Free DNS Services Overview
Free DNS for your client resolving needs: there is more than one game in town, now. DNS Advantage, a NeuStar, Inc service, has just come online. Should you think about switching away from OpenDNS? Should OpenDNS be worried?
First, some background is in order. OpenDNS, which we wrote about back in June, is the leading provider of free DNS services. DNS services of this nature may be called client resolving, recursive DNS, and we've recently heard the confusing term, "external DNS."
About DNS Services
DNS is, of course, the magic goo that makes the Web work. When you request a Web site, say google.com, your computer must turn that into an IP address before making a connection to the remote site's Web server. The amount of time it takes to load a page can be dependent on the remote Web server, but most of the time there are other factors involved.
When you obtain an IP address for your computer (or router) from your ISP, it also gives you a few DNS servers to use. Your ISP normally runs these, and they are likely not run well. Every additional millisecond that you wait for a DNS response is noticeable; Web sites will often appear to load slowly because of slow DNS responses.
Free DNS providers, for client computers, are focused on providing fast response times. They do this by caching large amounts of data, so that a DNS request can be served from local data, as opposed to doing a full recursive lookup. A full lookup involves asking the root servers for a Name Server (NS) record for a domain, and then asking that domain's server for the answer. Suffice it to say: much faster from a local cache. There's strength in numbers; the more people that a DNS server, the faster it is, because it will have more cached data.
The real advantage, and something OpenDNS has taken advantage of, is that by controlling the resolver, you can block access to certain Web sites. Known phishing sites, for example, can be made inaccessible without resorting to expensive appliances and proxies installed at each site.
New to the block, DNS Advantage, provided by UltraDNS, run by NeuStar, seeks to take some market share from OpenDNS. Their Web site lists a remarkably similar set of features, yet the only one that appears to be working is the fundamental resolving itself—almost.
When you enter a domain in your Web browser, for example, which does not exist, UltraDNS tries to redirect you to a special page, searchportal.information.com. This page rarely loads, unfortunately, leaving the user thinking that the domain exists, and the remote site is just slow. Perhaps we just tested at a bad time; indeed, when it does work, you get dropped onto the search page at information.com. OpenDNS, by contrast, attempts to correct the most common typos and send the user on their way—without advertisements.
Furthermore, DNS Advantage advertises that their DNS servers will block access to malicious sites, such as ones containing malware or phishing pages. Sadly, we were unable to trigger this blocking. Using publically available data about well-known phishing sites (spamhaus, phishtank, etc), accessing sites that have been online for months, we were never denied access via DNS. Firefox quickly responded to the threat using its blocklists, but using DNS Advantage provided no Advantage in this regard.
From the DNS Advantage FAQ, we find this interesting statement:
Q. I found a website DNS Advantage should be blocking. What should I do?
A. We do our best to stay on top of the growing list of blocked domains. However, there may be some that we don't protect against yet. We are in the process of creating a mechanism to submit these types of websites to us.
The value of "some" was equal to 100% of the 150 sites we attempted to visit while using DNS Advantage for DNS queries.
DNS Advantage also has no mechanism by which you can block certain Web sites for all of your clients, but they say this functionality is in the works.
OpenDNS includes some fancy features for your domain. You can configure OpenDNS to block Web sites, based on the criteria you specify, for all of your client machines. This includes adult sites, social networking sites, and whatever else you custom-specify.
OpenDNS also allows remote sites to configure a custom redirection page, so that your users aren't just blindly redirected to some foreign site with no rationalization. Couple that functionality with the DNS activity reports OpenDNS also provides, and we have a clear winner.
Features aside, a major benefit to using DNS providers is speed. Huge caches of DNS information provide the fastest possible Web browsing experience, if the services are stable. Until last week, dnsadvantage.com indicated that "a portion of" the UltraDNS servers were utilized for the DNS Advantage service. Currently, the Web site indicates that all 14 servers run by UltraDNS are used for DNS Advantage services.
OpenDNS's Web site shows the locations of their five geographically disperse servers, with plans to add another soon. Both providers publish this information, but the piggy-backed nature of DNS Advantage (on UltraDNS) is questionable, considering their published data keeps changing.
DNS Advantage has shown that the barrier to entry for free DNS providers is quite low, but an easy peek under the covers reveals that it is, in fact, not the DNS service that's most important. Even assuming that a newcomer can provide equally stable and quick-responding DNS responses, the true value add is in the features.
Given that the stability is there, they offer truly innovative features to help you manage your site, and the fact that OpenDNS is certainly more seasoned and focused on the problem at hand; we would recommend sticking with OpenDNS.