Does using OpenDNS or Google DNS affect anything about security or gaming speed?
I used to use google DNS and OpenDNS long time ago, didn't notice any improvements. I recently heard a security expert saying that OpenDNS is the best way for malware protection. But found out that this feature isn't free.
I saw a gamer saying that google DNS is faster for regular users and OpenDNS is better for gamers because of lower ping, and all of the bloggers recommend using a DNS service.
My brother noticed that both providers had higher ping on steam than our default DNS provider and he read that DNS won't affect Dota 2 on steam in anyway.
I did my tests, in incognito and flushed DNS after each test, I let speedtest pick the closest DNS. My results are:
- Default DNS
- Google DNS
- OpenDNS
All results are similar if not worse than the default DNS, if anything OpenDNS has the lowest ping but by a small margin, if I were to repeat tests that gap would go away.
Does DNS providers really affect speed or security or gaming? Gaming nowadays is mostly on steam, so does it affect steam?
Solution 1:
DNS has no effect on ping whatsoever. It is nonsense. DNS provides name resolution services and that is it. Nothing more and nothing less.
Your internet connection does not go through the DNS server, nor would routing through it improve your speed as chances are you will be going through several other connections (potentially on the wrong side of the world) before heading back to where you wanted to go. This does not happen normally anyway.
What Google or OpenDNS might provide you is a slightly faster resolution of names to IP address and possibly some level of protection from known malware domain names.
You might get a quicker initial name resolution, especially if your ISP has a small DNS cache and doesn't see requests for that site often, but after the first request both your server and local machine will cache the request meaning that Google or OpenDNS will be slower if there is a large distance between you and their servers. There will be no improvement to ping tests at all except for possibly the initial lookup.
I've said it in a comment above, but your tests are also not fair for the purposes of your testing. Using speedtest is not relevant for testing DNS and the tests you have run are resolving to different servers with different speeds or locations which will unfairly skew your results. If you want to prove that DNS makes no real difference then you need to be selecting the same server each time.
As to why DNS will make no real difference? It is because it is used in the first half-second of your connection to a server (to resolve a name to an address) and maybe if your cache times out then it will use it again. You might save a fragment of a second in getting the IP address of your game or Steam server, but after that the software will always be taking the direct route to the server and the speed will be the same regardless of DNS server used.
Having a fast DNS server can be good if you are browsing websites that are particularly laden with off-site resources such as social media buttons, advertising images and scripts and other resources which all need their locations resolved. This can be particularly annoying to most users as it appears to be the main site being slow when in reality it is the resolution and download of all the "extra" resources that makes the site slow.
Many people may equate this slow resolution of resources as being the sites "ping" being bad, when in all actuality the sites ping is perfectly fine. If the site loads faster with the DNS changed then it is your DNS server that is bad, not the sites speed or ping (latency). These are two very different things.
I've made a quick drawing of what (roughly) happens.
For existing connections and if the name is in your local cache you will see no benefit to changing your DNS. If the names are not in your cache then changing the DNS can make a brief improvement at the start of the connection.
Solution 2:
Well, other people have pointed out the malware, speed and ping points. I'll talk about the fourth and fifth point, which dns actually very clearly helps: Censorship (and bugs in DNS Servers) and Privacy.
In my case, changing your DNS server allows you to circumvent through the DNS blocks (there are currently 113683 blocked websites in Turkey) and connect to some* blocked websites. Most people here uses a DNS on their computers to be able to connect to the popular blocked sites.
About an issue that might affect everyone, there might be issues with the DNS servers, mostly slow speeds, non-%100 uptime and some sites not having proper DNS records (as a bug). As the first two are mostly mentioned by other answers, I'll talk about the last. This is actually very rare and can be caused by many reasons, however this happened to me once and I'll mostly shortly talk about that case. A site was inaccessible using Google DNS but was fine with any other DNS servers, we got the owners to contact google and the site got working on Google DNS again in a few hours. This is simply an example of how your DNS choice can affect you, even when it doesn't have censorship (or you don't care about your privacy).
Also, your DNS queries can be viewed easily if you get MitM'd or, for example, your company or your ISP is tracking you. While other DNS servers' queries will be visible to them too, most people who uses OpenVPN and similar VPN services route DNS queries to go through the VPN to hide the sites they visit. If you were to use the default DNS' IP address (the one of your ISP or country) in the openvpn config, they'd still be able to see which sites you access, even though you are behind a VPN and route your DNS queries through the VPN.
* Some sites, most notably wikileaks.org, is blocked at IP level and some, most notably i.imgur.com, are blocked at DNS level.
Solution 3:
@Mokubai's response is fairly correct but for glossing on some details:
In general, when you want to test performance of a given traffic flow, you want to ensure that you're testing the same thing. Ping is an ICMP-based traffic-type. DNS primarily uses UDP (though, there are scenarios - zone transfers and signed queries/responses - where TCP is used.
Further exacerbating the validity problem of using ICMP as your basis for measuring UDP responses is the fact that ICMP responses are frequently given a lower quality of service (QoS) than TCP and UDP are. This is particularly so for large/busy sites - it makes far more sense for site operators to prioritize the traffic-types that they offer services over while de-prioritizing traffic-types that don't directly support that service. This QoSing will adversely impact not only ping but other diagnostic tools like traceroute.
Not directly relevant to DNS, but still worth being aware of if you're doing long-running, network-oriented tasks (you don't just game for a few minutes, here and there, do you): it's also not uncommon for ISPs to mess with speed-testing system. ISPs know that most speed-testing tools only operate for a few tens of seconds to a few minutes (and that most transfers happen within the span of a few minutes). As such, they will tend to implement traffic-shaping algorithms that will make shorter tests not representative of your speeds. That is, flows that are only a few seconds to a few minutes in length will give full bandwidth for the span of the test. If you go to a testing method that's longer-running - say 10+ minutes to a few hours - you may find that your throughput drops over time because one of the links had down-prioritized your traffic.
At any rate, if you want to benchmark DNS, you want to use a tool like dig
to do so. dig
tests the actual protocols you're interested in and tends to run in a non-caching mode.