Everyone using the internet must be using some sort of Domain Name System, or DNS for short.
Without realizing it, users of the web use DNS as a protocol which sets the standards for how computers exchange data on the internet as well as many private networks. Its basic job is to turn user-friendly domain names, such as eyerys.com into an Internet Protocol (IP) which computers understand.
These IP addresses are meant for computers to identify each other on a network.
Whether you are accessing the internet to browse websites, using search engines, to catch up updates on social media networks, sending emails or others, you are using DNS server to look up the domain name you're trying to access.
Without DNS servers, the internet would probably be gone.
While your Internet Service Providers provide you the DNS servers you need to browse the internet, you may want to use third-party DNS services for certain needs. These third-parties usually offer a variety of features that your usual ISP probably doesn't:
Possible Speed Improvements
Third-party DNS servers can actually be faster than your ISP’s DNS servers. While this is not a fact and is not guaranteed, third-party DNS servers like Google Public DNS, OpenDNS or others may be faster for you.
The speed depends heavily on your geographic location, how close you are to the third-party DNS servers, and how slow your ISP’s DNS servers are.
So if you care about speed, you may see an advantage from switching to a third-party DNS server, or you may not. To be sure about this, you can run a DNS benchmarking tool which will make DNS requests to your current DNS servers as well as other DNS servers.
The tools will then test how long each server takes to respond, and here you will see which one is faster.
Possible Reliability Improvements
This is similar to the possible speed improvements explained above.
If your ISP does a poor job in keeping their DNS servers up and running with performance in mind, you may experience a time when websites fail to load or load very slowly. This is because the ISP's DNS servers take a long time to resolve.
If your ISP isn't doing their job properly, switching to third-party DNS services may give you a more reliable experience.
Your ISP may have some methods to filter out contents of the web. However, the chances are your ISP won't give your the ability to change this filtering method.
If you have young children and want to set up web filtering, there are a variety of different ways you can do it. One of the easiest ways to configure web filtering is to change your ISP's DNS servers to third-parties. OpenDNS for example, allows you to configure parental control settings on its OpenDNS website.
This allows your to block certain categories of websites.
What you must know is that the method for parental control using third-party DNS services isn't totally foolproof. Anyone with some computer knowledge can just change their device's DNS server to bypass the filtering. But as for young children, they are less likely to think of doing this.
Some third-party DNS services have a feature which protects users from phishing schemes. This is done by filtering method to block phishing sites to ever show up on browsers.
While modern browsers do have build-in protection enabled, some old operating systems like Windows XP and Internet Explorer browser are prone to phishing attacks than newer operating systems. To negate this, third-party DNS services can provide some additional layers of security to prevent identity theft.
It should be noted that not all third-party DNS services include content-filtering features. Google Public DNS for example, doesn't have phishing protection in a degree like OpenDNS, as it aims to only function as a fast and reliable DNS service without the frills.
Third-party DNS servers compete with others similar, as well as people's existing ISPs.
To make their product appeal to those people, these companies like to embed new features and capabilities not available on ISPs in general. Adding to all of the above, third-party DNS services can add some security features too.
For example, Google Public DNS supports Domain Name System Security Extensions, or DNSSEC, which provides DNS clients (resolvers) the origin authentication of DNS data, authenticated denial of existence, and data integrity.
This is to ensure DNS requests are securely signed and accurate. Your ISP’s DNS servers may or may not yet implement such security features.
Access Blocked Content
Some contents on the web are not available in certain countries for many reasons. Using third-party DNS services, you can access these geoblocked contents.
This is possible because using third-party DNS services, its these services' job to provide and translate the domain names, not anymore the local ISP. What this means, the device using third-party DNS service will make the DNS request by performing some tunneling to make the blocked service available.
These third-party DNS services create request that appears to be somewhere else in the world.
Bypass Web Censorship
Similar to the above, as ISP and countries can block websites.
Local ISPs must obey the local laws. For example in Indonesia, netizens aren't allowed to access some sites that are deemed not worthy by the country's Ministry of Communication and Information Technology.
If they block websites only at the DNS level. For example, if an ISP blocks example.com by redirecting its DNS entry to a different website, changing your DNS server to a third-party DNS service that doesn’t block the website will allow you to access it like normal.
However, websites are often blocked at the IP level.
What this means, using third-party DNS services may not always work. One good example the 'Great Firewall of China' that uses more than several methods to block websites, including DNS blocking.
There are a few steps that take place when a DNS server is asked to open a website. They include:
- Website Request where the browser requests the actual website.
- Ask Resolver to check if cache is available. If it isn't, it goes directly to the next step.
- Ask Root Server which looks at the last section of the request.
- Ask TLD Server to provide the resolver with a list of name servers for that website.
- Ask Authoritative Name Servers to retrieve the required IP information.
- Cache the IP and return it to the browser to deliver the content to the user.
To summarize, choosing a third-party DNS service includes the following main reasons:
To change your default DNS servers to third-party DNS services, you can do this via your router. It's more convenient this way because the settings will apply to every device connected to that router. What this means, PCs running any operating system, game consoles, smartphones, tablets, and other devices connected to that router will be using the same DNS service.
The other way is to change the DNS server on a single device, which will only affect that device.
Another thing that you must know is that, when using third-party DNS servers, you're practically surrendering your DNS traffic for those third-parties to resolve.
Some people may not find this comforting. For example, users in the U.S. may not feel fond in using third-party DNS providers from Russia. Others may distrust Google knowing that the company thrives from gathering user information and sensitive data.
You should know that third-party DNS services may or may not be better than you ISP's DNS servers, and their features may or may not be a 100 percent foolproof or secured, as any products are for that matter.