Why Google and OpenDNS are not necessarily best...
Thread Starter
Joined: Aug 2002
Posts: 3,663
Likes: 0
From: Earth
Why Google and OpenDNS are not necessarily best...
With the Olympics looming, just thought I'd post a little something about why using public DNS services such as Google or OpenDNS is a double-edged sword.
The potential benefits of such services have been written about time and time again on PPRuNe, i.e. the general good uptime of such services and the potential to benefit from phishing and malware filtering.
The downside you may not realise is when you access resources hosted on CDNs (Content Distribution Networks), you will benefit from greater access speeds if you use your ISPs DNS servers instead of a public DNS service. This doesn't only apply to streaming videos either, it applies to file downloads (such as software updates and images) from websites that are hosted on CDNs too.
For those not in the know, CDNs are globally distributed server clusters. The intention being to deliver content from the closest point to the user. They work their magic by identifying the closest content cluster to the user from the DNS lookup.
Here's an example from a typical ADSL line.
Let's ask Google where some of the BBC's CDN content is …
Let's ask OpenDNS where it is…..
Let's ask our ISP where it is….
Ok, so we've got three sets of numbers back, big deal you may say.
Let's see where they take us.
First Google :
So, Google takes us 10 hops and we end up in Amsterdam.
Now OpenDNS :
OpenDNS takes us 14 hops and we take a great circle route to London via San Jose and Amsterdam !
Now the ISP :
Only 8 hops, remaining up in London throughout, and the lowest latency route of all three.
So, the moral of the story is that unless you have a good reason to do otherwise, you should seriously consider only using your ISPs DNS servers, and make sure you check the settings once in a while incase the ISP has changed the server IPs.
The potential benefits of such services have been written about time and time again on PPRuNe, i.e. the general good uptime of such services and the potential to benefit from phishing and malware filtering.
The downside you may not realise is when you access resources hosted on CDNs (Content Distribution Networks), you will benefit from greater access speeds if you use your ISPs DNS servers instead of a public DNS service. This doesn't only apply to streaming videos either, it applies to file downloads (such as software updates and images) from websites that are hosted on CDNs too.
For those not in the know, CDNs are globally distributed server clusters. The intention being to deliver content from the closest point to the user. They work their magic by identifying the closest content cluster to the user from the DNS lookup.
Here's an example from a typical ADSL line.
Let's ask Google where some of the BBC's CDN content is …
Code:
> dig @8.8.8.8 static.bbci.co.uk a1638.g.akamai.net. 6 IN A 80.239.148.163
Code:
> dig @208.67.222.222 static.bbci.co.uk a1638.g.akamai.net. 4 IN A 77.67.21.66
Code:
> dig static.bbci.co.uk a1638.g.akamai.net. 20 IN A 92.123.154.35
Let's see where they take us.
First Google :
Code:
> traceroute 80.239.148.163 6 ldn-b5-link.telia.net (80.239.193.109) 32.144 ms 34.820 ms 34.022 ms 7 ldn-bb1-link.telia.net (80.91.246.144) 30.951 ms ldn-bb1-link.telia.net (80.91.248.217) 31.914 ms ldn-bb1-link.telia.net (80.91.246.144) 35.533 ms 8 adm-bb1-link.telia.net (80.91.250.84) 41.530 ms adm-bb1-link.telia.net (80.91.253.191) 39.120 ms 43.912 ms 9 adm-b5-link.telia.net (80.91.246.101) 39.933 ms adm-b5-link.telia.net (213.155.134.43) 39.445 ms 39.625 ms 10 80-239-148-163.customer.teliacarrier.com (80.239.148.163) 42.023 ms 40.776 ms 43.261 ms
So, Google takes us 10 hops and we end up in Amsterdam.
Now OpenDNS :
Code:
7 ae-52-52.csw2.london1.level3.net (4.69.139.120) 41.030 ms 34.391 ms 44.111 ms 8 ae-59-224.ebr2.london1.level3.net (4.69.153.141) 31.944 ms 34.414 ms ae-57-222.ebr2.london1.level3.net (4.69.153.133) 47.822 ms 9 ae-48-48.ebr2.amsterdam1.level3.net (4.69.143.81) 40.525 ms ae-47-47.ebr2.amsterdam1.level3.net (4.69.143.77) 40.668 ms ae-48-48.ebr2.amsterdam1.level3.net (4.69.143.81) 46.255 ms 10 ae-59-224.csw2.amsterdam1.level3.net (4.69.153.214) 58.317 ms 46.066 ms 39.261 ms 11 ae-2-52.edge3.amsterdam1.level3.net (4.69.139.169) 40.143 ms 43.027 ms 39.972 ms 12 intelq-tinet (4.68.110.86) 38.340 ms isc-level3-ge.sanjose1.level3.net (4.68.110.142) 42.681 ms 43.250 ms 13 xe-1-3-1.lon10.ip4.tinet.net (89.149.185.230) 40.338 ms xe-9-3-0.lon10.ip4.tinet.net (89.149.183.174) 41.701 ms xe-9-1-1.lon10.ip4.tinet.net (89.149.183.61) 42.593 ms 14 77.67.21.66 (77.67.21.66) 38.823 ms 42.349 ms 39.791 ms
OpenDNS takes us 14 hops and we take a great circle route to London via San Jose and Amsterdam !
Now the ISP :
Code:
6 xe-0-3-0.cr1.lhr1.uk.nlayer.net (195.66.224.37) 38.302 ms 40.140 ms 35.666 ms 7 as20940.xe-4-0-5.ar1.lhr1.uk.nlayer.net (69.22.139.38) 30.580 ms 77.906 ms 30.742 ms 8 a92-123-154-35.deploy.akamaitechnologies.com (92.123.154.35) 35.987 ms 34.449 ms 34.091 ms
Only 8 hops, remaining up in London throughout, and the lowest latency route of all three.
So, the moral of the story is that unless you have a good reason to do otherwise, you should seriously consider only using your ISPs DNS servers, and make sure you check the settings once in a while incase the ISP has changed the server IPs.
Last edited by mixture; 11th May 2012 at 09:38.
Thread Starter
Joined: Aug 2002
Posts: 3,663
Likes: 0
From: Earth
Mac the Knife,
Ah yes. Well, Africa is somewhat the exception to the rule as its connectivity to the outside world is somewhat constrained, although there are new fibre cables coming on board over the next few years that should improve that.
So yes, I guess my suggested advice may not necessarily be of much use if you're in Antartica, Africa, parts of Latin America,remote corners of Asia or running off a satellite connection.
Ah yes. Well, Africa is somewhat the exception to the rule as its connectivity to the outside world is somewhat constrained, although there are new fibre cables coming on board over the next few years that should improve that.
So yes, I guess my suggested advice may not necessarily be of much use if you're in Antartica, Africa, parts of Latin America,remote corners of Asia or running off a satellite connection.
Joined: Jan 2012
Posts: 2,173
Likes: 0
From: .
I think the main reason for using OpenDNS is simply because of the filtering tools that are available to you
For instance I've just switched the routers at a local residential care home to use it. That location houses recovering patients of a "disturbed" nature and it was felt better to block access to porn / racist / violent sites
OpenDNS offers a way to provide that at nil cost
For instance I've just switched the routers at a local residential care home to use it. That location houses recovering patients of a "disturbed" nature and it was felt better to block access to porn / racist / violent sites
OpenDNS offers a way to provide that at nil cost
