Your customers likely have little to no idea what goes on behind the scenes to make the internet a pleasant place for the non-geek. One of these important supporting factors is the technology behind DNS (Domain Name System) which acts as the invisible address book for any and every website they choose to visit. To the normal user, it’s Microsoft.com; but we all know that in reality, 22.214.171.124 is where they’re truly going.
Not to get too technical, but it’s important to understand the workings of DNS if you are going to recommend services such as OpenDNS to customers (which I’ll get to in a little bit.) The Domain Name System is indeed a clever invention, because it affords for easy navigation of the web by end users and works globally between domain authorities of all walks. If you want to place the concept of DNS in a nutshell, think of it as the webbing that ties IP namespace (xxx.xxx.xxx.xxx) to easily recognizable domain name addresses (xxx.com). Without it, we would have to do all of our own legwork to get to any publicly available website on the internet.
The problem with how DNS is configured for most users is that it’s usually set up by the respective ISP for a customer’s home or office. While this used to be a non-issue back in the days of dial up and the budding of broadband, now DNS can truly have a negative impact on web browsing. In general, these problems stem from one or a combination of two issues:
Geographic location of DNS servers: This is becoming less of a problem on today’s mega-sized web backbones, but still poses a relative conundrum especially when end users are making DNS requests over slower speed links. Not all DNS servers are in prime locations; this is a bigger issue for customers who are in rural areas being served by smaller regional ISPs.
Over-burdened DNS servers: Again, this is more likely to happen with DNS servers hosted by smaller ISPs or similar DNS authorities, but I’ve seen it with Comcast and ATT systems too. If an end user’s router or home PC is pointing to DNS servers that can’t handle their request load effectively, overall response performance suffers and this equates directly to what we know as “slow internet.”
If you think all DNS servers are equal, run some of your own tests. The networking & security guru Steve Gibson has a wonderful free tool available called Domain Name Server Benchmark. It is preloaded with a number of popular DNS servers in use today, but you can fully customize it to include servers from OpenDNS, Google DNS, and any other provider you may wish. If you’re purely looking for the fastest possible response on DNS queries, DNS Benchmark is truly your best bet.
Changing DNS server settings is fairly easy for any computer repair technician that has ever touched the IP settings in Windows (or MAC). But keep in mind that how you adjust DNS for a customer will impact everyone who uses a particular machine or set of systems that share connection from a common router. There are benefits to making DNS changes on the router level because:
- Everyone will not have to adjust their systems; only the common router will need the adjustment.
- It will speed up (and clean up) web browsing for all users on a given connection.
- You can even offer further browsing redundancy by choosing primary and secondary DNS servers that span different providers (say, Google DNS and OpenDNS, which I recommend doing.)
Changing DNS settings on a customer’s router is my preferred method because of all of the above, but namely, time savings in configuration. If any guests come to the home or office and use the internet connection, they too will be given the benefits of utilizing custom DNS settings. Every router handles DNS settings configuration differently; I highly suggest you visit the support section on your router manufacturer’s website before making any mistakes.
Some techs may claim that ISP-provided DNS settings work just fine, and I won’t necessarily disagree. Everyone’s needs from DNS and relative performance on a given pair of DNS servers will be wildly different. Much of this stems from what I mentioned above regarding location, burden, and other factors. But it’s what you don’t know about alternative DNS solutions (especially my favorite OpenDNS) that will get you interested.
While Google DNS merely exists to provide a speedy alternative to what ISPs offer, OpenDNS takes this concept one step further. The company employs specialized technology that actually spans DNS requests to datacenters that are closest to your location geographically without any intervention. In addition, because they handle so many requests from different parts of the world, they have arguably the most up-to-date single repository for where everything is on the web. This significantly reduces the need for them to “ask” other DNS servers where a website or file may be located.
Another key benefit is how they provide malware blocking at the network level by literally sifting out known-infected websites and files before you can even get to them. This is beneficial because, by default, ISP provided DNS servers never filter out the responses they provide. Even if you mistakenly type in the address of a completely known and virulent malware site, chances are your ISP will take you there – without hesitation.
One of the biggest contributors to the spread of malware today is the fact that end users who truly can’t recognize bad links or search results are visiting pages on the web where they’d likely prefer not to be. OpenDNS takes the guesswork out of the process because it maintains a centralized blacklist of these sites that is in effect for all users of the service (free and paid.) For customers of mine that have bad histories with such links, OpenDNS is always a recommendation behind solid anti-malware software like NOD32.
For those that need it, OpenDNS even offers paid levels of their service for home and business customers. Home users can benefit from the parental control functionality via custom block lists and category-powered filtering of their home internet connection. I’ve recommended the service to numerous residential clients in lieu of something like NetNanny (which is installed per-PC; needs updates delivered; etc.) There’s no client software to install, no signature updates to worry about, and it affects EVERY device that wants to use internet in a home – which means any young visitors won’t be able to bypass filters merely by bringing their own computers.
The business level subscription to OpenDNS goes even further by providing advanced logs, web access control for workers, strict malware and botnet prevention options, and website blocking. One of the greatest reasons that OpenDNS is truly a remarkable product is because you can gain access to the speed and malware prevention benefits without paying a single cent – merely by configuring your router to point to OpenDNS.
If you want to switch to OpenDNS on your own router or on a customer’s setup, here are the two DNS servers that they publish (follow their instructions page for generic guidance; consult your router’s documentation for in-depth steps):
- PRIMARY: 126.96.36.199
- SECONDARY: 188.8.131.52
I tend to take a balanced approach in my own setup for customers which uses a hybrid combination of OpenDNS as the primary server, and Google DNS as the secondary server. You don’t have to do this, but I feel that if for some reason OpenDNS has outages across both of their systems, at least your router can then tunnel DNS requests to a complete third party. For redundancy, this is a great approach. My preferred router configuration happens to look like this:
- PRIMARY (OpenDNS): 184.108.40.206 or 220.127.116.11
- SECONDARY (Google DNS): 18.104.22.168 or 22.214.171.124
How you configure your router is up to you, but give the above combination a try to see if your website browsing speed is improved. You will also gain the transparent malware blocking and phishing protection that OpenDNS advertises. My own experiences have found that OpenDNS alone will not block all malware – but it does cut down on “easy entry” for about 70% of mistaken search result clicks by mistaken customers. Any extra bit helps, and I think OpenDNS has a great product for the price tag of free.
What do you think of OpenDNS? Do you prefer some other DNS service other than OpenDNS or Google DNS? Let us know in the comments section!