Menu
homeMicrosoft

Enabling and configuring the DNS server. What is a DNS server and how to choose the most suitable type of DNS server

DNS Internet filter is an Internet service that allows you to filter unwanted servers on the Internet by their domain names. For example, the site www.virus.org spreads a virus to the computers of users who access it. If such a user has a DNS-based Internet filter connected, then instead of the infected site the user will see a message about blocking the dangerous site. The same thing will happen with a fake site that tries to steal your social media passwords or credit card numbers.

Another area of ​​application for such filters is child safety on the Internet. Such services allow you to block not only sites with pornography and violence, but also sites containing any links to them. As a bonus, some internet filters can also block annoying online advertisements.

A significant advantage is that there is no need to install any software on the protected computer. All that needs to be done is to enter the required DNS server address in the computer’s network connection settings, which will act as a filter.

How does a DNS filter work?

Very simplified it looks like this:

  1. The user enters the website address in the browser bar.
  2. The computer converts the symbolic address of the site into an IP address using the DNS service. Thus, a request with the site address is sent to the filter server.
  3. If the site’s address on the DNS server is not on the black list, then the user’s computer is given the IP address of the server serving the site and the user receives the site’s contents in the browser window.
  4. If the site’s address is on the DNS server’s blacklist, then the user is given the IP address of a special web server, which displays a message in the user’s browser window about the site being blocked.

As you can see, everything is simple and generally quite effective. The scope of these services is not limited to home PCs. If you are an enterprise network administrator, then these services will provide additional protection for your network; simply configure the resolution of Internet addresses of your network through a DNS filter. You can also use filtering on mobile devices such as smartphones or tablets.

Public DNS filters

Today there are many similar services and most of them offer filtering capabilities for free. Many antivirus companies have their own private and public DNS filters. Next, I will list the most famous public services that have already been tested by time and people.

  1. Google public DNS server. This server was essentially created not for filtering, but to speed up the Internet due to very fast resolving, but in addition, public DNS from Google also filters phishing and malicious servers. In addition, this server can work over IPv6
    Google DNS addresses:
    IPv4 8.8.8.8, 8.8.4.4
    IPv6 2001:4860:4860::8888, 2001:4860:4860::8844
  2. OpenDNS— perhaps the oldest DNS filter. There are paid and free options. It can correct incorrectly typed website addresses, and also displays a page with search and advertising if the address could not be corrected automatically. Has profiles for Parental Control available for free after registration. Without registration, fast resolution and filtering of malicious servers is declared.
    OpenDNS DNS addresses:
    208.67.222.222
    208.67.220.220
    https://www.opendns.com/
  3. SkyDNS— one of the first domestic services. There are paid and free plans. It is possible to manually compile black and white lists, block sites by category, block ads, and statistics. The free plan has limited options for manual blocking, statistics only for the month, etc. Without registration, the service filters only phishing and malicious sites. There are parental control capabilities by filtering dangerous sites and replacing search engines with safe search from SkyDNS. Account management on the website or through an application installed on a computer running Windows.
    SkyDNS DNS Address:
    193.58.251.251
    http://www.skydns.ru
  4. Yandex.DNS. Public DNS filter from the domestic search giant. No registration required. Involves 3 usage scenarios 1) Fast and reliable resolution 2) Resolving + filtering of dangerous servers 3) Resolving + filtering of dangerous servers + role control. Search engine data is used to compile blacklists. The server supports IPv6.
    Yandex DNS server addresses:
    Basic IPv4 77.88.8.8, 77.88.8.1, IPv6 2a02:6b8::feed:0ff, 2a02:6b8:0:1::feed:0ff
    Secure IPv4 77.88.8.88, 77.88.8.2, IPv6 2a02:6b8::feed:bad, 2a02:6b8:0:1::feed:bad
    Family IPv4 77.88.8.7, 77.88.8.3, IPv6 2a02:6b8::feed:a11, 2a02:6b8:0:1::feed:a11
    http://dns.yandex.ru/advanced/
  5. Norton ConnectSafe. Secure DNS servers from Symantec. As in the case of Yadnex, it does not require registration for personal use. It has a similar structure of servers in 3 categories: 1) Safe 2) Safe and porn 3) Safe, Porn and other things undesirable for children.
    Norton DNS addresses:
    Secure: 199.85.126.10, 199.85.127.10
    Safe+Porn: 199.85.126.20, 199.85.127.20
    Parental Control: 199.85.126.30, 199.85.127.30
    https://dns.norton.com/

This list is, of course, not complete, but these are, in my opinion, the most interesting and popular servers that should be used as the first line of filtering and defense of a home computer network or enterprise network. It is important to understand that the use of these services in no way excludes the need to use modern and up-to-date antivirus tools, such as Kaspersky Anti-Virus, for example;).

Which DNS filter to choose?

You may be wondering which of these services to choose. From personal experience I can recommend the following selection algorithm:

  • By speed: SkyDNS, Google, Yandex
  • By functionality SkyDNS, OpenDNS
  • Security Security Yandex, Norton, Google

To test the performance of the DNS servers described above, I used the DNS Benchmark utility, the results are sorted by response time.

As you can see from my network, SkyDNS turned out to be the fastest, followed by Google, then Yandex servers (With full filters for parental controls). The situation on your network or at other times of the day may be different. It's best to test each service yourself! Each service has its own algorithms for constructing blacklists, so there is a possibility of false blocking of trusted sites. In my opinion, Yandex servers look like a good middle ground.

Write in the comments what you think about this! I will be glad to have links to other similar services and authoritative (supported by arguments) critical statements on the topic.

In this article you will learn everything about the best DNS servers. We have compiled a list where you can find out all the information you need.

Your ISP automatically assigns DNS servers when your router or computer connects to the Internet via DHCP. But you shouldn't use them.

Below are free DNS servers that you can use instead of the assigned ones, the best and most reliable ones, such as those from Google and OpenDNS, can be found below:

Advice. Primary DNS servers are sometimes called preferred DNS servers, and secondary DNS servers are sometimes called alternate DNS servers. The primary and secondary DNS servers can be "mixed and matched" to provide another level of redundancy.

In general, DNS servers are called by all sorts of names such as DNS servers, Internet DNS servers, Internet servers, DNS DNS addresses, etc.

Why use different DNS servers?

One of the reasons why you may would need change the DNS servers assigned by your ISP - this is a suspicion that there is a problem with the ones you are using now. A simple way to test for a DNS server problem is to enter the website's IP address in your browser. If you can navigate to a website with an IP address but not that name, then the DNS server is likely having problems.

Another reason to change DNS servers is if you are looking for more effective service. Many people complain that their ISP-maintained DNS servers are sluggish and contribute to slower overall browsing.

Another increasingly common reason for using third party DNS servers is to prevent your web activity from being logged and to bypass blocking of certain websites.

Be aware, however, that not all DNS servers avoid logging traffic. If this is what you need, make sure you read all the details about the server so you know if it's the one you want to use.

Main functions

Finally, in case of any confusion, free DNS servers do not give you free internet access! You still need an ISP to connect to it for access - DNS servers simply translate IP addresses and domain names.

Verizon DNS servers and other ISP-defined DNS servers. The best DNS servers are presented in the form of a list, which you can find below.

If, on the other hand, you want to use DNS servers that are defined by your specific ISP, such as Verizon, AT&T, Comcast/XFINITY, etc., then do not manually set DNS server addresses manually. They are automatically assigned.


Verizon DNS servers are often listed elsewhere as 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4 and/or 4.2.2.5, but they are actually alternatives to the Layer 3 DNS server addresses shown in the table above . Verizon, like most ISPs, prefers to balance DNS server traffic through local automatic assignments. For example, Verizon's primary DNS server in Atlanta, Georgia is 68.238.120.12, and in Chicago it is 68.238.0.12.

Many of the DNS providers listed above have different levels of service (OpenDNS, Norton ConnectSafe, etc.), IPv6 DNS servers (Google, DNS.WATCH, etc.) and location-based servers (OpenNIC).

conclusions

While you don't need to know anything other than what I've included in the table above, this bonus information may be useful for some of you depending on your needs:

  1. The free DNS servers listed above as Level3 will automatically route to the nearest DNS server operated by Level3 Communications, the company that provides most US ISPs with access to the Internet backbone. Alternatives are 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5 and 4.2.2.6. These servers are often listed as Verizon's DNS servers, but that's technically not the case. See discussion above.
  2. Verisign says this regarding its free DNS servers: "We will not sell your public DNS data to third parties or redirect your queries to serve you any advertisements." Verisign also offers public IPv6 DNS servers: 2620:74:1b::1:1 and 2620:74:1c::2:2.
  3. Google also offers public IPv6 DNS servers: 2001:4860:4860::8888 and 2001:4860:4860::8844.
  4. DNS.WATCH also has IPv6 DNS servers at 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b. In an unusual but highly appreciated move, DNS.WATCH publishes real-time statistics for both of its free DNS servers. Both servers are located in Germany, which may impact performance if used in the US or other remote locations.
  5. OpenDNS also offers DNS servers that block adult content, called OpenDNS FamilyShield. These DNS servers are 208.67.222.123 and 208.67.220.123. There is also a premium DNS offering called OpenDNS Home VIP.
  6. The free Norton ConnectSafe DNS servers listed above block sites that host malware, phishing and fraud schemes, called Policy 1. Use Policy 2 (199.85.126.20 and 199.85.127.20) to block these sites, as well as pornographic sites. content. Use policy 3 (199.85.126.30 and 199.85.127.30) to block all previously mentioned site categories, as well as those that Norton deems "non-family." Be sure to check out the list of things blocked in Policy 3 - there are some controversial topics here that you may find perfectly acceptable.
  7. GreenTeamDNS "blocks tens of thousands of dangerous sites, which include malware, botnets, adult content, aggressive/violent sites, and advertisements and drug-related sites" according to their FAQ page. Premium accounts have more control.
  8. Register SafeDNS here to filter content in multiple areas.
  9. The DNS servers listed here for OpenNIC are just two of many in the US and around the world. Instead of using the OpenNIC DNS servers listed above, see their full list of public DNS servers here and use the two that are near you, or better yet, have them tell you so automatically here. OpenNIC also offers some public IPv6 DNS servers.
  10. FreeDNS says they "never log DNS queries." Their free DNS servers are located in Austria.
  11. Alternative DNS says its DNS servers "block unwanted advertisements" and that they operate "no query logging." You can register for free on your registration page.
  12. The basic free Yandex DNS servers listed above are also available in IPv6 on channels 2a02:6b8::feed:0ff and 2a02:6b8:0:1::feed:0ff. There are two more free DNS levels available. The first is Safe, 77.88.8.88 and 77.88.8.2 or 2a02:6b8::feed:bad and 2a02:6b8:0:1::feed:bad, which blocks "infected sites, fraudulent sites and bots." The second category is Family, at 77.88.8.7 and 77.88.8.3 or 2a02:6b8::feed:a11 and 2a02:6b8:0:1::feed:a11, which blocks everything Safe does, plus “adult and adults advertising."
  13. UncensoredDNS (formerly censurfridns.dk) DNS servers are uncensored and privately run. The address 91.239.100.100 is anycast from multiple locations, while 89.233.43.71 is one physically located in Copenhagen, Denmark. You can read more about them here. IPv6 versions of its two DNS servers are also available at 2001:67c:28a4:: and 2a01:3a0:53:53::, respectively.
  14. Hurricane Electric also has a public IPv6 DNS server available: 2001:470:20::2.
  15. puntCAT is physically located near Barcelona, ​​Spain. The free IPv6 DNS server version is 2a00:1508:0:4::9.

Perhaps you have questions on the topic “Best DNS servers 2017”? Be sure to write them in the comments on our website.

As a rule, the time that the system spends connecting to the DNS server when visiting web resources is small. Most often, those servers that the provider uses by default work stably and quickly. However, there are situations when standard DNS is not fast enough. In this case, you can try changing the server.

Google Public DNS

According to the developers themselves, this DNS can significantly speed up the loading of web pages. In order to use this server, in the connection settings you need to specify addresses 8.8.8.8 and 8.8.4.4 for the primary and secondary DNS, respectively.

If you are interested in servers or data storage systems, then Server City offers you to buy DELL, IBM servers, as well as data storage systems at a competitive price. Here on the website server-city.ru you can read in more detail about all the services that the company offers.

Following Google's example, Yandex developed its own alternative DNS server. In addition, the developers have added family control capabilities in case there is a need to block potentially dangerous resources. To use DNS without filtering functions, you must enter the address 77.88.8.8 in the connection settings. If you enter the address 77.88.8.88, you can use the filtering functions for dangerous resources. If you enter the address 77.88.8.7, you will activate filtering of dangerous sites and porn resources.

This service is quite popular on the Internet and for good reason. OpenDNS allows you to use modern methods of Internet security, is fast and has many nice features, for example, the function of correcting typos in typed addresses.

The service has paid and free modes.

Free mode with standard settings is available at the following addresses:

  • 208.67.222.222
  • 208.67.220.220

SkyDNS

This service is a leader on the Russian-language Internet in the field of security and filtering of unwanted content. As the developer himself assures, the service is used by tens of thousands of users, large companies, Internet providers, etc. Paid and free modes are available.

Connecting to the free mode is available after completing the registration procedure, which does not take much time. To use SkyDNS, you will be asked to download a small SkyDNS Agent application, or provide your IP. However, you can use the service without installing the application.

To do this, you will need to specify the DNS address 193.58.251.251.

In addition, to find a suitable DNS, you can use the appropriate software, of which there is a lot on the Internet.

A DNS server, or, as it is also called, a name server, is a set of servers and software that respond to DNS queries in accordance with an established protocol. If we speak in a language understandable to the common man, he is responsible for converting a domain name that is understandable to the user into an IP address that is understandable to the machine. A clear example of such a transformation looks like this:
Yandex.ru → 5.255.255.55

In the example, “Yandex.ru” is the second-level domain name that the user enters in the search bar. A request with this name is sent to the DNS server, which converts it to the IP address “5.255.255.55”, where the requested page is located. If for some reason the DNS server is unavailable, the download will not be able to occur, since the domain name will remain a set of characters.

A lot depends on choosing the right DNS server location:

  • Resistance to DDoS attacks.
  • Availability at any time.
  • Extended functionality available. (additional records management)

Before choosing a DNS server, you need to carefully study the features of each type of name server and select the most suitable one according to the parameters.

By ordering a dedicated server service in St. Petersburg, you can be sure of the reliability of DNS hosting and 100% efficiency of protection against DDoS attacks.

Which DNS servers are better?

There are several options for placing DNS servers:

  • Own DNS server.
  • DNS servers provided by hosting providers.
  • Paid DNS hosting.
  • Free DNS hosting.

A CDN server can also operate in DNS mode; what it is and how it works is worth considering in more detail. Content Delivery Network (CDN) literally translates as “content delivery network” and, in fact, that’s what it is. A CDN consists of many servers physically located in different parts of the world and equipped with special software. The purpose of this network is to deliver the content requested by the user as quickly as possible.

By setting up a CDN proxy in DNS server mode, you can get a significant increase in the speed of the resource thanks to data caching over a distributed network of servers (information will be transmitted to the client from the server closest to it). In addition, the CDN can filter requests to protect the resource from DDoS attacks.

There are also significant disadvantages to using a CDN proxy. For domains located in a CDN, the IP address is assigned randomly, so you cannot access the site directly through the IP address. Another significant disadvantage of using a CDN on the territory of the Russian Federation is the danger of dedicated IPs getting blacklisted by Roskomnadzor. Since IP addresses are assigned randomly, there is a chance that one of the addresses blocked by Roskomnadzo will come across.

Each type of hosting has its pros and cons, which you need to know in order to understand which DNS servers are better.

Own DNS server

This option for hosting a DNS server is suitable for owners of their own server space and owners of virtual servers.

Most often, special DNS server software (for example, BIND or PowerDNS) is installed on the same server where the site is located and does not require additional financial costs.

The undeniable advantage of this DNS server location option is its independence from third-party resources. Very often, when the hosting on which the site is located is working stably, instead of accessing it, users receive the error “DNS service is not responding.” It can occur for several reasons, and the problem can be on both the server side and the client side. Owners of their own DNS servers can promptly detect and correct errors that occur, maintaining the continuous operation of the site. This requires constant monitoring of the server status.

Since the installation of server software and its administration falls entirely on the shoulders of the resource owner, difficulties may arise in setting up DNS. On the other hand, with sufficient qualifications, you can use your own scripts, which significantly expands the range of server capabilities. You can find many example configurations and tutorials on how to create them online.

However, it is not recommended to install DNS on the same server where the site is located. For high fault tolerance, a DNS system must consist of, at a minimum, distributed servers. Otherwise, if your server is unavailable, the site may stop working while the DNS cache is updated (from 1 to 72 hours). That is, even a short-term server reboot can lead to your site being unavailable for a long time.

DNS servers provided by hosting providers

Often, providers provide free name servers (primary or secondary) when purchasing server space. Thus, the minimum services required to host a working resource on the server are provided. Using free DNS hosting, the client has minimal access to its settings. Most often, such servers perform only basic functions (converting domain names to IP) without the ability to use additional functionality (API, IPv6, DynDNS or Geo Routing).

Hosting providers often have a free DNS server shared by all clients. Therefore, in the event of a DDoS attack on one of their clients, problems arise for all. On the other hand, hosting providers try to prevent such situations from occurring by protecting their DNS servers from DDoS.

There is no need to constantly monitor the state of the DNS server when choosing this option for its placement - this is constantly monitored by the hosting provider. Many people are interested in the answer to the question of how to find out the IP address of the provider’s DNS server. The easiest way is to contact the provider's support service. They will not only expertly answer all your questions, but will also help you deploy and configure your own name server.

RigWEB company provides all clients using hosting services, VPS rental or dedicated servers with DDoS-protected DNS hosting for an unlimited number of websites. You get full DNS management functionality, creating the necessary records, etc.

Paid DNS hosting

First you need to decide what DNS hosting is and why it is needed. To increase the stability of the resource, it is recommended to use at least two NS servers located on different networks. Otherwise, the following situation may arise: in the event of a temporary unavailability of the service, users accessing the site will “cache” for some time (about 10-15) a negative response from the name server (the DNS service does not respond). And even if the server is restored, the user will not be able to instantly access it without first clearing the cache. This is unacceptable for resources where real-time operation is important.

Organizations providing paid DNS hosting services place their servers on different networks, and often even in different countries. This ensures high fault tolerance of the system and reduces its response time to user requests. If one of the servers is unavailable for one reason or another, information is taken from the nearest available one.

The paid DNS hosting service is an excellent option for those who need a full-fledged API, a guarantee of system fault tolerance and the ability to use additional functionality.

Free DNS hosting

There are a number of resources that provide DNS server addresses for free. Among them are Yandex, Google and other search engines, as well as specialized services. There are several advantages to using such services:

  • They are free.
  • You can choose the option that best suits the range of services provided.
  • There is no need to monitor server availability yourself.

Free DNS servers are usually subject to a number of restrictions. Among them is a limitation on the number of available domain names, or a limited number of requests served by the server. In addition, many free DNS servers do not serve commercial projects and, in their terms of use, do not assume responsibility for interruptions in operation.

What to do if the DNS service is not responding

For those who use free DNS servers for a domain, it is advisable to have several options for such servers, since it is almost impossible to influence their performance. It is necessary to leave a request to the support service, but until the functionality of the main DNS server is restored, you should switch to using one of the backup servers. Thus, the time of resource unavailability is reduced to a minimum.

If a resource is unavailable when using your own servers, you will have to figure out what it is - the DNS server is not responding or there is a problem with hosting availability. If the DNS service fails, restarting the software may help.

Much depends on the correct choice and configuration of the DNS server - fault tolerance, stability, protection from DDoS attacks. In case of any difficulties or questions, contact RigWEB specialists, and your clients will never receive a message that there is no DNS server or the DNS service is not responding.