Advice Request Should I Change My ISP DNS Server Even if It is the Fastest?

Please provide comments and solutions that are helpful to the author of this topic.

A

Azazel

The Reason to change it usually is better reliability, speed and security.
I found Google DNS the most reliable and almost always working.
Also third party dns server support Encryption Protocols like DNS over HTTPS and DNSSEC.
I almost always suggest changing DNS Server.

Generally choose any of the following providers.
Google, Cloudflare, Quad9, OpenDNS.
Others are mostly garbage.
 

Wrecker4923

Level 1
Apr 11, 2024
11
I use AdGuard DNS for additional ad/malware protection on my network. I agree that it's not as reliable or as fast as Quad9 (fastest at my location), but it does reduce malware/scam vectors on other machines besides my own. I do set up private DNS on my Android, and DNS over HTTPS on my windows machines for additional security/privacy.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,837
Should I change my ISP DNS server even if it is the fastest?

If yes, how to select the right one for me?
If it is reliable and implements DNSSEC you are probably going to see the best performance with it. If it doesn’t have DNSSEC implemented or you want malware filtering then you might want to look elsewhere. Dnscheck.tools can show you what features your DNS server has, including a thorough DNSSEC test, look in the lower left.
 
Last edited:

Nevi

Level 11
Verified
Top Poster
Well-known
Apr 7, 2016
537
All places I have looked Clouflare seem to be one of the most fast DNS. I use it, and it's fast okay. But I have not tried to look a comparision. It was standing on wwww so it must be right ? Lol
Seriously I think if one just use one of the 5 fastest, it will be close to to the same.
 

Biswajit poddar

New Member
May 8, 2024
2
It's a great question! Even if your ISP's DNS server is the fastest, there are still reasons to consider switching. One major factor is privacy and security. Some ISPs may log your browsing activity or sell your data to third parties. By using a third-party DNS server, you can potentially enhance your privacy.

Another reason is reliability. Third-party DNS servers often have multiple redundant servers worldwide, which can improve reliability and reduce downtime compared to relying solely on your ISP's DNS.

To select the right DNS server for you, consider factors like privacy policies, security features, and reliability. Popular options include Google DNS (8.8.8.8 and 8.8.4.4), Cloudflare DNS (1.1.1.1 and 1.0.0.1), and OpenDNS (208.67.222.222 and 208.67.220.220). You can also use tools like DNS Benchmark or Namebench to test and compare the performance of different DNS servers in your area.
 
  • Like
Reactions: Nevi and Victor M
F

ForgottenSeer 109138

Should I change my ISP DNS server even if it is the fastest?

If yes, how to select the right one for me?
Ask yourself why you are considering this. Was it an issue you had or something you read? If the latter did you research it "fully" to determine it's what you need to do. If so, you should also "research" what's best for you and your uses instead of relying on other people's opinions of options that work best for them.

It's the best advice you can get, unbiased and factual.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,837
Also in terms of browsing experience pings aren’t always the most important thing. A lot of ISPs host CDN content on their edge networks and have optimized routing. If you have a smaller ISP with less reliable DNS servers you may want to switch. But if they are reliable you probably will get the best experience from your ISP.
 
Last edited:

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,837
It's a great question! Even if your ISP's DNS server is the fastest, there are still reasons to consider switching. One major factor is privacy and security. Some ISPs may log your browsing activity or sell your data to third parties. By using a third-party DNS server, you can potentially enhance your privacy.

Another reason is reliability. Third-party DNS servers often have multiple redundant servers worldwide, which can improve reliability and reduce downtime compared to relying solely on your ISP's DNS.

To select the right DNS server for you, consider factors like privacy policies, security features, and reliability. Popular options include Google DNS (8.8.8.8 and 8.8.4.4), Cloudflare DNS (1.1.1.1 and 1.0.0.1), and OpenDNS (208.67.222.222 and 208.67.220.220). You can also use tools like DNS Benchmark or Namebench to test and compare the performance of different DNS servers in your area.
ISPs can reverse lookup IP addresses with fairly accurate results. IPs may be hosting multiple sites, but the combo of ads and other linked IPs on each page give them a decently precise fingerprint. If they are spending the resources to track DNS, then they can easily also do this.
 

lokamoka820

Level 3
Thread author
Mar 1, 2024
131
If it is reliable and implements DNSSEC you are probably going to see the best performance with it. If it doesn’t have DNSSEC implemented or you want malware filtering then you might want to look elsewhere. Dnscheck.tools can show you what features your DNS server has, including a thorough DNSSEC test, look in the lower left.
Here is the result of the test:

brave_2024-05-08_17-45-43_cr.png


What it is mean?
 

lokamoka820

Level 3
Thread author
Mar 1, 2024
131
Ask yourself why you are considering this. Was it an issue you had or something you read? If the latter did you research it "fully" to determine it's what you need to do. If so, you should also "research" what's best for you and your uses instead of relying on other people's opinions of options that work best for them.

It's the best advice you can get, unbiased and factual.
I am asking because I want to know if DNS servers are just about speed, or there are other factors to consider when selecting one? :)
 

lokamoka820

Level 3
Thread author
Mar 1, 2024
131
It's a great question! Even if your ISP's DNS server is the fastest, there are still reasons to consider switching. One major factor is privacy and security. Some ISPs may log your browsing activity or sell your data to third parties. By using a third-party DNS server, you can potentially enhance your privacy.

Another reason is reliability. Third-party DNS servers often have multiple redundant servers worldwide, which can improve reliability and reduce downtime compared to relying solely on your ISP's DNS.

To select the right DNS server for you, consider factors like privacy policies, security features, and reliability. Popular options include Google DNS (8.8.8.8 and 8.8.4.4), Cloudflare DNS (1.1.1.1 and 1.0.0.1), and OpenDNS (208.67.222.222 and 208.67.220.220). You can also use tools like DNS Benchmark or Namebench to test and compare the performance of different DNS servers in your area.
So privacy and security are major factors here. This is what I was looking for.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,837
Here is the result of the test:

View attachment 283291

What it is mean?
A lot of ISPs show like this on dnscheck.tools test. Verizon actually does the same thing in the USA. I'm unclear if it means they only check for valid signatures, or that they are accepting bad signatures instead of rejecting them. I've never seen the yellow Xs. Sometimes it takes a couple runs to validate the DNSSEC stuff. If it always shows only green on the good signatures, but red Xs on the rest, then they aren't implementing DNSSEC properly. Not the end of the world, but it does mean there's a vulnerability to DNS spoofing. I would research it and see what you're comfortable with. Honestly most DNS traffic just goes where it should. It was designed to be simple and just work, but DNS hijacking does occasionally occur.
 

lokamoka820

Level 3
Thread author
Mar 1, 2024
131
A lot of ISPs show like this on dnscheck.tools test. Verizon actually does the same thing in the USA. I'm unclear if it means they only check for valid signatures, or that they are accepting bad signatures instead of rejecting them. I've never seen the yellow Xs. Sometimes it takes a couple runs to validate the DNSSEC stuff. If it always shows only green on the good signatures, but red Xs on the rest, then they aren't implementing DNSSEC properly. Not the end of the world, but it does mean there's a vulnerability to DNS spoofing. I would research it and see what you're comfortable with. Honestly most DNS traffic just goes where it should. It was designed to be simple and just work, but DNS hijacking does occasionally occur.
Here is the result after changing my DNS to Cloudflare:

brave_2024-05-09_05-07-40_cr.png


Is this better?
 
  • Like
Reactions: blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,837
Here is the result after changing my DNS to Cloudflare:

View attachment 283310

Is this better?
In terms of DNSSEC yes. If you are having a pleasant browsing experience and not seeing any slowdowns or more buffering on videos then you will probably be happy. Don’t worry about their response time measurement. It has been having strangely high MS in Chromium browsers lately. But they are measuring actual response times and not pings like most other tests.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top