Advice Request Should I Change My ISP DNS Server Even if It is the Fastest?

Please provide comments and solutions that are helpful to the author of this topic.
A

Azazel

The Reason to change it usually is better reliability, speed and security.
I found Google DNS the most reliable and almost always working.
Also third party dns server support Encryption Protocols like DNS over HTTPS and DNSSEC.
I almost always suggest changing DNS Server.

Generally choose any of the following providers.
Google, Cloudflare, Quad9, OpenDNS.
Others are mostly garbage.
 
  • Like
Reactions: rashmi, Nevi, Moonhorse and 1 other person
Wrecker4923

Wrecker4923

Level 2
Apr 11, 2024
53
I use AdGuard DNS for additional ad/malware protection on my network. I agree that it's not as reliable or as fast as Quad9 (fastest at my location), but it does reduce malware/scam vectors on other machines besides my own. I do set up private DNS on my Android, and DNS over HTTPS on my windows machines for additional security/privacy.
 
  • Like
  • Hundred Points
Reactions: lokamoka820, Jan Willy, rashmi and 2 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,879
lokamoka820 said:
Should I change my ISP DNS server even if it is the fastest?

If yes, how to select the right one for me?
Click to expand...
If it is reliable and implements DNSSEC you are probably going to see the best performance with it. If it doesn’t have DNSSEC implemented or you want malware filtering then you might want to look elsewhere. Dnscheck.tools can show you what features your DNS server has, including a thorough DNSSEC test, look in the lower left.
 
Last edited:
  • Like
  • Thanks
Reactions: lokamoka820, rashmi, Nevi and 1 other person
Nevi

Nevi

Level 12
Verified
Top Poster
Well-known
Apr 7, 2016
573
All places I have looked Clouflare seem to be one of the most fast DNS. I use it, and it's fast okay. But I have not tried to look a comparision. It was standing on wwww so it must be right ? Lol
Seriously I think if one just use one of the 5 fastest, it will be close to to the same.
 
  • Like
Reactions: lokamoka820 and rashmi
Biswajit poddar

Biswajit poddar

New Member
May 8, 2024
2
It's a great question! Even if your ISP's DNS server is the fastest, there are still reasons to consider switching. One major factor is privacy and security. Some ISPs may log your browsing activity or sell your data to third parties. By using a third-party DNS server, you can potentially enhance your privacy.

Another reason is reliability. Third-party DNS servers often have multiple redundant servers worldwide, which can improve reliability and reduce downtime compared to relying solely on your ISP's DNS.

To select the right DNS server for you, consider factors like privacy policies, security features, and reliability. Popular options include Google DNS (8.8.8.8 and 8.8.4.4), Cloudflare DNS (1.1.1.1 and 1.0.0.1), and OpenDNS (208.67.222.222 and 208.67.220.220). You can also use tools like DNS Benchmark or Namebench to test and compare the performance of different DNS servers in your area.
 
  • Like
Reactions: Nevi and Victor M
F

ForgottenSeer 109138

lokamoka820 said:
Should I change my ISP DNS server even if it is the fastest?

If yes, how to select the right one for me?
Click to expand...
Ask yourself why you are considering this. Was it an issue you had or something you read? If the latter did you research it "fully" to determine it's what you need to do. If so, you should also "research" what's best for you and your uses instead of relying on other people's opinions of options that work best for them.

It's the best advice you can get, unbiased and factual.
 
  • Like
  • HaHa
Reactions: Nevi, Jan Willy and Khushal
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,879
Also in terms of browsing experience pings aren’t always the most important thing. A lot of ISPs host CDN content on their edge networks and have optimized routing. If you have a smaller ISP with less reliable DNS servers you may want to switch. But if they are reliable you probably will get the best experience from your ISP.
 
Last edited:
  • Like
  • Thanks
Reactions: Nevi, Trident and lokamoka820
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,879
Biswajit poddar said:
It's a great question! Even if your ISP's DNS server is the fastest, there are still reasons to consider switching. One major factor is privacy and security. Some ISPs may log your browsing activity or sell your data to third parties. By using a third-party DNS server, you can potentially enhance your privacy.

Another reason is reliability. Third-party DNS servers often have multiple redundant servers worldwide, which can improve reliability and reduce downtime compared to relying solely on your ISP's DNS.

To select the right DNS server for you, consider factors like privacy policies, security features, and reliability. Popular options include Google DNS (8.8.8.8 and 8.8.4.4), Cloudflare DNS (1.1.1.1 and 1.0.0.1), and OpenDNS (208.67.222.222 and 208.67.220.220). You can also use tools like DNS Benchmark or Namebench to test and compare the performance of different DNS servers in your area.
Click to expand...
ISPs can reverse lookup IP addresses with fairly accurate results. IPs may be hosting multiple sites, but the combo of ads and other linked IPs on each page give them a decently precise fingerprint. If they are spending the resources to track DNS, then they can easily also do this.
 
  • Like
Reactions: Nevi, Trident and ravi prakash saini
lokamoka820

lokamoka820

Level 25
Thread author
Verified
Mar 1, 2024
1,468
blackice said:
If it is reliable and implements DNSSEC you are probably going to see the best performance with it. If it doesn’t have DNSSEC implemented or you want malware filtering then you might want to look elsewhere. Dnscheck.tools can show you what features your DNS server has, including a thorough DNSSEC test, look in the lower left.
Click to expand...
Here is the result of the test:

brave_2024-05-08_17-45-43_cr.png


What it is mean?
 
lokamoka820

lokamoka820

Level 25
Thread author
Verified
Mar 1, 2024
1,468
Practical Response said:
Ask yourself why you are considering this. Was it an issue you had or something you read? If the latter did you research it "fully" to determine it's what you need to do. If so, you should also "research" what's best for you and your uses instead of relying on other people's opinions of options that work best for them.

It's the best advice you can get, unbiased and factual.
Click to expand...
I am asking because I want to know if DNS servers are just about speed, or there are other factors to consider when selecting one? :)
 
  • Like
Reactions: Nevi and ForgottenSeer 109138
lokamoka820

lokamoka820

Level 25
Thread author
Verified
Mar 1, 2024
1,468
Biswajit poddar said:
It's a great question! Even if your ISP's DNS server is the fastest, there are still reasons to consider switching. One major factor is privacy and security. Some ISPs may log your browsing activity or sell your data to third parties. By using a third-party DNS server, you can potentially enhance your privacy.

Another reason is reliability. Third-party DNS servers often have multiple redundant servers worldwide, which can improve reliability and reduce downtime compared to relying solely on your ISP's DNS.

To select the right DNS server for you, consider factors like privacy policies, security features, and reliability. Popular options include Google DNS (8.8.8.8 and 8.8.4.4), Cloudflare DNS (1.1.1.1 and 1.0.0.1), and OpenDNS (208.67.222.222 and 208.67.220.220). You can also use tools like DNS Benchmark or Namebench to test and compare the performance of different DNS servers in your area.
Click to expand...
So privacy and security are major factors here. This is what I was looking for.
 
  • Like
Reactions: Jan Willy and Biswajit poddar
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,879
lokamoka820 said:
Here is the result of the test:

View attachment 283291

What it is mean?
Click to expand...
A lot of ISPs show like this on dnscheck.tools test. Verizon actually does the same thing in the USA. I'm unclear if it means they only check for valid signatures, or that they are accepting bad signatures instead of rejecting them. I've never seen the yellow Xs. Sometimes it takes a couple runs to validate the DNSSEC stuff. If it always shows only green on the good signatures, but red Xs on the rest, then they aren't implementing DNSSEC properly. Not the end of the world, but it does mean there's a vulnerability to DNS spoofing. I would research it and see what you're comfortable with. Honestly most DNS traffic just goes where it should. It was designed to be simple and just work, but DNS hijacking does occasionally occur.
 
  • Like
  • Thanks
Reactions: Nevi, Victor M, Trident and 2 others
lokamoka820

lokamoka820

Level 25
Thread author
Verified
Mar 1, 2024
1,468
blackice said:
A lot of ISPs show like this on dnscheck.tools test. Verizon actually does the same thing in the USA. I'm unclear if it means they only check for valid signatures, or that they are accepting bad signatures instead of rejecting them. I've never seen the yellow Xs. Sometimes it takes a couple runs to validate the DNSSEC stuff. If it always shows only green on the good signatures, but red Xs on the rest, then they aren't implementing DNSSEC properly. Not the end of the world, but it does mean there's a vulnerability to DNS spoofing. I would research it and see what you're comfortable with. Honestly most DNS traffic just goes where it should. It was designed to be simple and just work, but DNS hijacking does occasionally occur.
Click to expand...
Here is the result after changing my DNS to Cloudflare:

brave_2024-05-09_05-07-40_cr.png


Is this better?
 
  • Like
Reactions: blackice
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,879
lokamoka820 said:
Here is the result after changing my DNS to Cloudflare:

View attachment 283310

Is this better?
Click to expand...
In terms of DNSSEC yes. If you are having a pleasant browsing experience and not seeing any slowdowns or more buffering on videos then you will probably be happy. Don’t worry about their response time measurement. It has been having strangely high MS in Chromium browsers lately. But they are measuring actual response times and not pings like most other tests.
 
  • Like
  • Thanks
Reactions: lokamoka820 and Nevi

Similar threads

n8chavez
Serious Discussion Router VPN Killswitch
Replies
9
Views
796
VPN and DNS
sokabi
S
silversurfer
    • Like
New Update AdGuard DNS v2.11: Filtering preloaded pages in Chrome
Replies
0
Views
362
AdGuard
silversurfer
silversurfer
Morro
    • Like
    • Wow
Serious Discussion Does anyone else get this at times with NextDNS?
Replies
18
Views
1,060
VPN and DNS
brambedkar59
brambedkar59

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top