NordVPN Promotion

Home / Blogs

Top Public DNS Resolvers Compared

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

At ThousandEyes, we’ve always been curious about the performance of various public DNS resolvers—especially since Google threw their hat in the ring back in 2009. We satisfied our curiosity this week, so we thought we’d share the results.

Here’s how we did it. We measured the latency to each resolver from approximately 3000 points around the globe with a minimum of 50 points per country. This means that these results are based on the best-case resolution time, assuming you tried to retrieve a DNS record that was in the public resolver’s cache. The results shown are the average over a 24-hour period.

Using this data, we determined which DNS provider’s resolvers were fastest (on average) as seen by each of the vantage points. We picked a winner per country based on the provider that was most frequently the fastest in that country. The map below is colored accordingly. As you can see, if you are in the US, chances are that your fastest public resolver is an OpenDNS resolver. But if you’re in India, it’s probably Google.

Fastest DNS providers per country, UltraDNS (yellow) applies to Hong Kong.

Global Results:

ResolverAvg Latency% Where Fastest
Google 1 (8.8.8.8)61.1 ms20.7%
Google 2 (8.8.4.4)61.2 ms19.0%
Dyn 1 (216.146.35.35)94.6 ms13.5%
OpenDNS 2 (208.67.220.220)84.6 ms11.8%
OpenDNS 1 (208.67.222.222)85.5 ms10.9%
Dyn 2 (216.146.36.36)95.8 ms10.2%
Ultra 2 (156.154.71.1)105.4 ms7.6%
Ultra 1(156.154.70.1)117.9 ms3.5%
Level3 2 (4.2.2.2)169.0 ms1.7%
Level3 1 (4.2.2.1)217.7 ms1.1%


United States Results:

ResolverAvg Latency% Where Fastest
OpenDNS 2 (208.67.220.220)18.2 ms27.3%
OpenDNS 1 (208.67.222.222)17.8 ms27.2%
Dyn 2 (216.146.36.36)23.6 ms8.7%
Ultra 1 (156.154.70.1)28.6 ms7.8%
Dyn 1 (216.146.35.35)25.7 ms7.7%
Ultra 2 (156.154.71.1)24.2 ms6.7%
Level3 1 (4.2.2.1)34.6 ms5.9%
Level3 2 (4.2.2.2)28.1 ms4.8%
Google 2 (8.8.4.4)31.2 ms2.3%
Google 1 (8.8.8.8)32.0 ms1.6%


Most regions have a clear frontrunner—OpenDNS in North America, Central America, and Africa, Google in South America and the Asia-Pacific region, and Dyn in eastern Europe. In western Europe, however, there is a bit more contention for the top spot, with each of the top three providers making a strong showing. At a country level, Level3 DNS resolvers did not make it to the top anywhere while Ultra’s DNS resolvers made it to the top in Hong Kong (though you can’t see it on the map).

Now that our initial curiosity about the performance of different public DNS resolvers has been satisfied, our next task is to understand how the performance of public resolvers compares to the default resolver provided by your local ISP. That’s definitely more involved and will be the subject of an upcoming article.

By Michael Meisel, Chief Architect at ThousandEyes

Visit the blog maintained by ThousandEyes where Michael is a contributor.

Visit Page

Filed Under

Comments

Thanks David A. Ulevitch  –  Apr 8, 2011 4:18 AM

Thanks, and just curious when the results were collected (approximately)?

We used the 24 hours from midnight Michael Meisel  –  Apr 8, 2011 5:06 AM

We used the 24 hours from midnight April 5th to midnight April 6th UTC.

Okay, I guess I have some more David A. Ulevitch  –  Apr 8, 2011 5:09 AM

Okay, I guess I have some more work to do to make us better in SE Asia. :-( Eastern Europe should be fixed by end of next week. Thanks!

Recursive DNS Providers Rick Rumbarger  –  Apr 8, 2011 8:07 PM

Thanks for sharing this information. While many CircleID readers are technical in nature, many whom have sent me the link to your article did not notice the fact you were referring to recursive DNS resolvers instead of authoritative. I think it should be noted that companies have many different reasons for providing public recursive DNS resolvers.  I would challenge readers that Google does it to extend their information collection.  OpenDNS is obviously focused on this as their primary business, while Level 3 inherited much of their infrastructure from Genuity, both of which are ISPs.  UltraDNS is in the unique position to provide an extension of its authoritative DNS responses directly to recursive resolvers as a feature of its Premium Authoritative DNS service.  This further ensures the security of the query response (cache poisoning mitigation) and bypasses TTLs for its customers (cache invalidation technology).
 
While speed is important, I do not believe it should be looked at in a vacuum.  All of the top providers you have written about are being measured in a variance of milliseconds. Other features like the type of resolver code used, the security mechanisms in place, the strength and experience of the organization standing behind the service and the additional features beyond basic query response are also important.  OpenDNS & UltraDNS are dedicated to DNS resolution and both offer substantial service beyond basic query resolution.  A good example of this is Category Filtering to control content accessed (e.g., Malware, Phishing, Social sites, Adult content, etc).

Re: Recursive DNS Providers Mohit Lad  –  Apr 11, 2011 1:25 AM

Rick, you make a good point and its true that speed is not everything. However, this post does not try to claim one is "better" than the others. Its just meant to compare how fast different public recursive DNS services are, primarily because we ourselves were curious and were also asked the same by many others.

Mohit, thanks for the follow up. Rick Rumbarger  –  Apr 11, 2011 9:14 PM

Mohit, thanks for the follow up. As you can imagine I am protective of our products and the DNS industry as a whole. The only reason I commented was quantity and type of questions I personally received based on the post. Many times when an industry expert makes a post in a well known and respected source such as CircleID, less technical readers tend to only focus on the information discussed and lose perspective on the bigger picture. My comments should not be taken as anything other than an attempt to bring to light the bigger picture. We appreciate the information and being included in your review.

Rick -- I thought you guys killed David A. Ulevitch  –  Apr 12, 2011 4:29 AM

Rick -- I thought you guys killed DNS Advantage? I can't even find a link to it on Neustar or Ultra's website. I've never heard of a single organization using it.

David, thank you for your reply, but Rick Rumbarger  –  Apr 12, 2011 8:43 PM

David, thank you for your reply, but to clarify DNSAdvantage.com is our consumer branded version of our Recursive DNS platform and is not the focus of our Neustar.biz branded website, which is focused on business customers. We have many organizations ranging from Fortune 50 to traditional Internet Service Providers (ISPs) relying on the advanced features of our Recursive DNS platform everyday. Hopefully you are experiencing the same success we are.

Rick -- Okay, so forget DNS Advantage, David A. Ulevitch  –  Apr 12, 2011 9:20 PM

Rick -- Okay, so forget DNS Advantage, I didn't know it was consumer-focused since we've had non-consumer customers tell us that Neustar sales people are pitching it as a business product. Misunderstanding, I'm sure. So then is this the product you are referring to? http://www.neustar.biz/services/ultradns-services/ultradns-recursive To make sure I understand correctly, you are saying that a Fortune 50 is currently using that product for recursive DNS? And that it's a cloud service? I've never heard of it or heard of a customer mentioning it or anything about it at all. In any event, I do not think we are experiencing the same success as you; we are dramatically growing our business by focusing on innovation and by delighting our customers with a world-class service.

DNNSEC Marco Davids  –  Apr 12, 2011 5:05 PM

Speed is one thing, DNSSEC validation something quite different. Still, you might want your favourite resolver to support that too. But does it?

Do the test at: http://dnssectest.sidn.nl/

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

NordVPN Promotion