DNS Benchmark Conclusions & Recommendations
What the results you have just obtained mean to YOU
The results summary, conclusions, and recommendations from your most recent run of this DNS benchmark are provided below. Please carefully consider the implications of making any changes to your system's current configuration before doing so.
ý Only the built-in default resolvers were benchmarked.
Please consider taking the time to create a custom resolver list.
This is a reminder about the tremendous benefits to be gained from benchmarking the "Top 50" resolvers that are found for you by the Benchmark's custom resolver list builder. When you have time, don't forget to give that a try. The results will astound you! You can find the option to do this on either the application's System Menu (Alt-Spacebar) or on the Add/Remove nameservers dialog on the Nameservers page.
þ System has multiple redundant nameservers configured.
This system is currently configured to use 2 separate nameservers for DNS name resolution. This is in keeping with recommended best practice (of having at least two different nameservers) so that the temporary failure of any single nameserver will not prevent all DNS name resolution.
þ All system nameservers are alive & replying to queries.
All of this system's 2 nameservers are working and replying to queries. This is terrific because if the system's primary nameserver were to become overloaded or unavailable, even briefly, one or more backup nameservers are standing by ready to supply DNS lookup services.
þ System's nameservers are probably optimally ordered.
Windows uses DNS servers in the order they are listed under the network adapter's properties, or when obtained automatically from an ISP, in the order provided by the ISP. Windows will fall back to using the second, third, and other nameservers only when the first listed nameserver fails to respond. So if the first nameserver happened to be very slow, but working, everything would be slowed down. Consequently, the order of nameserver listing should match their order of decreasing performance . . . which is probably how this system is currently configured:
Usage Order Nameserver IP Speed Rank
----------- --------------- ----------
1 194.168. 4.100 1
2 194.168. 8.100 2
Why only "probably" ?
Only "probably" because there wasn't enough of a statistically significant difference between their timings to be able to make any claims with at least 95% confidence. Here are the details:
When this benchmark is allowed to finish, it will have collected approximately one hundred and fifty (150) DNS performance samples from each nameserver being tested. Although this is sufficient to generate a good average performance estimate, if the collection of sampled values are too widely spread apart (in other words, not a lot of agreement among samples), it is impossible to know with "statistical certainty" (to be 95% sure) how individual nameservers compare to each other.
Therefore, even if the ranking shown above appears to be out of order, the differences are not statistically significant, and you should not be concerned. If you were to re-run the benchmark you might get a different outcome. This benchmark conclusion page will inform you when a problem exists that is statistically significant, and will then advise you that your DNS nameserver settings should be changed. But that is not the case with the benchmark results that were just obtained.
ý System nameservers are SLOWER than 4 public alternatives!
This benchmark found 4 publicly available DNS nameservers that are reliably faster than the slowest nameserver currently being used by this system. If you were to adjust your system's configuration to use the faster of these nameservers instead of what it is currently using, your DNS lookup performance, and all use of the Internet, would be improved.
With at least 95% certainty: Based upon a statistical analysis of the spread in timing value samples received during the benchmark, there is at least a 95% certainty that the performance conclusions stated above are correct. But even so, since changing DNS nameservers requires thought and effort, it's something you want to be sure about. Therefore, since these results represent a single snapshot in time, you may wish to confirm that the faster alternative nameservers are consistently faster than your system's currently configured nameservers, and that those public alternatives don't have any negative characteristics such as being colored orange to signify that they redirect mistaken URLs to an advertising-laden search page rather than returning an error (which will be a concern to some users).
You may also wish to check the relative performance at different times of day to make sure that the performance improvement over your system's current nameservers is reliable throughout the day.
And you may wish to make sure that the alternative nameservers are enough faster than what you are currently using for the improvement to be worth changing away from what you're currently using. (This test is only saying that it's 95% sure they are any amount faster.)
þ This system's nameservers are 100% reliable.
DNS reliability is extremely important, since lookup requests that are dropped and ignored by nameservers cause significant delays in Internet access while the querying system waits for a reply. The system is then finally forced to reissue the query to the same or to backup nameservers. While your system is patiently waiting for a reply, you are impatiently waiting to get on with your Internet access.
During this benchmark test, all of the system's nameservers tested returned a reply for every request sent. It doesn't get any better than that. Very nice.
ý This system's nameservers intercept name errors.
One or more of this system's nameservers intercepts errors and redirects web browsers to a custom page in response to an invalid DNS lookup request. (This is shown with an orange coloring of the nameserver IP address and descriptive text on the benchmark's "Nameserver" page.) This behavior is typically used as a marketing maneuver to redirect mistaken web browser URL entries to the DNS provider's own advertising-laden marketing-related pages. The major ISPs Earthlink, Roadrunner and Comcast are known to be doing this. While this may be regarded as a useful service by some users, others object to the idea of not receiving an error in response to an erroneous request. Some free DNS server providers, such as OpenDNS, allow this behavior to be customized so that erroneous queries can be configured to return an error. Many responsible ISPs are also offering "opt-out" options to prevent advertising interceptions.
If you feel that this marketing-driven behavior is unacceptable from a DNS nameserver, you may be able to configure the service to return errors. Otherwise, you are free to switch to any alternative high performance and high reliability nameservers that are properly returning errors in response to erroneous queries.
If you choose to configure the existing nameserver(s) to return errors, you can use this benchmark utility, at any time, to easily verify that the DNS behavior is what you expect and desire.
þ System nameservers are replying to all query types.
During the development of this DNS Benchmark we discovered that the routers used by some pre-release testers were not returning results for the benchmark's Uncached and/or Dotcom testing queries. Even though these queries are admittedly unusual, they are completely valid. So the only conclusion was that those few routers were inherently defective. The good news here is that your nameservers are replying to these unusual but valid queries.
REMEMBER TO CHECK SPOOFABILITY !!
Whether you make any changes to your nameservers or not, but
especially if you do, be sure to verify the security of your final DNS
resolver set by using GRC's free "DNS Spoofability" testing service!
If you require assistance . . .
If you require assistance with the implementation any of the suggested changes to your system's DNS configuration, several sources of help are available:
For help with the operation and use of this DNS Benchmark program, please reference the extensive DNS Benchmark pages at the GRC website:
For help with any of the specific conclusions or recommendations above, please see the DNS Benchmark FAQ (Frequently Asked Questions) page:
Knowledge of the DNS domain name system is widespread among those in public technical Internet forums. You will very likely be able to obtain answers to any specific questions you may have by asking knowledgeable inhabitants of online communities.
GRC maintains and operates a comprehensive online "newsgroup" community and has a specific newsgroup - grc.dns - dedicated to the discussion of DNS issues including this DNS benchmark program (where it was developed) and GRC's online DNS Spoofability testing service. Please see the following web page for help with joining and participating in GRC's terrific newsgroups:
GRC's technical support services are limited to the support of licensees of our commercial software products and do not extend to the support of our freely available software or online services. Please do not write to us (GRC / Gibson Research Corporation) for assistance in connection with this freeware utility.
You will find that ample help is freely available
within the Internet community. Thank you!
- Steve Gibson
Please Note: This program is Copyright © 2010 by Gibson Research Corporation -- ALL RIGHTS RESERVED. This program is FREEWARE. Although it may not be altered in any way, it MAY BE FREELY COPIED AND DISTRIBUTED onto and through any and all computer media in ANY form or fashion. You are hereby granted the right to do so.
• • •