Does using OpenDNS or Google DNS affect anything about security or gaming speed?

networking dns internet opendns google-dns

93,173

Solution 1

DNS has no effect on ping whatsoever. It is nonsense. DNS provides name resolution services and that is it. Nothing more and nothing less.

Your internet connection does not go through the DNS server, nor would routing through it improve your speed as chances are you will be going through several other connections (potentially on the wrong side of the world) before heading back to where you wanted to go. This does not happen normally anyway.

What Google or OpenDNS might provide you is a slightly faster resolution of names to IP address and possibly some level of protection from known malware domain names.

You might get a quicker initial name resolution, especially if your ISP has a small DNS cache and doesn't see requests for that site often, but after the first request both your server and local machine will cache the request meaning that Google or OpenDNS will be slower if there is a large distance between you and their servers. There will be no improvement to ping tests at all except for possibly the initial lookup.

I've said it in a comment above, but your tests are also not fair for the purposes of your testing. Using speedtest is not relevant for testing DNS and the tests you have run are resolving to different servers with different speeds or locations which will unfairly skew your results. If you want to prove that DNS makes no real difference then you need to be selecting the same server each time.

As to why DNS will make no real difference? It is because it is used in the first half-second of your connection to a server (to resolve a name to an address) and maybe if your cache times out then it will use it again. You might save a fragment of a second in getting the IP address of your game or Steam server, but after that the software will always be taking the direct route to the server and the speed will be the same regardless of DNS server used.

Having a fast DNS server can be good if you are browsing websites that are particularly laden with off-site resources such as social media buttons, advertising images and scripts and other resources which all need their locations resolved. This can be particularly annoying to most users as it appears to be the main site being slow when in reality it is the resolution and download of all the "extra" resources that makes the site slow.

Many people may equate this slow resolution of resources as being the sites "ping" being bad, when in all actuality the sites ping is perfectly fine. If the site loads faster with the DNS changed then it is your DNS server that is bad, not the sites speed or ping (latency). These are two very different things.

I've made a quick drawing of what (roughly) happens.

For existing connections and if the name is in your local cache you will see no benefit to changing your DNS. If the names are not in your cache then changing the DNS can make a brief improvement at the start of the connection.

Solution 2

Well, other people have pointed out the malware, speed and ping points. I'll talk about the fourth and fifth point, which dns actually very clearly helps: Censorship (and bugs in DNS Servers) and Privacy.

In my case, changing your DNS server allows you to circumvent through the DNS blocks (there are currently 113683 blocked websites in Turkey) and connect to some* blocked websites. Most people here uses a DNS on their computers to be able to connect to the popular blocked sites.

About an issue that might affect everyone, there might be issues with the DNS servers, mostly slow speeds, non-%100 uptime and some sites not having proper DNS records (as a bug). As the first two are mostly mentioned by other answers, I'll talk about the last. This is actually very rare and can be caused by many reasons, however this happened to me once and I'll mostly shortly talk about that case. A site was inaccessible using Google DNS but was fine with any other DNS servers, we got the owners to contact google and the site got working on Google DNS again in a few hours. This is simply an example of how your DNS choice can affect you, even when it doesn't have censorship (or you don't care about your privacy).

Also, your DNS queries can be viewed easily if you get MitM'd or, for example, your company or your ISP is tracking you. While other DNS servers' queries will be visible to them too, most people who uses OpenVPN and similar VPN services route DNS queries to go through the VPN to hide the sites they visit. If you were to use the default DNS' IP address (the one of your ISP or country) in the openvpn config, they'd still be able to see which sites you access, even though you are behind a VPN and route your DNS queries through the VPN.

* Some sites, most notably wikileaks.org, is blocked at IP level and some, most notably i.imgur.com, are blocked at DNS level.

Solution 3

@Mokubai's response is fairly correct but for glossing on some details:

In general, when you want to test performance of a given traffic flow, you want to ensure that you're testing the same thing. Ping is an ICMP-based traffic-type. DNS primarily uses UDP (though, there are scenarios - zone transfers and signed queries/responses - where TCP is used.

Further exacerbating the validity problem of using ICMP as your basis for measuring UDP responses is the fact that ICMP responses are frequently given a lower quality of service (QoS) than TCP and UDP are. This is particularly so for large/busy sites - it makes far more sense for site operators to prioritize the traffic-types that they offer services over while de-prioritizing traffic-types that don't directly support that service. This QoSing will adversely impact not only ping but other diagnostic tools like traceroute.

Not directly relevant to DNS, but still worth being aware of if you're doing long-running, network-oriented tasks (you don't just game for a few minutes, here and there, do you): it's also not uncommon for ISPs to mess with speed-testing system. ISPs know that most speed-testing tools only operate for a few tens of seconds to a few minutes (and that most transfers happen within the span of a few minutes). As such, they will tend to implement traffic-shaping algorithms that will make shorter tests not representative of your speeds. That is, flows that are only a few seconds to a few minutes in length will give full bandwidth for the span of the test. If you go to a testing method that's longer-running - say 10+ minutes to a few hours - you may find that your throughput drops over time because one of the links had down-prioritized your traffic.

At any rate, if you want to benchmark DNS, you want to use a tool like dig to do so. dig tests the actual protocols you're interested in and tends to run in a non-caching mode.

Solution 4

Once the IP has been resolved, you do not need DNS for connections to the same host (as long as the IP is cached on your system, of course). I believe that speedtest.net only needs DNS when you start the test to resolve the IP of the testing server, after that you ping the server without needing DNS. As such, DNS does not have any influence over the actual connection speed.

I think your speedtest results are within a margin of error of each other, the higher ping on the Google DNS test is probably caused by the fact that you ran the test to another server than your other two tests.

The way OpenDNS protects you against malware is by not resolving known malware domains. It still won't protect you from malware when you can resolve the domain to the IP.

I don't think DNS has any noticeable effect when gaming. The only time you need it is to resolve the IP of a server where you connect using a domain (something like play.example.com), after that most games use the IP to talk to the server directly, circumventing DNS.

Solution 5

When you visit a domain, be it Google or Steam, your device consults DNS once and keeps the result in cache for a long time (TTL = Time to Live), at least one hour but usually more.

A difference of milliseconds in this single query won't change the latency of an online game.

OpenDNS or Google DNS can determine if a site contains malware or at least if it's suspicious and then they can send you to a warning site where you can decide by yourself if you want to connect to the supposed malicious site,

View more solutions

93,173

GNT

Updated on September 18, 2022

Comments

GNT almost 2 years
I used to use google DNS and OpenDNS long time ago, didn't notice any improvements. I recently heard a security expert saying that OpenDNS is the best way for malware protection. But found out that this feature isn't free.

I saw a gamer saying that google DNS is faster for regular users and OpenDNS is better for gamers because of lower ping, and all of the bloggers recommend using a DNS service.

My brother noticed that both providers had higher ping on steam than our default DNS provider and he read that DNS won't affect Dota 2 on steam in anyway.

I did my tests, in incognito and flushed DNS after each test, I let speedtest pick the closest DNS. My results are:
- Default DNS
- Google DNS
- OpenDNS
All results are similar if not worse than the default DNS, if anything OpenDNS has the lowest ping but by a small margin, if I were to repeat tests that gap would go away.

Does DNS providers really affect speed or security or gaming? Gaming nowadays is mostly on steam, so does it affect steam?
GNT over 7 years

So should I stick to opendns or use the default one?
Dylan Rozendom over 7 years

@Lynob That is really up to you. I use google myself. But as I said it doesn't matter whatsoever.
djsmiley2kStaysInside over 7 years

Another thing to concider is the privacy concerns; whomever is resolving your addresses for you can see the sites you are visiting (if you care).
Keltari over 7 years

I remember reading an article somewhere. The speed increase of the name resoltion was increased... by the equivalent of 10 seconds over the course of a year.
Mokubai over 7 years

A whole 10 seconds a year...
GNT over 7 years

why people keep recommending the use of google dns or open dns then? especially google dns
Mokubai over 7 years

@Lynob Because certain ISPs might have particularly flakey hardware and their DNS servers could be painfully slow, in which case replacing it with another might mean that webpage loading feels faster as the initial "where does this name go to" is improved. For websites with a lot of external links to Facebook and other sites it could actually be an improvement in the short term. Long term though, once you have the addresses resolved there is no overall improvement to the speed of the connection. Effectively people are misreading a long time to resolve a name as being the same as its "ping".
Mokubai over 7 years

@Lynob I've updated my answer. Does that help make it clearer?
ave over 7 years

This was originally a comment but I extended it into an answer.
Matthew Steeples over 7 years

Facebook has a TTL of 5 minutes, Google has a TTL of 5 minutes, bbc.co.uk has a TTL of 5 minutes. I think small sites may indicate that the results can be cached for a long time, but the big sites now don't want to risk being offline if a site is unavailable and DNS is one way of helping with that
sapi over 7 years

@Lynob The other consequence of flaky ISP hardware is that Google's DNS is likely to have much higher uptime. That's probably not as relevant with most ISPs these days, but it used to be that ISP DNS would go down occasionally, and having 8.8.8.8 as the secondary would ensure that your internet didn't 'stop working'.
Ben Voigt over 7 years

There are scenarios where -- didn't you mean to say TCP here, because it's the exception to the rule that DNS uses UDP?
Kevin over 7 years

Of course, the purpose of Google DNS isn't to be faster. It's to avoid that annoying "this site doesn't exist, here are some ads" page you get when you typo a URL with some DNS providers.
Arvo over 7 years

@Kevin Sorry, the purpose of Google DNS is to gather additional info about user browsing habits and even other services he/she accesses.
Dylan Rozendom over 7 years

@Bergi Omg I typed it the other way around my bad.
David Refoua over 7 years

Also, using HTTPS might help when using foreign DNS servers.
Kevin over 7 years

@Arvo: You may want to review the privacy policy.
Cas over 7 years

@MatthewSteeples one millisecond long request every five minutes still won't produce any noticeable lag in online games.
Matthew Steeples over 7 years

@cascer1 I know, I wasn't contesting the online games bit. Unless your game protocol is seriously wrong then you won't be using any DNS once you're connected (as the connections are persistent). I was just pointing out that the first paragraph is entirely wrong.
Nick Farina almost 6 years

This answer deserves better visibility. Switching my DNS from my ISP (CenturyLink Fiber) to Google DNS solved some serious Netflix/Hulu streaming issues for me as well. Picking the right server to communicate with is very important and Google seems to do a much better job.