Google DNS, currently my DNS server at home uses Google DNS with DNSSEC enabled.

BTW, DNSSEC only makes sense if you can verify the path between your clients and the resolver doing DNSSEC. Google DNS doing DNSSEC is basically useless for its intended purpose.

Boost75 · Feb 23, 2016

Another vote for namebench, but for security OpenDNS is pretty hard to beat.

ThreeDee · Feb 23, 2016

OpenDNS .. though not the fastest for me, are fast enough and add another layer of protection to my network

Best (secure, fast,..) DNS?

metropole

Limp Gawd

bds1904

Gawd

Lag

n00b

rma

Limp Gawd

Shockey

2[H]4U

PigLover

[H]ard|Gawd

Red Squirrel

[H]F Junkie

TCM2

Gawd

Boost75

n00b

ThreeDee

[H]F Junkie